{"report_id":"3a2251ab-f601-4603-8943-9822c386e611","version":6,"status":"done","tags":[],"date":"2025-10-05T21:11:32Z","url":{"schema":"http","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"172.67.128.146","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"title":"XxxTikTok App v1.9.2 - Download 2025 Android APK, Safe, Free"},"submit":{"url":{"schema":"http","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"172.67.128.146","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-09T21:11:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":39}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"roagrofoogrobo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"ip423869593.ahcdn.com","ip":{"addr":"45.143.250.61","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"2009-02-25","domain_rank":4397718,"first_seen":"2025-09-26T23:37:01.773168Z","last_seen":"2025-09-26T23:37:01.773168Z","alert_count":0,"request_count":1,"received_data":238244,"sent_data":637,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tzegilo.com","ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-01-14","domain_rank":18163,"first_seen":"2022-01-14T15:27:15Z","last_seen":"2025-09-29T16:35:58.006726Z","alert_count":0,"request_count":1,"received_data":18663,"sent_data":405,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wabsyederly.com","ip":{"addr":"172.255.103.117","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":152020,"sent_data":2886,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"video.cleansasve.com","ip":{"addr":"104.21.84.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-01","domain_rank":0,"first_seen":"2025-08-25T11:43:35.319129Z","last_seen":"2025-10-02T06:26:17.224039Z","alert_count":5,"request_count":1,"received_data":929,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"eehassoosostoa.com","ip":{"addr":"172.67.163.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":161412,"first_seen":"2025-01-06T21:58:07.13779Z","last_seen":"2025-10-03T14:05:47.478715Z","alert_count":0,"request_count":1,"received_data":169051,"sent_data":413,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"grookilteepsou.net","ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-01-08","domain_rank":157025,"first_seen":"2025-01-08T12:04:22.02802Z","last_seen":"2025-09-29T21:12:22.467209Z","alert_count":39,"request_count":13,"received_data":105909,"sent_data":6436,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"subportgommier.top","ip":{"addr":"23.83.67.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-05-19","domain_rank":0,"first_seen":"2025-09-29T16:52:59.669223Z","last_seen":"2025-09-29T16:52:59.669224Z","alert_count":8,"request_count":2,"received_data":2760,"sent_data":2987,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"protectioncleave.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-29","domain_rank":0,"first_seen":"2025-09-14T15:29:08.007115Z","last_seen":"2025-09-30T08:44:10.427188Z","alert_count":0,"request_count":1,"received_data":100480,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-09-28T22:13:48.149535Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"glempirteechacm.com","ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160043,"first_seen":"2025-01-14T20:14:16Z","last_seen":"2025-10-03T08:09:25.003927Z","alert_count":0,"request_count":1,"received_data":169057,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"zoojoujoaseeh.com","ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":382672,"first_seen":"2025-03-21T06:40:37.606647Z","last_seen":"2025-09-29T18:57:51.513642Z","alert_count":20,"request_count":5,"received_data":10266,"sent_data":4496,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.125.168.103","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-09-28T22:30:31.748184Z","alert_count":0,"request_count":1,"received_data":419,"sent_data":443,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.silent-basis.pro","ip":{"addr":"185.185.15.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-04-14","domain_rank":569796,"first_seen":"2025-06-03T05:08:00.334842Z","last_seen":"2025-10-01T08:16:37.736493Z","alert_count":0,"request_count":1,"received_data":238086,"sent_data":521,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.plump-message.pro","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-03T08:37:30.397327Z","last_seen":"2025-10-03T08:37:30.397327Z","alert_count":0,"request_count":2,"received_data":208220,"sent_data":904,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-09-29T00:18:56.050225Z","alert_count":0,"request_count":1,"received_data":833,"sent_data":467,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-28T22:11:39.889585Z","alert_count":0,"request_count":2,"received_data":55222,"sent_data":862,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"site-assets.fontawesome.com","ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":380600,"first_seen":"2022-02-10T06:20:21Z","last_seen":"2025-09-29T20:37:27.79187Z","alert_count":0,"request_count":3,"received_data":836458,"sent_data":1596,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"amusingbase.com","ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-02-03","domain_rank":3049473,"first_seen":"2023-02-03T03:56:17Z","last_seen":"2025-09-13T16:36:30.600635Z","alert_count":0,"request_count":6,"received_data":748669,"sent_data":4524,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fpyf8.com","ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-04-06","domain_rank":164621,"first_seen":"2025-05-24T02:52:35.174797Z","last_seen":"2025-10-04T13:56:25.477854Z","alert_count":0,"request_count":1,"received_data":116384,"sent_data":406,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fleraprt.com","ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-01-14","domain_rank":17838,"first_seen":"2022-01-14T22:55:14Z","last_seen":"2025-09-29T16:35:57.965713Z","alert_count":0,"request_count":2,"received_data":898,"sent_data":1151,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"roagrofoogrobo.com","ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160562,"first_seen":"2025-01-06T06:51:52.849842Z","last_seen":"2025-09-29T20:37:28.056096Z","alert_count":1,"request_count":1,"received_data":165594,"sent_data":413,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-10-01T04:53:40.312929Z","alert_count":3,"request_count":1,"received_data":85963,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pxl-eu.tsyndicate.com","ip":{"addr":"88.99.138.221","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2017-03-08","domain_rank":61788,"first_seen":"2025-07-17T15:56:50.105461Z","last_seen":"2025-09-29T04:55:54.14984Z","alert_count":0,"request_count":1,"received_data":141,"sent_data":727,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-10-01T00:47:42.887723Z","alert_count":2,"request_count":1,"received_data":530,"sent_data":762,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xxxtik.app","ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-11-13","domain_rank":803220,"first_seen":"2025-10-05T21:11:34.293603Z","last_seen":"2025-10-05T21:11:34.293604Z","alert_count":0,"request_count":42,"received_data":1359502,"sent_data":34512,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"vaimucuvikuwu.net","ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-12-04","domain_rank":114793,"first_seen":"2024-12-18T19:54:09.084425Z","last_seen":"2025-10-01T00:47:42.615256Z","alert_count":6,"request_count":3,"received_data":6587,"sent_data":2236,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"wrathypenitis.help","ip":{"addr":"212.117.186.12","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-07-21","domain_rank":0,"first_seen":"2025-08-21T05:46:19.017165Z","last_seen":"2025-09-29T15:51:37.16717Z","alert_count":12,"request_count":3,"received_data":1563,"sent_data":1638,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"oamsursumsauz.net","ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":453492,"first_seen":"2025-03-07T23:38:10.962685Z","last_seen":"2025-09-30T22:12:49.382369Z","alert_count":8,"request_count":2,"received_data":7694,"sent_data":1634,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-10-01T11:21:03.813992Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":413,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fg.obanlazed.com","ip":{"addr":"23.109.170.98","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-06-11","domain_rank":0,"first_seen":"2025-06-17T05:14:31.375395Z","last_seen":"2025-09-11T13:56:39.924703Z","alert_count":3,"request_count":1,"received_data":89267,"sent_data":423,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"phoangaisool.com","ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":355906,"first_seen":"2025-06-14T15:03:57.685669Z","last_seen":"2025-09-30T07:53:01.436507Z","alert_count":7,"request_count":7,"received_data":11359,"sent_data":7185,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tsyndicate.com","ip":{"addr":"94.130.167.206","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2017-03-08","domain_rank":1289,"first_seen":"2017-03-16T09:04:54Z","last_seen":"2025-09-29T14:53:23.040832Z","alert_count":0,"request_count":1,"received_data":5946,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bobapsoabauns.com","ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":16239,"first_seen":"2025-03-26T18:52:40.148632Z","last_seen":"2025-09-29T16:35:57.128467Z","alert_count":0,"request_count":5,"received_data":74148,"sent_data":2255,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-28T22:11:46.369912Z","alert_count":0,"request_count":5,"received_data":193471,"sent_data":2667,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc0923c33f2f758c84c52fbb61c834a3","sha1":"b058be2d1733bff3d424d94ace699f13151e3df7","sha256":"d37ef4938c8ae1d3621058c0b807b594bdff045977dab405590883e514289ac3","sha512":"428f2cdc01d9aa9d3dc8ed5a91cbbc7bc7f1e0e05118f0d8a5e817f78b4348022cc0f7219d8362cd7295faca28e22392b2766cbeabb3b65d2387366e142294eb","ssdeep":"","tlshash":"f4d0c77df0585e5020c2607fb471a016521791b9bd941130d75ebc49ff08be546afeeb","size":215,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T12:02:42.738088Z","times_seen":20149,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/8ea6c388449430a685ff104acce9cdc9.js?ver=9cdc9","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"486df47e677c91f5a08ca880fe531803","sha1":"cebce4aa053a751178b6ca3ec231489682ea390b","sha256":"c88e892d9dc8290c6f3be8232bc33956755377a8d5df8c8e381cf741ecc2cbf3","sha512":"a08ab4078ae42269052bdd8980c693115921db7fdcb3f3cc2caf1b4b51e6c628849b9c5708f81c586c71ca283c310a60ad6b38464219d029ca504f772d941721","ssdeep":"","tlshash":"f571bf1de468d4ce43aebe2eb77e7b5530228366aa3e798bc0b5805d09e0607d4521e3","size":3643,"data":"","first_seen":"2025-05-13T03:13:59.725457Z","last_seen":"2026-02-07T16:13:04.998605Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7d72b80690ba108f701c1b1a5e697720","sha1":"befbf4e1dec83cfd6b3a327a909be07a4f8ab490","sha256":"0d8bef99a34b9446ad386668c9742d804417dad6f930213a1dd1cbb8dacbd6e3","sha512":"7cc76f2ee11c4395caa4a50a63bbd1668733e4f8ba3d89189a8014364a7e93873434b7b7b7c7ab37f624d4558e064d913657c064dcc9b35f892a0f05e0991130","ssdeep":"192:q6e4j3qVXlu798fbuEO4C5/hsNs35PhSkzISM8Z:bel29YFts/Swau","tlshash":"62f153497542b57f393b7071d0af220b313970a3a84b4861e9b8f6d87c789792a23d7d","size":8109,"data":"","first_seen":"2025-07-25T05:28:04.240916Z","last_seen":"2026-04-05T11:30:23.14171Z","times_seen":16380,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad81beb0a28e87fe3ce3742823d264a8","sha1":"f0aa1a71cc5d0b2b40e1b009486fc627f7703878","sha256":"10531cb9ccd59383133c85843a19c55ba0a27d1a2eb912628e9bd7f68b479aa5","sha512":"ed7834311ae7828b03aa5a7411e9f4bbf5066879ee89fe01f83fa28d1a299733d0a81eea1cc4ab97477bf80c13c5ecf94e398d95c3bd3a2911d480b651c6fb78","ssdeep":"","tlshash":"9131ee7df5291636095661fde399e341a030f0dadc428424efb5cc5ea8cce9548abdf2","size":1717,"data":"","first_seen":"2025-07-25T05:28:04.194173Z","last_seen":"2026-04-05T11:30:23.142569Z","times_seen":11035,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,KGZ1bmN0aW9uKGJqZSl7dmFyIGQ9ZG9jdW1lbnQscz1kLmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpLGw9ZC5zY3JpcHRzW2Quc2NyaXB0cy5sZW5ndGgtMV07cy5zZXR0aW5ncz1iamV8fHt9O3Muc3JjPSIvL2FtdXNpbmdiYXNlLmNvbS9iLlgvVi9zZWRjR1BsTjBuWS9XL2NWL2VlWW1rOS91WVp0VWdsTGtXUGtUcllMMm1Na2otay16L05xVC9nT3R5TnJqLVlQeXRPV1RETS8xSE8vUUoiO3MuYXN5bmM9ITA7cy5yZWZlcnJlclBvbGljeT0nbm8tcmVmZXJyZXItd2hlbi1kb3duZ3JhZGUnO2wucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUocyxsKX0pKHt9KQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f2ffe14c92aa2fa0b0e16bc042e5c81","sha1":"142fdb93e5ac2ab663cb55493e417e98748e2a4d","sha256":"e44a63d98e765c87c7bd1055d115a4a78c27eaa8223cab33c68a9c38f8333f3a","sha512":"40e3e6f0ba860b1e597c3c5bbb44494bba39c31a00d24b34db82c54e89b30d4bfe60f00bbc51e1ab5b8aa8b902d6357b932020a884f0b2b624a57b9b229a9f5d","ssdeep":"","tlshash":"cbe07d9c2f31452002851c33613cc749714166023071e583468ed1577b787d6848ce48","size":313,"data":"","first_seen":"2025-10-05T21:11:43.508814Z","last_seen":"2025-10-05T21:11:43.508814Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9977712","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"64707f8fe54513c4960fef0aa738469f","sha1":"85d6419fa13005d585592714e673e5076b78fc68","sha256":"f623471364d5e59a0ec0e277f736ba9d82e3ef21a01aedd4cf682c914559de80","sha512":"43753be9cd054672be722d37027dfc039ffdc9939aaea657e658313171e7c9c26cc5649c16940d0da876bf46e1aa983d116aaf3b7686214c78bcadf4b1ebbe6c","ssdeep":"3072:k+KTiU/5NcwS1hnidFtOdYyfTyCitmC7fj31gyEpNfC/SZWEcb:k+KOUzZcJ3faz7fj36yEPfC6oEcb","tlshash":"18f31a8c72a6b6861b73b4702d6fd60bb73e9944280f8541e385a0b87af540dc727bdd","size":164707,"data":"","first_seen":"2025-10-03T14:05:56.699382Z","last_seen":"2025-10-06T06:55:28.140224Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4209525de5c6b24f4673bc96631b3a76","sha1":"23397ebb67d91ad39aac3c7c609db8432cb3d023","sha256":"c4b968d6848913adf1fca4b195a2a9dddeff844062120b9cd0bae1030a1e4ad4","sha512":"6112447e332fc74aa04540ecc3199eb5e408a35acd271f0aded83a5970367ed94a8bf2092cc75281eaa9891fcd6032b91210f3753f8ec83183a0b19861bb90fa","ssdeep":"","tlshash":"7fd023d6387d843063ad01865075e3a83570206077127500c2dacc2f6e31dd346b195c","size":217,"data":"","first_seen":"2025-10-05T21:11:43.51138Z","last_seen":"2025-10-05T21:11:43.51138Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/b2807e7aa4f7bec707bca6791738d89c.js?ver=8d89c","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"47a628aef2f254c32c3b5878700a42ce","sha1":"43814a498670a432b6a73cc80e67bdc738313ea2","sha256":"ea64f589334f647f2254d595466c036000a3d9150ad078a69eba7f845c0c0713","sha512":"2dad1648412fe67306b86320bc4ba90a681086b4e799528ea9783157fdc1fda64dede2e9e7958d0973156ed3d9084034422ed9c4794bedb5c7b8151917540671","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORl:5rprxaefKI0LP19m4q1WW+h4Mjw","tlshash":"5e52c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13578,"data":"","first_seen":"2023-08-09T06:09:09Z","last_seen":"2026-04-05T11:22:36.410092Z","times_seen":9793,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fg.obanlazed.com/rFJ7sY2AYsw5gndBM/86551","fqdn":"fg.obanlazed.com","domain":"obanlazed.com","tld":"com"},"ip":{"addr":"23.109.170.98","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"14d7231aeb6beefff225eeec02364fb8","sha1":"f71367ce70860c9f21be0127a8d84794ce7854bb","sha256":"98c45817f592fe735df7e8851faacd1349084b0d1dcce063ab792b2e16e401d8","sha512":"c96f360b3e1590b1f0f782b119b64ee02f3b61552510ee3289edaae97eaaadb1dc19020e39573afa4d317340dca9680da7b42dc0715c68a4c87d9c2067000a85","ssdeep":"1536:VH4Nb//9tCeyamXi3sTyHb74jsTQSP7NaXErDkybzXqr9ql:9CHKej7Ssn1","tlshash":"12833990b362b0fd8f8a55e7a2369113e13d3c84704e8cb4e17e7d543e5294ae17e6e8","size":87895,"data":"","first_seen":"2025-10-05T21:11:43.485868Z","last_seen":"2025-10-05T21:11:43.485868Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec5363d2aa786937f4ef8b30764c9434","sha1":"20a8adaeb0cef2a2f630663865c9dc8e56c711a6","sha256":"ce6c17b349437cee7eba6e43333fb1c890154dfa7e1d440d74aca2841b886bee","sha512":"b7b3f6e2c68bec695fa65d1d561f3cc6bc36680c7f9f0c7705bf4322471cde1ba058d1b2bd9ee8d4696f86433cc8a93c4ae7c0a9c9e543ac6633a527e0915b88","ssdeep":"1536:sOVx6o6wlnWDMN4B7enuRY5+0LWyLe8bODjprn:sOVv6Knwu+eWyFyhz","tlshash":"7e63c7523e72ec5413e6a7c3d01fa256e7618540b86bf890a54ed5e204210e9cbeffe3","size":67833,"data":"","first_seen":"2025-09-22T16:48:47.201885Z","last_seen":"2025-10-31T08:17:13.379525Z","times_seen":195,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,ZnVuY3Rpb24gYWxlcnRfZG93bmxvYWQoKXthbGVydCgnVGhlcmUgaXMgbm8gZmlsZSB0byBkb3dubG9hZC4nKX0=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b97cc10aa2a884c3d100927781f46b7","sha1":"fc7476d41f32e29e594a79ae7a069b5394934305","sha256":"fc9c89d3a5156e7b4e33f1f26e939408f6c940e47dd112ed5b5140b8b234b850","sha512":"5f1bb180aac9fb15c3637f363a6b168b2ba2f66e83c774faadcc90ac2eebb62028bbb21c4523423eb5fa925eaeddfb9c8ac887a1bc9c5bedc56381f19a49a2c4","ssdeep":"","tlshash":"04a0024f35a5e81a42221764031f0169d52211ea1853ef00d56c619db771130527b89b","size":65,"data":"","first_seen":"2023-08-26T17:34:09Z","last_seen":"2026-03-02T13:31:43.545103Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3fb31fc4a0b37980210c57f2698989d","sha1":"82a161b3a63cf0d5a5b37e9eacdfaf298bcbb55b","sha256":"45200934a32157fcedfec503f25c156ed7a19df9a9538269e7848ad8f1adc936","sha512":"69f23736f39a72a620c7ee834ab1745e31b0289d9724365899af60148af4a28c26c7f2bfd64649776390a2301775e2c5be863604d3c932f264eaf572f0c2b3e7","ssdeep":"","tlshash":"0fe0a330f14849201040c569f274c41110b2ca85dc2aed30f38db818f830989c1b7df7","size":408,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T12:20:04.694457Z","times_seen":14253,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,Y29uc3QgbG9hZEZvbnQ9KHVybCk9Pnt2YXIgeGhyPW5ldyBYTUxIdHRwUmVxdWVzdCgpO3hoci5vcGVuKCdHRVQnLHVybCwhMCk7eGhyLm9ucmVhZHlzdGF0ZWNoYW5nZT0oKT0+e2lmKHhoci5yZWFkeVN0YXRlPT00JiZ4aHIuc3RhdHVzPT0yMDApe2NvbnN0IGhlYWQ9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoJ2hlYWQnKVswXTtjb25zdCBzdHlsZT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzdHlsZScpO3N0eWxlLmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKHhoci5yZXNwb25zZVRleHQpKTtoZWFkLmFwcGVuZENoaWxkKHN0eWxlKX19O3hoci5zZW5kKCl9O2xvYWRGb250KCdodHRwczovL3h4eHRpay5hcHAvd3AtY29udGVudC90aGVtZXMvYXBweW4vYXNzZXRzL2Nzcy9mb250LWF3ZXNvbWUtNi40LjIubWluLmNzcycp","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"063b83f5ba5ef08db891b37a1555b6f1","sha1":"1883e30eb3a17f1d17c7e00f7d4de5fdc511aac7","sha256":"546bfcac2b7c9ae9848e64bbdafa8b980c1af78fc942be384a68001168945074","sha512":"367ade8b7b98db4a2a60f080563db309a057931c0445d9dc1af230138ab8af2a7591bd74da18b0e8399233dd222bb1bbe89727368dc29d90ec2790118793b358","ssdeep":"","tlshash":"15e0a31154f241fdad5914df74b4c691fc21a12b39118172a57ecc9c3ef1db1102ce86","size":429,"data":"","first_seen":"2025-10-05T21:11:43.515783Z","last_seen":"2025-10-05T21:11:43.515783Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,d2luZG93LmFkZENvbW1lbnQ9ZnVuY3Rpb24ocyl7dmFyIHUsZix2LHk9cy5kb2N1bWVudCxwPXtjb21tZW50UmVwbHlDbGFzczoiY29tbWVudC1yZXBseS1saW5rIixjYW5jZWxSZXBseUlkOiJjYW5jZWwtY29tbWVudC1yZXBseS1saW5rIixjb21tZW50Rm9ybUlkOiJjb21tZW50Zm9ybSIsdGVtcG9yYXJ5Rm9ybUlkOiJ3cC10ZW1wLWZvcm0tZGl2IixwYXJlbnRJZEZpZWxkSWQ6ImNvbW1lbnRfcGFyZW50Iixwb3N0SWRGaWVsZElkOiJjb21tZW50X3Bvc3RfSUQifSxlPXMuTXV0YXRpb25PYnNlcnZlcnx8cy5XZWJLaXRNdXRhdGlvbk9ic2VydmVyfHxzLk1vek11dGF0aW9uT2JzZXJ2ZXIsaT0icXVlcnlTZWxlY3RvciJpbiB5JiYiYWRkRXZlbnRMaXN0ZW5lciJpbiBzLG49ISF5LmRvY3VtZW50RWxlbWVudC5kYXRhc2V0O2Z1bmN0aW9uIHQoKXtyKCksZnVuY3Rpb24oKXtpZighZSlyZXR1cm47bmV3IGUoZCkub2JzZXJ2ZSh5LmJvZHkse2NoaWxkTGlzdDohMCxzdWJ0cmVlOiEwfSl9KCl9ZnVuY3Rpb24gcihlKXtpZihpJiYodT1JKHAuY2FuY2VsUmVwbHlJZCksZj1JKHAuY29tbWVudEZvcm1JZCksdSkpe3UuYWRkRXZlbnRMaXN0ZW5lcigidG91Y2hzdGFydCIsYSx7cGFzc2l2ZTohMH0pLHUuYWRkRXZlbnRMaXN0ZW5lcigiY2xpY2siLGEpO3ZhciB0PWZ1bmN0aW9uKGUpe2lmKChlLm1ldGFLZXl8fGUuY3RybEtleSkmJjEzPT09ZS5rZXlDb2RlKXJldHVybiBmLnJlbW92ZUV2ZW50TGlzdGVuZXIoImtleWRvd24iLHQpLGUucHJldmVudERlZmF1bHQoKSxmLnN1Ym1pdC5jbGljaygpLCExfTtmJiZmLmFkZEV2ZW50TGlzdGVuZXIoImtleWRvd24iLHQpO2Zvcih2YXIgbixyPWZ1bmN0aW9uKGUpe3ZhciB0LG49cC5jb21tZW50UmVwbHlDbGFzcztlJiZlLmNoaWxkTm9kZXN8fChlPXkpO3Q9eS5nZXRFbGVtZW50c0J5Q2xhc3NOYW1lP2UuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZShuKTplLnF1ZXJ5U2VsZWN0b3JBbGwoIi4iK24pO3JldHVybiB0fShlKSxkPTAsbz1yLmxlbmd0aDtkPG87ZCsrKShuPXJbZF0pLmFkZEV2ZW50TGlzdGVuZXIoInRvdWNoc3RhcnQiLGwse3Bhc3NpdmU6ITB9KSxuLmFkZEV2ZW50TGlzdGVuZXIoImNsaWNrIixsKX19ZnVuY3Rpb24gYShlKXt2YXIgdD1JKHAudGVtcG9yYXJ5Rm9ybUlkKTt0JiZ2JiYoSShwLnBhcmVudElkRmllbGRJZCkudmFsdWU9IjAiLHQucGFyZW50Tm9kZS5yZXBsYWNlQ2hpbGQodix0KSx0aGlzLnN0eWxlLmRpc3BsYXk9Im5vbmUiLGUucHJldmVudERlZmF1bHQoKSl9ZnVuY3Rpb24gbChlKXt2YXIgdD10aGlzLG49bSh0LCJiZWxvd2VsZW1lbnQiKSxyPW0odCwiY29tbWVudGlkIiksZD1tKHQsInJlc3BvbmRlbGVtZW50Iiksbz1tKHQsInBvc3RpZCIpO24mJnImJmQmJm8mJiExPT09cy5hZGRDb21tZW50Lm1vdmVGb3JtKG4scixkLG8pJiZlLnByZXZlbnREZWZhdWx0KCl9ZnVuY3Rpb24gZChlKXtmb3IodmFyIHQ9ZS5sZW5ndGg7dC0tOylpZihlW3RdLmFkZGVkTm9kZXMubGVuZ3RoKXJldHVybiB2b2lkIHIoKX1mdW5jdGlvbiBtKGUsdCl7cmV0dXJuIG4/ZS5kYXRhc2V0W3RdOmUuZ2V0QXR0cmlidXRlKCJkYXRhLSIrdCl9ZnVuY3Rpb24gSShlKXtyZXR1cm4geS5nZXRFbGVtZW50QnlJZChlKX1yZXR1cm4gaSYmImxvYWRpbmciIT09eS5yZWFkeVN0YXRlP3QoKTppJiZzLmFkZEV2ZW50TGlzdGVuZXIoIkRPTUNvbnRlbnRMb2FkZWQiLHQsITEpLHtpbml0OnIsbW92ZUZvcm06ZnVuY3Rpb24oZSx0LG4scil7dmFyIGQ9SShlKTt2PUkobik7dmFyIG8saSxhLGw9SShwLnBhcmVudElkRmllbGRJZCksbT1JKHAucG9zdElkRmllbGRJZCk7aWYoZCYmdiYmbCl7IWZ1bmN0aW9uKGUpe3ZhciB0PXAudGVtcG9yYXJ5Rm9ybUlkLG49SSh0KTtpZihuKXJldHVybjsobj15LmNyZWF0ZUVsZW1lbnQoImRpdiIpKS5pZD10LG4uc3R5bGUuZGlzcGxheT0ibm9uZSIsZS5wYXJlbnROb2RlLmluc2VydEJlZm9yZShuLGUpfSh2KSxyJiZtJiYobS52YWx1ZT1yKSxsLnZhbHVlPXQsdS5zdHlsZS5kaXNwbGF5PSIiLGQucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUodixkLm5leHRTaWJsaW5nKSx1Lm9uY2xpY2s9ZnVuY3Rpb24oKXtyZXR1cm4hMX07dHJ5e2Zvcih2YXIgYz0wO2M8Zi5lbGVtZW50cy5sZW5ndGg7YysrKWlmKG89Zi5lbGVtZW50c1tjXSxpPSExLCJnZXRDb21wdXRlZFN0eWxlImluIHM/YT1zLmdldENvbXB1dGVkU3R5bGUobyk6eS5kb2N1bWVudEVsZW1lbnQuY3VycmVudFN0eWxlJiYoYT1vLmN1cnJlbnRTdHlsZSksKG8ub2Zmc2V0V2lkdGg8PTAmJm8ub2Zmc2V0SGVpZ2h0PD0wfHwiaGlkZGVuIj09PWEudmlzaWJpbGl0eSkmJihpPSEwKSwiaGlkZGVuIiE9PW8udHlwZSYmIW8uZGlzYWJsZWQmJiFpKXtvLmZvY3VzKCk7YnJlYWt9fWNhdGNoKGUpe31yZXR1cm4hMX19fX0od2luZG93KQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"aed2f24df34a90a04553652a365ef5f6","sha1":"38a0e0d8044e8adaa74972a61065c734c658a170","sha256":"3e9510d141a99a72ec599832e730c8a95ba556d1887369b3aea9910d9040ccae","sha512":"afae41c5d679b113936d6432e6bac1599e3c85434e22106e78ab9f24fccdf891b80d29930c9caf432c1b2a4289b7ef2f3a52f86c157054c34ad3ed0e8b10263b","ssdeep":"","tlshash":"d54195d533c4ac7561c3b63a5aff830522b61319a80054409516d8a92a3cfe743bbbee","size":2410,"data":"","first_seen":"2023-03-09T17:57:02Z","last_seen":"2026-03-06T19:50:56.298057Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9977715","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8aa54e0f45caba29d1929319247d6f7","sha1":"6e5fc61dddf1cf4e9c933e768eeb8707009d224a","sha256":"4863ced089760be4f6407d16c4d661da7f5b899dc4cbcf16dd2cddc629a4cad1","sha512":"df7faecbcf89310902a7f19c1d23943632f68d60378cb82ed61c06cda951f01c251fb45a35e0ec39df9ec27a97e0d9aff84a5fbdd24817488e8925d475769961","ssdeep":"768:N0/yQI4xFlPlGbz9Z+CugqWc0QimcED40TZxlsl05JFGS3J03WYveZ7mSbiaB6sq:BWCT60rmcE2CLY/sKBVsm","tlshash":"80d2c6813ebb685127d257c3d03f941a93a1d60434abf5a3b50e659229320dacff3e67","size":30815,"data":"","first_seen":"2025-09-22T16:48:47.194022Z","last_seen":"2025-10-31T08:17:13.404319Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,KGZ1bmN0aW9uKCl7KGZ1bmN0aW9uKFQsSyl7dmFyIHo9YXIxbnRBLHY9VCgpO3doaWxlKCEhW10pe3RyeXt2YXIgQT1wYXJzZUludCh6KDB4MTkwKSkvMHgxKy1wYXJzZUludCh6KDB4MTZkKSkvMHgyKigtcGFyc2VJbnQoeigweDE4YykpLzB4MykrLXBhcnNlSW50KHooMHgxOTUpKS8weDQqKC1wYXJzZUludCh6KDB4MTc5KSkvMHg1KSstcGFyc2VJbnQoeigweDE2YykpLzB4NioocGFyc2VJbnQoeigweDE4YSkpLzB4NykrLXBhcnNlSW50KHooMHgxOTIpKS8weDgrcGFyc2VJbnQoeigweDE3YikpLzB4OSoocGFyc2VJbnQoeigweDE4NSkpLzB4YSkrLXBhcnNlSW50KHooMHgxN2EpKS8weGIqKHBhcnNlSW50KHooMHgxOTgpKS8weGMpO2lmKEE9PT1LKWJyZWFrO2Vsc2Ugdi5wdXNoKHYuc2hpZnQoKSl9Y2F0Y2goZSl7di5wdXNoKHYuc2hpZnQoKSl9fX0oYXIxbnR2LDB4NTc4Y2UpLCEoZnVuY3Rpb24oKXt2YXIgUj1hcjFudEEsVD0oZnVuY3Rpb24oKXt2YXIgRj0hIVtdO3JldHVybiBmdW5jdGlvbihJLGcpe3ZhciBQPUY/ZnVuY3Rpb24oKXt2YXIgZj1hcjFudEE7aWYoZyl7dmFyIHg9Z1tmKDB4MTdkKV0oSSxhcmd1bWVudHMpO3JldHVybiBnPW51bGwseH19OmZ1bmN0aW9uKCl7fTtyZXR1cm4gRj0hW10sUH19KCkpLHYsQSxDLEo9ZG9jdW1lbnRbUigweDE5MSldKFIoMHgxN2UpKSxXPVIoMHgxODApLFk9UigweDE4MSksaj1ZW1IoMHgxODkpXSgweDAsMHgyKSxaPVlbUigweDE4OSldKDB4MiwweDQpLFY9WS5zdWJzdHJpbmcoMHg0LDB4NiksRT1mdW5jdGlvbihGKXt2YXIgcD1SLEk9VCh0aGlzLGZ1bmN0aW9uKCl7dmFyIHE9YXIxbnRBO3JldHVybiBJLnRvU3RyaW5nKClbcSgweDE3ZildKHEoMHgxOTMpKVsndG9TdHJpbmcnXSgpW3EoMHgxODQpXShJKVsnc2VhcmNoJ10ocSgweDE5MykpfSk7SSgpO2Zvcih2YXIgZz1kb2N1bWVudFtwKDB4MTczKV1bcCgweDE3MCldKCc7JyksUD0weDAseD1nLmxlbmd0aDtQPHg7UCs9MHgxKXt2YXIgSD1nW1BdW3AoMHgxNzApXSgnPScpO2lmKEhbMHgwXVtwKDB4MTk2KV0oKT09PUYpcmV0dXJuIE51bWJlcihIWzB4MV1bcCgweDE5NildKCkpO31yZXR1cm4gbnVsbH0oVyksTj0nJyx5PVIoMHgxNzIpO2lmKG51bGw9PT1FKXY9TWF0aFtSKDB4MTk5KV0oMHg0Kk1hdGhbUigweDE4ZSldKCkpLEE9VyxDPXYsZG9jdW1lbnRbUigweDE3MyldPVtBKyc9JytDLFIoMHgxOGQpLCdwYXRoPS8nLFIoMHgxNzQpK25ldyBEYXRlKG5ldyBEYXRlKClbUigweDE3OCldKCkrMHg3KjB4MTgqMHgzYyoweDNjKjB4M2U4KVtSKDB4MTZmKV0oKV0uam9pbignOycpO2Vsc2Ugdj1FO3N3aXRjaCh2KXtjYXNlIDB4MDpOPSdoZC00MzYzMl9hJzticmVhaztjYXNlIDB4MTpOPVIoMHgxODMpLHk9UigweDE3Nyk7YnJlYWs7Y2FzZSAweDI6Tj0naGQtNDM2MzJfYycseT1SKDB4MThmKTticmVhaztjYXNlIDB4MzpOPSdoZC00MzYzMl9kJyx5PVIoMHgxN2MpfUpbUigweDE4YildKFIoMHgxNmUpLE4pLEpbUigweDE4YildKFIoMHgxOTcpLFIoMHgxODYpW1IoMHgxODcpXSh5LCcvJylbUigweDE4NyldKGosJy8nKVtSKDB4MTg3KV0oWiwnLycpW1IoMHgxODcpXShWLCcvJylbUigweDE4NyldKFksUigweDE3MSkpKSx3aW5kb3dbUigweDE3NSldKFIoMHgxNzYpLGZ1bmN0aW9uKCl7dmFyIGg9UjtpZihudWxsPT09ZG9jdW1lbnQuYm9keS5xdWVyeVNlbGVjdG9yKGgoMHgxODgpW2goMHgxODcpXShOLCd4MjJdJykpKWRvY3VtZW50W2goMHgxOTQpXVtoKDB4MTgyKV0oSik7fSl9KCkpKTtmdW5jdGlvbiBhcjFudEEoVCxLKXt2YXIgdj1hcjFudHYoKTtyZXR1cm4gYXIxbnRBPWZ1bmN0aW9uKEEsZSl7QT1BLTB4MTZjO3ZhciBDPXZbQV07cmV0dXJuIEN9LGFyMW50QShULEspfWZ1bmN0aW9uIGFyMW50digpe3ZhciB3PVsnNzE2NzE0NFhXT2ZGWCcsJ2Zsb29yJywnMjE3Mk9BbVBXTCcsJzEyMTQ2NzhhS2dSWXInLCdkYXRhLWRvbWFpbicsJ3RvVVRDU3RyaW5nJywnc3BsaXQnLCcuanMnLCd1bndlbGNvbWV3b29scHJpemUuY29tJywnY29va2llJywnRXhwaXJlcz0nLCdhZGRFdmVudExpc3RlbmVyJywnRE9NQ29udGVudExvYWRlZCcsJ2ZhbHNpZnlwcm9iYWJsZS5jb20nLCdnZXRUaW1lJywnMTBVc1l2UUMnLCcxMUpIUWlrSycsJzMxNjhaSkRNWXcnLCdwcm90ZWN0aW9uY2xlYXZlLmNvbScsJ2FwcGx5Jywnc2NyaXB0Jywnc2VhcmNoJywndGVzdF92YXJpYW50JywnZDhmYWY1Mzg5NGNkZDU5NWIzYzliNTIzMGM4NjJiY2MnLCdhcHBlbmRDaGlsZCcsJ2hkLTQzNjMyX2InLCdjb25zdHJ1Y3RvcicsJzc0ODB6Z2pWbFonLCdodHRwczovLycsJ2NvbmNhdCcsJ3NjcmlwdFtkYXRhLWRvbWFpbj14MjInLCdzdWJzdHJpbmcnLCc4MTgzSmRLRHpFJywnc2V0QXR0cmlidXRlJywnM2FpSkVSRicsJ1NhbWVTaXRlPUxheCcsJ3JhbmRvbScsJ3dpY2tlZHNldHVwLmNvbScsJzcwNDc4NElzY1FCSCcsJ2NyZWF0ZUVsZW1lbnQnLCcxODQzMzUyZVBEbmlGJywnKCgoLispKykrKSskJywnYm9keScsJzY4MDkyTGpwVE1jJywndHJpbScsJ3NyYyddO2FyMW50dj1mdW5jdGlvbigpe3JldHVybiB3fTtyZXR1cm4gYXIxbnR2KCl9fSkoKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c98639ad0bbdb97b9087853b2d650ab","sha1":"8712851aee953b4656f4cf08e5ee4a283950027d","sha256":"2bc1e88b34bbc4286116b6d11cbfe7e7031965f68420ff5801ac009425a195c9","sha512":"7234dab61eea7976690f0b406b77f686cd342bea1b22050dc19c3b2e899d38ebbbfba91968af5f3f97e91ab7c5872b668fa8239bd11d6682720b3766d8b153b7","ssdeep":"","tlshash":"9b51769d3e58519ec7825d3b2c3fe109ae10fb81aa44d049e05ae4c4fda571ab2f7b30","size":2572,"data":"","first_seen":"2025-10-05T21:11:43.521458Z","last_seen":"2025-10-05T21:11:43.521458Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,d3BhX2ZpZWxkX2luZm89eyJ3cGFfZmllbGRfbmFtZSI6InRodm1ibzgwODkiLCJ3cGFfZmllbGRfdmFsdWUiOjU1NjMwNCwid3BhX2FkZF90ZXN0Ijoibm8ifQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"088951fd4c6abb5fe7037b479681c389","sha1":"158b5bc7dd4f78d3d799b0c03db9d163f6505910","sha256":"8cf86c523e445fb27ce27ccae4511abc48365fed30350ca763ae901e84d8cc20","sha512":"e101a782fbe42f458465e300e84d36c026463af01111513b9d31b308992713d74005c1a2b76f6dc146b3c3146745d0937b29d01d6f6e833e0802164ff1088e5b","ssdeep":"","tlshash":"a8b0120151c2046b6800d001ec83e27467105002ff00fc19f310cc33d120f041d42100","size":91,"data":"","first_seen":"2025-10-05T21:11:43.524648Z","last_seen":"2025-10-05T21:11:43.524648Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"de4f51ab06af0681a05b4d5e1f8dca51","sha1":"9c07ef42a42094a30b7e191895d7d1cfbc7e5edf","sha256":"c02f4204ecc4f51cf8faf6d8edbec4ed8cd53ea024c5dee8b410ce5c2dbc07b6","sha512":"c8b85fff0ddd4568178d183e8cca253cc5f6c01700f77e7641eb5fdb34e2eb40989721e021bb665fc1c46af61bc6ecdf5640eae51e53d2b5651c0fc4fa2a6b37","ssdeep":"","tlshash":"6911cedfa950664121bf0092859fbd6eb59a95a0a48cc73892beec74007c0537087fbf","size":1000,"data":"","first_seen":"2025-10-05T21:11:43.527307Z","last_seen":"2025-10-05T21:11:43.527307Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wabsyederly.com/gAs36mcmijz/68957","fqdn":"wabsyederly.com","domain":"wabsyederly.com","tld":"com"},"ip":{"addr":"172.255.103.117","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cbc3eee88fbb41045356241ab5e5fffc","sha1":"69e17c2843fed1cacfa39f5419646fc232c4f0e5","sha256":"903d971116973395c6e8b7842ad33f53d8336a17e9635fd4128a6b8e3f683fda","sha512":"7a98cb5f3b6fc42e1a40cf7cae6fc63fac27c0ab077ee2b2e5d99d4a48fa200ca8dcd5dafcf6bb56b8135b5fa04efd6ece40af02d81559a69d82e6d7c78a7fbb","ssdeep":"1536:/H4Yb/N1nJ/VomtG6r2qbfG/GeEvOtJ78tArsW/0HLR/YQEyPuQmfMrn8lxnZ8ab:vH/3rArsW/0rR/YQEyPuia5ueFOTMaAB","tlshash":"dde30ae1f710f3bc575b84e2953e8509d22a0f4371c95ba096a9ec452b6d20fe13edac","size":150095,"data":"","first_seen":"2025-10-05T21:11:43.398385Z","last_seen":"2025-10-05T21:11:43.398385Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIHJlY2FwdGNoYV9jYWxsYmFjaz1mdW5jdGlvbih0b2tlbil7ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImRhc2wiKS5yZW1vdmVBdHRyaWJ1dGUoImRpc2FibGVkIik7ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInJlY190b2tlbiIpLnZhbHVlPXRva2VufQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1d85a10be38c0a54740298b3164da5b1","sha1":"bc810600be82152c0acd51c251665756e9aeff15","sha256":"a6394174c5fc91f064dcc5c4b679b94e3d8eb109d8984b672a81db2529f89ee7","sha512":"96646d6c827849c5f21c0ed258a5f34c5b43ca8cc29255e1a477ca3a070e0d920d26d359c3cb637aa0fd63fa288b5960b542844771171364a4f519bed8e0a94d","ssdeep":"","tlshash":"e9c02b77304109341cef7d73501343c43c20d154bd0f0000040db6e06c3af854237d04","size":148,"data":"","first_seen":"2025-10-05T21:11:43.529859Z","last_seen":"2025-10-05T21:11:43.529859Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-05T10:24:17.114195Z","times_seen":18606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/b.X/V/sedcGPlN0nY/W/cV/eeYmk9/uYZtUglLkWPkTrYL2mMkj-k-z/NqT/gOtyNrj-YPytOWTDM/1HO/QJ","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2ab3a2805e10803a21d549c6855bf6f","sha1":"44166b41a53a11cb8f907f76f20a5233943620f2","sha256":"15574654d090b7c7293cfb1b2246de1ba1b9e005902c5b4dcfb204f7be2ac489","sha512":"61ff76df5b9b949c524d0872abc2adeccc87df16038f960d15a2ac5467423f19d7a4dd5f2861592a5889bf5a8c17aec9630a6b3507e0538520034e0051a398ac","ssdeep":"6144:YHZboEBkleZbAf9SjZxPLJv79EnVtK2QnUOl2M3Ty3N1vVdgyYhvcpgs0kOREQUJ:Y5Af9SjZxPN5ECrl2MDZvLtCRCHaF","tlshash":"8ff43bcdb195707202d760b5953f530e733a9a299408c06cf529e9e92db8e4da23bf7c","size":737890,"data":"","first_seen":"2025-10-05T21:11:43.49868Z","last_seen":"2025-10-05T21:11:43.49868Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-03T11:08:00.008086Z","times_seen":1765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1f1018f4ae58810c149784fd471c5a72","sha1":"8e4604f9fd24afe42a9552fe2c39b498f4ae533b","sha256":"a11dba3278bbb0176269e5394a67747a7a7f93ed6527c233986019efabe92f6f","sha512":"922b0255e35cdf82f6fd67f15324d9e32d5d4dd0df9269acc11d80e1ea0ce13508c5652d5555dfb7d8ecc0f2d3701d8aff8e94a07baf056700d8fbdff81023bf","ssdeep":"","tlshash":"3b1100b53a2a1534c6d5508b317ee7a93d3220317b02a044c36ccc289d28e8314efcbe","size":902,"data":"","first_seen":"2025-10-05T21:11:43.534208Z","last_seen":"2025-10-05T21:11:43.534208Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,ZnVuY3Rpb24gc2V0Q29va2llKGNuYW1lLGN2YWx1ZSxleGRheXMpe3ZhciBkPW5ldyBEYXRlKCk7ZC5zZXRUaW1lKGQuZ2V0VGltZSgpKyhleGRheXMqMjQqNjAqNjAqMTAwMCkpO3ZhciBleHBpcmVzPSJleHBpcmVzPSIrZC50b1VUQ1N0cmluZygpO2RvY3VtZW50LmNvb2tpZT1jbmFtZSsiPSIrY3ZhbHVlKyI7IitleHBpcmVzKyI7cGF0aD0vIn0=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"70fae3fafe51feabc1393e7377dad48b","sha1":"7d606ae362a41d7c9b45b86f8010ea9a2f1943f7","sha256":"db4693d86034734117f9330713ff0f1ef7fd1ee550727cfd030dc181ac0f81dd","sha512":"1d753c0c7ecbbf6ec135df0f9c30077ec7da725311b1f9b47980e1d1648d2fc1b3e69c837b85ac3397ab55a2c1032459e1c93b6c5b1d522fecbec9c0d031f661","ssdeep":"","tlshash":"6ed0122c71d874544652167a6e7e1e9a3c315374704282bd5416de352934c424ea3ba5","size":197,"data":"","first_seen":"2023-08-26T17:34:09Z","last_seen":"2026-03-06T21:43:32.514189Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,KGZ1bmN0aW9uKGMsbCxhLHIsaSx0LHkpe2NbYV09Y1thXXx8ZnVuY3Rpb24oKXsoY1thXS5xPWNbYV0ucXx8W10pLnB1c2goYXJndW1lbnRzKX07dD1sLmNyZWF0ZUVsZW1lbnQocik7dC5hc3luYz0xO3Quc3JjPSJodHRwczovL3d3dy5jbGFyaXR5Lm1zL3RhZy8iK2k7eT1sLmdldEVsZW1lbnRzQnlUYWdOYW1lKHIpWzBdO3kucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUodCx5KX0pKHdpbmRvdyxkb2N1bWVudCwiY2xhcml0eSIsInNjcmlwdCIsIm5jMTNtdTlzaXciKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d253bbb59906293d65ffc9e38bc81e4e","sha1":"2d7b6535b5bf65b5ec36351fbb79618ba9081112","sha256":"c2f76ba827719a6904401fa17ba32a9da63c80743602593d65ff0ddfe4dfaea0","sha512":"0d0482053abb0d07f983b926656f89287b66d9ac35f4f60ecf04bda698e91f73b8a794e63447fa2a08d01bb27f225793a5727728449b6d6558cc98925d1694a1","ssdeep":"","tlshash":"f3d0955674c5503917b25db923f7d94f35372a19d85f47139a97c5f53130d45054304c","size":265,"data":"","first_seen":"2025-10-05T21:11:43.539709Z","last_seen":"2025-10-05T21:11:43.539709Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGRjbG1fYWpheF92YXI9eyJ0aXRsZSI6IkFyZSB5b3UgMTggb3IgT2xkZXI/IiwieWVzX2J1dHRvbl90ZXh0IjoiWWVzIiwibm9fYnV0dG9uX3RleHQiOiJObyIsImRlc2NyaXB0aW9uIjoiWW91IG11c3QgYmUgMTggeWVhcnMgb2YgYWdlIG9yIG9sZGVyIHRvIGVudGVyIHRoaXMgc2l0ZS4iLCJub3BlX3RpdGxlIjoiV2UncmUgc29ycnkhIiwibm9wZV91bmRlcl90aXRsZSI6IkkgaGl0IHRoZSB3cm9uZyBidXR0b24hIiwibm9wZV9idXR0b25fdGV4dCI6IkknbSBvbGQgZW5vdWdoISIsIm5vcGVfZGVzY3JpcHRpb24iOiJZb3UgbXVzdCBiZSAxOCB5ZWFycyBvZiBhZ2Ugb3Igb2xkZXIgdG8gZW50ZXIgdGhpcyBzaXRlLiIsIm5vcGVfcmVkaXJlY3RfdXJsIjoiaHR0cHM6XC9cL25laWdoYm91cmx5cmVwcmVzcy5jb21cL2twOWZqcWVnenI/a2V5PWZjMjg3MWRiOWE3MjM2MTYzMTQ0YWVlNTRkZjQyZGY2IiwibG9nbyI6Im9mZiIsImxvZ29fZmlsZSI6IiIsImxvZ29fd2lkdGgiOiI1MCIsImRpc2NsYWltZXJfcmVkaXJlY3RfdXJsIjoiaHR0cHM6XC9cL25laWdoYm91cmx5cmVwcmVzcy5jb21cL2twOWZqcWVnenI/a2V5PWZjMjg3MWRiOWE3MjM2MTYzMTQ0YWVlNTRkZjQyZGY2IiwiZGlzY2xhaW1lcl9yZWRpcmVjdF9zdGF5X29uX3NpdGUiOiJvZmYiLCJkaXNjbGFpbWVyX2Rpc2FibGVfY29va2llX2FkbWluIjoib2ZmIiwiZGlzY2xhaW1lcl9jdXJyZW50X3VzZXJfY2FuIjoiIn0=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0674c83c7e5be5b418589f45a0967203","sha1":"f605c5ae0c2f0a59a8e8becf528583f8e813bf51","sha256":"88bf8d579c3f54fa07d7ae8f4efaa8105da6860d196e91b9c1ec192d43a5bd2e","sha512":"82c407266635298e316f40aaf3d5a28cfeb77a833bb4c269c959c23b494bafeb338fa911d2e577e54b0824e07c23d3a025293568ced2b5292a1c236a34071c20","ssdeep":"","tlshash":"9001b1b51a9c0b32e2d195e9354b9d4de08d0618b78cc598cb0d44bdd8d86e3512b071","size":731,"data":"","first_seen":"2025-10-05T21:11:43.543518Z","last_seen":"2025-10-05T21:11:43.543518Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"1dc38a743cdac6093b6f9096b2c72b70","sha1":"4a793504be63ecb0246a2ce14df614aca6195d1b","sha256":"83937feac6bedf544edae76b0472d319feb5e3469d19bc1ae8c62d63e76df78e","sha512":"085a97a587e1d5760547ed281838a4e2d8b8ef1c002737f0395aebbef617a545c3c68334aa8221e595c80dbf254a80ba9e9d9cb41d4adcb8f79236cd8a951c0a","ssdeep":"1536:k8zmHlk4JQ9aO4kD9DaZ06GUqo54Az0SBYQ4+DIVVWBWeOjLouPks:XzsJkaO44a06GUb0S6z3eWPouf","tlshash":"9bb33bca2265241612bf8035446bed0eb5aecd8104cdcc78e1e5b8662d78b16d3f7fe9","size":115379,"data":"","first_seen":"2025-10-03T08:09:32.651385Z","last_seen":"2025-10-06T06:55:28.057873Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9977713","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"172.67.163.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e2f502d56d1012a6c8f9f45996d9272a","sha1":"509e89091d9e581c4070ec7e61ae9a8dac65fe00","sha256":"cadd957ca3445b54783a660ad627095435abb32ecea082a37cda6c24a1c8b73c","sha512":"afcb3b616e42343552aa10c51775fc0c87b89d634a8bdc333fc4de8293676141847d6d0871bc1c623e9c7d495f8f169a5b2e574b22e062c276800a767168c483","ssdeep":"3072:kPGS7PMIPGWK8/UFoNWV3IZNo8y0YZy6/rp9T37ccqe//SJWN8i/:QhPMIPGWKKeoN44ZNo8y0h6/rp9T3hk0","tlshash":"3af3d59c329170dd1b76a421263b9e9eb52fd9d0ac8ec551e05af0fc7e3401a83a3ed5","size":168170,"data":"","first_seen":"2025-10-03T13:38:24.449553Z","last_seen":"2025-10-06T10:54:10.557209Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.plump-message.pro/ecc874/bf80491dfeaf.js","fqdn":"www.plump-message.pro","domain":"plump-message.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ee2e7d55324807126d33f98d5aa79a5","sha1":"abca75d68fb2ad2ede44f4c22d542bad554b4f06","sha256":"937a622a0542092f89060457db6c07ab17e673a8fa0ed76912d46a5c49f2f1fd","sha512":"a35c76568c8598b09a78264da61a49919263cbe4102695701c7ee8958c0a198b3adcf38a0526bb257972c9b11ca6bd05f4b583b102d43c2d707baf493fc7064f","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPv2C:OijxEQq3P5Enne9zkWHLj","tlshash":"61a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","size":103679,"data":"","first_seen":"2025-10-03T08:37:41.665661Z","last_seen":"2025-10-06T01:17:23.154252Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIHB4X3JhdGluZz17ImF2ZXJhZ2UiOiI0LjMiLCJ1c2VycyI6IjY0NjQyNCIsImNvdW50IjoiMjc3OTYyNCJ9","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"38cdc665a8279f5573d8b35ae79bc0eb","sha1":"3488b2ea6985789df31fcf85af6bbc8315996ee7","sha256":"d40145734439dbd64a947e9e195630691f3838c464665438a1b0b2ba32718f02","sha512":"9872522bb5b8ac08cc14d633468d7f59c2212d8ddd7d398ce68f3ea46436161b64b1ce919c4f1f82fdbca32fb4d2bedf3043b4b0c8eda286e2270fddddfbeb28","ssdeep":"","tlshash":"f9a022023003afb83e2a0080b00c0c2000cc3082c080828ccc202c8a028230e882300a","size":66,"data":"","first_seen":"2025-10-05T21:11:43.546399Z","last_seen":"2025-10-05T21:11:43.546399Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/fea486d6d0266ce99a9eb3e076eb95b6.js?ver=b95b6","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15792581f31dee88d409d3eb2b5abead","sha1":"1a0d2ce250cb02f967f270cbfc59f42635101031","sha256":"16ef50bdb0d7538724ecc479c695071ad4ca317177b056ece0c61f35c47bd663","sha512":"998d47ef249e17dd974016bdb6d605f259dd0252a12e8b8240fed19fa5548d3e956ba7076b435712394d9f5e1fd5df23d4e50dcaf4bb441d0379b98cbf0db854","ssdeep":"","tlshash":"f72120987089b815522b9a35677f109bb078eb55d09c40a9c3d1e4e03f708820d72ef9","size":1302,"data":"","first_seen":"2024-03-19T09:12:37Z","last_seen":"2026-03-31T08:58:48.821756Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/16ff37aa3d68f8972c61041247eb574a.js?ver=b574a","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"add484f1748beea3eb9f275c5e4c496e","sha1":"7744fe63c0cbdc64d83c11c66cabd608cad1b552","sha256":"6ca8bb49a96cc868d1e5357a2a0a7ca5ec0fbedd818bfb944c2f444d625e2551","sha512":"eee8ba8bdf347d0c9b1c0918826dd3d26754ffd81c13faaa672b68a7e3b894e8c188a4aa869d9dccbc6f1563abfd23cffa3deb223d435fd3dab1163778a4536f","ssdeep":"384:Yvf4xzL1bFFPWuGcEIEOqcxx3anCMzMLgfyLOd6aaBM/euL5nwEjhpyonUiwFzIo:YvANj1WuuZSFk5nwEjhpyonDczKPs","tlshash":"d382b718321864bd45bf177d211f920672391d3acb06984664bec4799fbed8a02b6f2e","size":18479,"data":"","first_seen":"2024-06-03T15:44:24Z","last_seen":"2026-03-02T13:31:43.51128Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9977714","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e2f502d56d1012a6c8f9f45996d9272a","sha1":"509e89091d9e581c4070ec7e61ae9a8dac65fe00","sha256":"cadd957ca3445b54783a660ad627095435abb32ecea082a37cda6c24a1c8b73c","sha512":"afcb3b616e42343552aa10c51775fc0c87b89d634a8bdc333fc4de8293676141847d6d0871bc1c623e9c7d495f8f169a5b2e574b22e062c276800a767168c483","ssdeep":"3072:kPGS7PMIPGWK8/UFoNWV3IZNo8y0YZy6/rp9T37ccqe//SJWN8i/:QhPMIPGWKKeoN44ZNo8y0h6/rp9T3hk0","tlshash":"3af3d59c329170dd1b76a421263b9e9eb52fd9d0ac8ec551e05af0fc7e3401a83a3ed5","size":168170,"data":"","first_seen":"2025-10-03T13:38:24.449553Z","last_seen":"2025-10-06T10:54:10.557209Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6be41b1843a7f0b10ddf8dfb8b47d75a","sha1":"c7db8f384dcd4869c5453bc62910a170d62beae5","sha256":"c8ce553b48447313ca3c27b2419d09fedf52f95e460de4e223abff7ce9fa7bbf","sha512":"f742540a19f01dad688404596bbc3483ad461ad6d40eddbb9563f7924224cfb31c09196cdf5e3d76a549d8e2c28116439482007f51da1491177e75848e956f65","ssdeep":"192:/x5y9bXGXngyTZmEYkfECSenF282uqn6Hacv4v2:J8tXGXnghbkf1L6cv/","tlshash":"5822fb93be8d751e13223dd5d95b30cb96dfe4597c531b08c2209cdcaa37b88d16ad48","size":10118,"data":"","first_seen":"2025-10-05T20:55:43.700946Z","last_seen":"2025-10-05T21:11:43.549277Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-includes/js/jquery/jquery.min.js","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-05T11:47:06.785218Z","times_seen":687625,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/ad2c7feefaf76741ff4f028f0131e09a.js?ver=1e09a","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc8c089e48c61d9bb9e2b9ef5110520c","sha1":"93aac259cc549c2b1c573af01b72a1675b112f62","sha256":"ed2fbe244441cba2c9e0d25d5782b212e48c518ca3edd2302f56c3faba59df5d","sha512":"1b6389a74850f62882dda957ab8c18167e767ea7571bb9612070d38a08f14d82824fe4b6f5049083c40589b28cf0043014a2d2a75dcbdc6f13d14e7196ffdf3b","ssdeep":"","tlshash":"6d61e204915508e23632d7f5fee7e72523199016ff08dd46ef28dcea8b84d967122f89","size":3337,"data":"","first_seen":"2025-09-21T22:44:54.549581Z","last_seen":"2026-03-01T13:05:12.455702Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protectioncleave.com/d8/fa/f5/d8faf53894cdd595b3c9b5230c862bcc.js","fqdn":"protectioncleave.com","domain":"protectioncleave.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbca87d95fa4f32aa06f665a0f87c47e","sha1":"2589aff25029346592c2546faf508a3489baf867","sha256":"6ea0561d81373f142765dd4ebce563a114301e9743ae91dc99a247e53d7520bb","sha512":"874759be6c41ea90a13b67881421dfe721eef08517f2f8aa08d77b5bb3262593ad408354f72c0699a077976a7b29ebbee6cc89b8ebfe273aca15ee32416e0c7d","ssdeep":"1536:2H99DdEttPZyh1K9MX2SjoZCibaH+k207gz5vQJQQPXIDYZZpZpNen:dMU4xek77gz5vQo","tlshash":"e7a3b7797f00f05f1756a073223f9216f1aa9f02015ce754f946fa582badf1be43aa18","size":99668,"data":"","first_seen":"2025-10-05T21:11:43.38971Z","last_seen":"2025-10-05T21:11:43.38971Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIHRleHRfPSExO3ZhciBhamF4dXJsPSJodHRwczovL3h4eHRpay5hcHAvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiO3ZhciB0ZXh0X3ZvdGFyPSJWb3RlIjt2YXIgdGV4dF92b3Rvcz0iVm90ZXMiO3ZhciB0ZXh0X2xlZXJfbWFzPSJSZWFkIG1vcmUiO3ZhciB0ZXh0X2xlZXJfbWVub3M9IlJlYWQgbGVzcyI7dmFyIHRleHRfZGU9Im9mIjt2YXIgdGV4dF9yZXBvcnRlX2dyYWNpYXM9IlRoYW5rIHlvdSBmb3Igc2VuZGluZyB1cyB5b3VyIHJlcG9ydC4iO3ZhciByZWNhcHRjaGFfc2l0ZT0iNkxmNkk1OHFBQUFBQUhrM1p5OS03WWJjNmNCWC1CZnROVzVPeURhWCI=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f1352f13881d96ee77cce95e3de3798","sha1":"1b6ff812d9715b54625fce882c830816fc6f5317","sha256":"04643fbdf91dd4d612ae184d974f24a98e51bbdab6299260a37aaf9ab266aea5","sha512":"363dc6bda98ecf4afc87eae0472fe14deb4f959a14e0ffdc9caae007b095e5b98d217998ca95b94787c7388e9ee2f7ec4ae39fe0f02ad56142ac9d574f1c5c05","ssdeep":"","tlshash":"9ee07d35c4dc0f414c626d91da5cf65314706f5cdb4cc4604d10fa9603e164bc001104","size":320,"data":"","first_seen":"2025-10-05T21:11:43.551589Z","last_seen":"2025-10-05T21:11:43.551589Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","size":17879,"data":"","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-05T11:37:19.756326Z","times_seen":6366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"zoojoujoaseeh.com/401/9977713?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"POST /401/9977713?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2585\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-type: application/json\r\nx-trace-id: 8ccc7c548f3309c450b42a85b187ac07\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:08 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2072,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e375e3fa7e158dfdc89b462b4835effe","sha1":"e542f515fe00ca7c2910f46434d9fda948b86040","sha256":"3f25a23d62287d25e1d88311a193fa261919c13f65248c921ad6808e9acc28a8","sha512":"78d00a94c3d119e1df51b2c0f23d9e529d9a8d7eefb4ea500e6f8a50d389b2e4a98d84480303224948bc03128241573f4eab7b3ce82c0b18fc79405f230f04dc","ssdeep":"","tlshash":"134100088e18407e82de5ab5ec0b6d471bb9051f3a4c722ee7850d17b0ebce403eb20b","first_seen":"2025-10-05T21:11:43.330953Z","last_seen":"2025-10-05T21:11:43.330953Z","times_seen":1,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":96,"dns":4,"connect":29,"send":0,"wait":35,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 384\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"105e017845072f56df622ed51ff912aa","sha1":"b7e3f278880881caf8bc62e944b9def0d39268a7","sha256":"a3a830dd895941d24a5422b6f16524fa3fbb3e68ffe818902a59f3fbd4bf450d","sha512":"1dbca7c267b68a205ddae8252c1e0d5a94bfaf5ef8dd9b217b2ed95f3cce923dac86321f99a5c6e39068cb7d878d25babe2c9a4e88f74b9d4e2ed178b26d0074","ssdeep":"","tlshash":"85a01240c04c88700585893d6095ac2009fd04334d01107a580c6d244821400c11d051","first_seen":"2025-10-05T21:11:43.335829Z","last_seen":"2025-10-05T21:11:43.335829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=619eb20b-0c70-488e-9788-174c75b967c0\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=d8faf53894cdd595b3c9b5230c862bcc\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=21","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=619eb20b-0c70-488e-9788-174c75b967c0\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=d8faf53894cdd595b3c9b5230c862bcc\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=21 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 21:11:12 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f33f361597db9350fba413138c456b17\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":677,"timings":{"blocked":291,"dns":1,"connect":94,"send":0,"wait":96,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/b2807e7aa4f7bec707bca6791738d89c.js?ver=8d89c","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/js/b2807e7aa4f7bec707bca6791738d89c.js?ver=8d89c HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4681\r\netag: \"350a-68e2de64-11619f6;br\"\r\nlast-modified: Sun, 05 Oct 2025 21:08:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gQPnNJjHR2vpBJgr7XDzEKXEDk%2BdmkCxBJPls8MehZ9NFflPRjYb8%2BBx4NkUPQqCHlqxNcFQIiKPkh52d1wid6V%2FgYZ0vomd\"}]}\r\ncf-ray: 989fe8d528040b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13578,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"47a628aef2f254c32c3b5878700a42ce","sha1":"43814a498670a432b6a73cc80e67bdc738313ea2","sha256":"ea64f589334f647f2254d595466c036000a3d9150ad078a69eba7f845c0c0713","sha512":"2dad1648412fe67306b86320bc4ba90a681086b4e799528ea9783157fdc1fda64dede2e9e7958d0973156ed3d9084034422ed9c4794bedb5c7b8151917540671","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORl:5rprxaefKI0LP19m4q1WW+h4Mjw","tlshash":"5e52c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-08-09T06:09:09Z","last_seen":"2026-04-05T11:22:36.410092Z","times_seen":9793,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9977712?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9977712?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: cc38cce503c97b8d59249eb9e778ae8d\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:08 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2000,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"369bb330ea65cc985046f6ba75a41755","sha1":"30fdbaa028813e51d0971a440e2cc0dfa7638fd0","sha256":"d14f0344485b456bd0f61b2ff24c1ba25c8a6344d63c99257b13ffe6abc0a906","sha512":"7d701cf2763a25b458719202eae7f8ea4cf9a28b406191ef73318f63bf7b27d51a61bf976705a8b2bce6ca359a227793e902022e6e037d9997f6c9b1ea9ec1fc","ssdeep":"","tlshash":"1a412a5a320d59248fc11340597e389de39085d6707219ddb603fa1e8affd98985f190","first_seen":"2025-10-05T21:11:43.342524Z","last_seen":"2025-10-05T21:11:43.342524Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/500/9977714?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"GET /500/9977714?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 7b8ed7c5578fd9290f1be1652db2395e\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:11 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2002,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"d4c1f292635a24d75268b8557b53589e","sha1":"2bb9463bf436e60b429480e6bfb6782103c4e33d","sha256":"c1d22e2a9a55e3e4f05b38f720ba25b8074a7609b4b05db868132e4f1d5f6545","sha512":"2b41e86eb0c6cb17cf06183698bea82bb41e362ec33668b6981d1f9cc2f282baeee414c11eded03465ef75880222def578170e09b35b4571602735493037812b","ssdeep":"","tlshash":"46410a6fba9c2673015bd2c3180874a1c9a985119d6170cf7643ddd8712ecc769af308","first_seen":"2025-10-05T21:11:43.346259Z","last_seen":"2025-10-05T21:11:43.346259Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/themes/appyn/assets/js/js.min.js?ver=2.0.16","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/themes/appyn/assets/js/js.min.js?ver=2.0.16 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4751\r\netag: \"482d-67e3f0ac-114499a;br\"\r\nlast-modified: Wed, 26 Mar 2025 12:18:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YJVN1Foey25UULdewGwXHM1ZaDFbAt4UyDtklVBBtq%2F%2BJ30m4ei3484IplOctwHgFlnEc8Ts58yS7GJ%2FxHfzzk5Ec5401ipx\"}]}\r\ncf-ray: 989fe8d51ff60b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":18477,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (18477), with no line terminators","md5":"365e9b05833812b7dcae26373fbaaefe","sha1":"dc216bf08943509e97641b708936c79d91abee47","sha256":"1a05fb8f2bc2978462c1d617ddcfe8de898c379a13a7a49171834a3cdf77b1db","sha512":"3a45c0bd09bbffd723948c7a457f6b7d0f356eb7280b788493c3fef186b2fef8224c3e24721578f3917436df47b8fe87a424525b089e6b21e23ae2f2e77bdbd3","ssdeep":"384:Yvf4xzL1bFFPWuGcEIEOqcxx3anCMzMLgfyLOd6aaBM/euL5nwEjhpyonUiwFzIp:YvANj1WuuZSFk5nwEjhpyonDczKPd","tlshash":"6782b718321864bd45bf177d211f920672391d3acb06984674bec4799fbed8a02f6f2e","first_seen":"2024-05-24T09:39:22Z","last_seen":"2026-04-03T08:48:35.539959Z","times_seen":358,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/10/pobg.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/pobg.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 25012\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 07 Sep 2025 23:06:18 GMT\r\netag: \"61b4-67147942-1144dfc;;;\"\r\nlast-modified: Sun, 20 Oct 2024 03:30:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 446365\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5r0ZH%2B6PT%2FQ9xRpgzUPCZ%2BRjgXKcfofHTvRTmTWpE%2F8ukqQw23FZOiPMIegPQsUyx7XdratVVa3ITLCds9gshDDuV9oAZkB5\"}]}\r\ncf-ray: 989fe8d52ffe0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25012,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 80, 8-bit colormap, non-interlaced","md5":"f440ab4f238321494e2861745903ad05","sha1":"a43b11be283202b1d3522d7bde7b4f0f453099e7","sha256":"e6236ea7f02ea43be9886fd7a53ed142423a753ca305d9cdc20f800eb20f4121","sha512":"c2d555d9cd4d678e66118d8b24a9221139e43657e75ee26756d8f03b1577c04231581c9885b92ff085345b088dbacd2b698e069f6f081bafa45cc2dbf8035de0","ssdeep":"384:OgqbqkE6aK9HdC8TUZjcGwD9OJSwB2sEOu4c0YbsB2ZRC7k:OgqGiGoA9wDwHwsE4hYbsB24Y","tlshash":"32b2e1c0d52a5c6e2386eb41574aa4ac97d92cfb408116629809f02db173bdeb7fd9a0","first_seen":"2025-10-05T21:11:43.350771Z","last_seen":"2025-10-05T21:11:43.350771Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2023/11/cropped-xham-1-75x75.webp","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2023/11/cropped-xham-1-75x75.webp HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1190\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 10 Oct 2025 12:56:13 GMT\r\netag: \"4a6-67e3faff-11409be;;;\"\r\nlast-modified: Wed, 26 Mar 2025 13:02:55 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 202492\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=muQWAGVVh0occlwLMOmK%2FvnfAAWcLFonHvUO2xx1dmWp3ejNg9AdWJMKuPcZic2WJC01v1ZEDbISwWeEgM%2FfyvLObAXkpa4C\"}]}\r\ncf-ray: 989fe8d638bb0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1190,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"750df68560bd9dcc210d441ed0128d07","sha1":"263a0d93c69439abbbe8949e132ca4272aad6c12","sha256":"39509c8b3860192af6f1ed96e5c9fb9fb02d96687c3c13f29a9cbe44eb0452ea","sha512":"02c252535e2982b88912d23a5a293d166aa2b47f6f1718a63ea76fdc3c183d103b913c7cc02695851016a030e15d564dd6b7dc937611ce1e313559b48841785a","ssdeep":"","tlshash":"0d21d7ec85d11dd68c8734eb6a6555029c60ca0109daecbf068f38d1a3ff2c23b2b434","first_seen":"2025-10-05T21:11:43.353249Z","last_seen":"2025-10-05T21:11:43.353249Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"site-assets.fontawesome.com/releases/v6.4.2/webfonts/fa-solid-900.woff2","fqdn":"site-assets.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 21:04:01 GMT","end":"Fri, 21 Nov 2025 22:03:57 GMT"},"fingerprint":{"sha1":"CC:FF:C9:AB:7D:4F:0E:BD:2F:0D:51:59:D6:60:F9:CD:7D:68:E5:4B","sha256":"EF:79:B2:3F:26:48:FD:84:D5:42:BF:1E:35:73:D2:4A:8A:DB:54:C5:37:B0:F6:75:31:FE:6A:BC:D5:8A:F4:C2"}}},"request":{"raw":"GET /releases/v6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: site-assets.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 327824\r\ncf-ray: 989fe8d7489a8deb-OSL\r\nx-amz-id-2: CMxmQRXLXRexo8XFlQQgnSZ5u9Vup9tw9bTAfLPME0fidJj3qXVlok3GHfZdjF3e+qMnONFqslo=\r\nx-amz-request-id: XN7K65GRW4PTN2SH\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nlast-modified: Tue, 01 Aug 2023 19:22:32 GMT\r\netag: \"e0f1f10202002bf91422fd3768c2d744\"\r\nx-amz-server-side-encryption: AES256\r\ncf-cache-status: HIT\r\nexpires: Mon, 05 Oct 2026 21:11:06 GMT\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":327824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 327824, version 772.1280","md5":"e0f1f10202002bf91422fd3768c2d744","sha1":"ec47d73d219d2adb2971f85450fd1824d38a2db3","sha256":"bdb9ca4674e16a180ad38ba1b55ea1224a38677e604f5c5e560b85194970b85a","sha512":"5b0830861447d3e25d58cbd3fc65155ecaf6624b6cfc5aa5fb9115330681f3bf141ab2e749226924dfea45df7abaee3a899965c581a9a9b8f0c4fd5a4857612f","ssdeep":"6144:4lcIeP9PVXx3aB+DC6C218KicG3gnhCkUR5zv/Jh4rYP7tHz:46H9t11C6R2K/WgnhCkUL/bIgtHz","tlshash":"5664235bfbd2cb35b542ffe4a4bbd479f80a41391ac310ee82666be6ed125d0c1a104d","first_seen":"2023-08-15T13:44:57Z","last_seen":"2026-04-05T10:17:18.298197Z","times_seen":3220,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":28,"dns":16,"connect":2,"send":0,"wait":65,"receive":5,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 514\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"105e017845072f56df622ed51ff912aa","sha1":"b7e3f278880881caf8bc62e944b9def0d39268a7","sha256":"a3a830dd895941d24a5422b6f16524fa3fbb3e68ffe818902a59f3fbd4bf450d","sha512":"1dbca7c267b68a205ddae8252c1e0d5a94bfaf5ef8dd9b217b2ed95f3cce923dac86321f99a5c6e39068cb7d878d25babe2c9a4e88f74b9d4e2ed178b26d0074","ssdeep":"","tlshash":"85a01240c04c88700585893d6095ac2009fd04334d01107a580c6d244821400c11d051","first_seen":"2025-10-05T21:11:43.335829Z","last_seen":"2025-10-05T21:11:43.335829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-05T21:11:05.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /xxxtiktok/ HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-dns-prefetch-control: on\r\nx-pingback: https://xxxtik.app/xmlrpc.php\r\nlink: \u003chttps://xxxtik.app/?p=3302\u003e; rel=shortlink\r\nvary: Accept-Encoding\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B3EcMYSJDIRKSzz9wuAHF3gBxm0JnBLArWMoeDC0XTLbNVFz4ZdZQUJGz%2F%2B2e22struCy6c6YcXpHo%2FMYANLA3sHM6rOHdRZ\"}]}\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=9,cfOrigin;dur=84\r\ncontent-encoding: br\r\ncf-ray: 989fe8d1de040b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":212088,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (29466), with CR, LF line terminators","md5":"1adcc8c526bf395730a84cd1460cd7e9","sha1":"e9e70f8a77323acf7e0a0c1fe4095df3cfbadbc7","sha256":"e1d1668a18888628c1fc6fe181add154a05f41d507f9fad6ce68bf074bbf8960","sha512":"8da2c69c5755e5d993897129402d8a51880f07089ea7475206899d3881a5b7f5b99d97b5375ee81159587d1d0369f96a3761b23cd3b2de80560855adacc543c0","ssdeep":"6144:4NScX11iQg5MG7x+qehvP0x2pck2lATHgKc7OawZv:RcX11iQg5MG7x+qehvP0x2pck2lDFOJ9","tlshash":"dc24d66113b59cfa35bb97791d4ea308a503a901ca0a47e7f1b9d19863cce9509f3b0f","first_seen":"2025-10-05T21:11:43.356742Z","last_seen":"2025-10-05T21:11:43.356742Z","times_seen":1,"resource_available":false,"data":null}},"time_used":467,"timings":{"blocked":169,"dns":0,"connect":3,"send":0,"wait":129,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/themes/appyn/images/googleplay.svg","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/themes/appyn/images/googleplay.svg HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 996\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 07 Oct 2025 17:11:40 GMT\r\netag: \"8c5-67e3f0ac-1144961;br\"\r\nlast-modified: Wed, 26 Mar 2025 12:18:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 446365\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BBxMLatznTbmXbAHTS1PLemMPZC3tOIMnyFTJ5b036pMZLC%2FtOT%2BhqJg7y0V4OhY53n9VlDHK2gRcPMgnyFaBw3eBlU%2BZE8x\"}]}\r\ncf-ray: 989fe8d528060b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2245,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aedd43698fbcc7c5a7c9716f157f9794","sha1":"d4096fa97b7675c07eb7c5fbeffd2aac3a64a38f","sha256":"de5264e385e90cc7111e0f46842c7e8051e64432f2063773cfbead4fda34acb8","sha512":"9ae8f72b46b30e5eb5102dfe96c8cf03ec4b54e070201ed0dbb9622721c2788b340ae9bd2ae61f984a69e8980c78863481ab181545b37818ddd502752a4f6147","ssdeep":"","tlshash":"2a41fbf2a68d559c64534e68cf3794712b2fa0bcba5683e8d91cc3b36407ea0d1c385e","first_seen":"2023-07-06T03:38:12Z","last_seen":"2026-04-04T21:47:03.704599Z","times_seen":156,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/fea486d6d0266ce99a9eb3e076eb95b6.js?ver=b95b6","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/js/fea486d6d0266ce99a9eb3e076eb95b6.js?ver=b95b6 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 624\r\netag: \"516-68e2de64-11619fe;br\"\r\nlast-modified: Sun, 05 Oct 2025 21:08:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0s6JpqtO66fdbUdK231WjcmVPHCKueimJeh4iteQ6eqQOVkAkk2Wci243TNjHrW8TdjxPkYj13ykZ2pzggtbYUMYWLyNPpqQ\"}]}\r\ncf-ray: 989fe8d5280b0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1302,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1266)","md5":"15792581f31dee88d409d3eb2b5abead","sha1":"1a0d2ce250cb02f967f270cbfc59f42635101031","sha256":"16ef50bdb0d7538724ecc479c695071ad4ca317177b056ece0c61f35c47bd663","sha512":"998d47ef249e17dd974016bdb6d605f259dd0252a12e8b8240fed19fa5548d3e956ba7076b435712394d9f5e1fd5df23d4e50dcaf4bb441d0379b98cbf0db854","ssdeep":"","tlshash":"f72120987089b815522b9a35677f109bb078eb55d09c40a9c3d1e4e03f708820d72ef9","first_seen":"2024-03-19T09:12:37Z","last_seen":"2026-03-31T08:58:48.821756Z","times_seen":46,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/themes/appyn/images/star.svg","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/themes/appyn/images/star.svg HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/wp-content/litespeed/css/e969387914a98f4c06dfcccd712b79ff.css?ver=b79ff\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 295\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 12 Oct 2025 21:11:05 GMT\r\netag: \"1d9-67e3f0ac-1144953;br\"\r\nlast-modified: Wed, 26 Mar 2025 12:18:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vk6U2xVmyHNFaJXZHmE0OwEt0pFNvCobOSI7MG%2BWxDoqQYLZf8rQIye0Hy%2BIGfCRfywlDbH%2BbWglCwBn0KFoFVbXjZsj8B0Q\"}]}\r\ncf-ray: 989fe8d5f8920b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":473,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"53e1150db597cdd6a7e8a5a1d4799be2","sha1":"8e5c715a984739f139741a95d582ec901d553657","sha256":"6c6da64434dad25531048fc79e39791166ec3d3413593b9718622ff95eff9db4","sha512":"6cfc89d4abe8407e203f994ea13bf997e479b006942c6c2ac0132f24cbb69005dd8f8c814a8fe8df67e13bfd44b6f4a5d94321fffd6965e8060306b537172a04","ssdeep":"","tlshash":"02f0dc1a430e0d709e4283b13e7cb0b8fc8784de38ec0794c50380122040aa120e3dc9","first_seen":"2023-07-03T15:48:11Z","last_seen":"2026-04-04T05:00:15.746713Z","times_seen":406,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/3bT/27mJf/universal.min.js?v=3.1.635","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /3bT/27mJf/universal.min.js?v=3.1.635 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Sep 2025 13:19:37 GMT\r\netag: W/\"68d14ce9-108f9\"\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67833,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ec5363d2aa786937f4ef8b30764c9434","sha1":"20a8adaeb0cef2a2f630663865c9dc8e56c711a6","sha256":"ce6c17b349437cee7eba6e43333fb1c890154dfa7e1d440d74aca2841b886bee","sha512":"b7b3f6e2c68bec695fa65d1d561f3cc6bc36680c7f9f0c7705bf4322471cde1ba058d1b2bd9ee8d4696f86433cc8a93c4ae7c0a9c9e543ac6633a527e0915b88","ssdeep":"1536:sOVx6o6wlnWDMN4B7enuRY5+0LWyLe8bODjprn:sOVv6Knwu+eWyFyhz","tlshash":"7e63c7523e72ec5413e6a7c3d01fa256e7618540b86bf890a54ed5e204210e9cbeffe3","first_seen":"2025-09-22T16:48:47.201885Z","last_seen":"2025-10-31T08:17:13.379525Z","times_seen":195,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":92,"dns":0,"connect":30,"send":0,"wait":29,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"video.cleansasve.com/offer.php?sub=48188\u0026tag=4414273","fqdn":"video.cleansasve.com","domain":"cleansasve.com","tld":"com"},"ip":{"addr":"104.21.84.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cleansasve.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Sep 2025 14:32:14 GMT","end":"Sun, 28 Dec 2025 15:30:57 GMT"},"fingerprint":{"sha1":"71:C0:F3:F2:3A:D0:DF:61:16:E0:BE:6C:9F:E8:57:0D:B6:CD:36:5F","sha256":"34:A0:F0:88:17:B6:D4:4F:FB:2B:73:31:24:2B:D2:F1:C0:53:0B:23:26:5A:E1:D1:CB:66:98:B0:F7:2A:9F:D1"}}},"request":{"raw":"GET /offer.php?sub=48188\u0026tag=4414273 HTTP/1.1\r\nHost: video.cleansasve.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-type: text/xml;charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: PHP/7.4.33, PleskLin\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-credentials: true\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: https://xxxtik.app\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jXpo6w9dKqPg5HQKh6WLkdcnbg5yWpvKnOKKG2jmqzKNs1KLG6s1NXOrOoLxkwT5DeVZXPV2G2D0OJpJnDJrmU1TscW3AAd4CX1EZusZhb64KDaV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 989fe8fbfd0e0daa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":16,"dns":5,"connect":2,"send":0,"wait":54,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"video.cleansasve.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/css/f605f42da6520e676a2555218430d178.css?ver=0d178","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/css/f605f42da6520e676a2555218430d178.css?ver=0d178 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 226\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 12 Oct 2025 09:34:03 GMT\r\netag: \"2b2-68e23a5e-11619f6;br\"\r\nlast-modified: Sun, 05 Oct 2025 09:29:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 41821\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U7T%2Bsh0clw%2BPkCUtRpRmeqMxz3CoqEJyq9U6y5Gb2Wc%2BagHFc2dEguu58d7vWOHNUx4L65lxQCwp8jB7Ig2fBsW3O9wH1rkD\"}]}\r\ncf-ray: 989fe8d52fff0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":690,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (690), with no line terminators","md5":"0db0e66fb34c26f2046ba274e16759a4","sha1":"f627181d74aee475d64b0f556f29255f496cbfaf","sha256":"9df2df7e8116ac6c6545535b1153e7404005fc786f3dedc0fc6378efac3fbb75","sha512":"3ca06844589751e8d68c10388d30ae29fa25f9e973683310c721f82aff70d7ca9015eb2169b29b095434e1230b25d766d2e6922dd35d75133d3d9de631ad9b16","ssdeep":"","tlshash":"4601c213f5c81165a8578658a657bbfd5e3ef4d693050e39fa01f33087815db2ca1a43","first_seen":"2024-07-24T10:38:00Z","last_seen":"2026-04-05T01:47:23.72865Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"site-assets.fontawesome.com/releases/v6.4.2/webfonts/fa-brands-400.woff2","fqdn":"site-assets.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 21:04:01 GMT","end":"Fri, 21 Nov 2025 22:03:57 GMT"},"fingerprint":{"sha1":"CC:FF:C9:AB:7D:4F:0E:BD:2F:0D:51:59:D6:60:F9:CD:7D:68:E5:4B","sha256":"EF:79:B2:3F:26:48:FD:84:D5:42:BF:1E:35:73:D2:4A:8A:DB:54:C5:37:B0:F6:75:31:FE:6A:BC:D5:8A:F4:C2"}}},"request":{"raw":"GET /releases/v6.4.2/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: site-assets.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 110932\r\ncf-ray: 989fe8d7489c8deb-OSL\r\nx-amz-id-2: z5oEdSXGdqVIII1g7zEsQvUYHXE9GS3r4JXmOYXkA0xswYv0gimv6Ozr+a5WSmILLFgS63fu52c=\r\nx-amz-request-id: M3BQ05RX5Z60A8JK\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nlast-modified: Tue, 01 Aug 2023 19:22:32 GMT\r\netag: \"f022fca674f561d3f3f9f187a7fa3222\"\r\nx-amz-server-side-encryption: AES256\r\ncf-cache-status: HIT\r\nexpires: Mon, 05 Oct 2026 21:11:06 GMT\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":110932,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 110932, version 772.1280","md5":"f022fca674f561d3f3f9f187a7fa3222","sha1":"9dc6a6750e7d1b22fe3ae3fab7bd13ed1452915f","sha256":"063b9237e402c98dfb77a66e5de0d02d953640fc8fe44911808c2fdcb80df26e","sha512":"07f73990f6eab6f5fb92ebed9f3478e4be91a9160a3786d681b5e967951d8d586a341aeca58587479c0368048522422e4a9dac0c763d4610ed8285d5d305eec2","ssdeep":"3072:82PWC7zr1vmK5RbyGh4vlpvQKxMS7PpZW:8eLr4Kfh4vlvZ7e","tlshash":"28b302c263dc392b93726515a0f47d0faad090c8e96a7920d254ecba535fd3ced84f86","first_seen":"2023-08-09T11:09:21Z","last_seen":"2026-04-05T11:11:08.484373Z","times_seen":2516,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":22,"dns":8,"connect":3,"send":0,"wait":59,"receive":2,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9977713","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"172.67.163.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eehassoosostoa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 09:21:15 GMT","end":"Tue, 09 Dec 2025 09:56:36 GMT"},"fingerprint":{"sha1":"95:C2:F6:38:8F:A7:49:59:0D:33:06:36:19:4A:07:F9:D2:5C:EB:5B","sha256":"DE:42:1B:84:C6:7F:C7:85:F8:36:47:67:DC:45:47:57:51:96:BC:BD:C4:DF:A0:70:21:86:B6:D6:72:91:2F:54"}}},"request":{"raw":"GET /401/9977713 HTTP/1.1\r\nHost: eehassoosostoa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yLovn3MDn711KmqlsRhCbCZ%2BOYh9hem2TrB%2F56hsztlfa2Bo4ctd3ewALe8nvhdbTsKJ9Iyp2wmk3QZ3wQv3mK2ftfLbt33kCweWXZRc2FI%3D\"}]}\r\ncf-ray: 989fe8e23f55b505-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":168170,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e2f502d56d1012a6c8f9f45996d9272a","sha1":"509e89091d9e581c4070ec7e61ae9a8dac65fe00","sha256":"cadd957ca3445b54783a660ad627095435abb32ecea082a37cda6c24a1c8b73c","sha512":"afcb3b616e42343552aa10c51775fc0c87b89d634a8bdc333fc4de8293676141847d6d0871bc1c623e9c7d495f8f169a5b2e574b22e062c276800a767168c483","ssdeep":"3072:kPGS7PMIPGWK8/UFoNWV3IZNo8y0YZy6/rp9T37ccqe//SJWN8i/:QhPMIPGWKKeoN44ZNo8y0h6/rp9T3hk0","tlshash":"3af3d59c329170dd1b76a421263b9e9eb52fd9d0ac8ec551e05af0fc7e3401a83a3ed5","first_seen":"2025-10-03T13:38:24.449553Z","last_seen":"2025-10-06T10:54:10.557209Z","times_seen":11,"resource_available":true,"data":null}},"time_used":1793,"timings":{"blocked":-1,"dns":1550,"connect":3,"send":0,"wait":75,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"subportgommier.top/gd/86551?md=eyJhIjo3NDM4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly94eHh0aWsuYXBwL3h4eHRpa3Rvay8iLCJoIjo2MTgzLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5Njk4LCJrIjowLCJ1IjoiNjc1YzE2ZjJjZjI0YzE2MTNmNGVjZCIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJ0NTI5YTR5aGkwYzZnM2IiLCJvIjp0cnVlLCJtIjoxNzU5Njk4NjY3MjE4LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjJYeHhUaWtUb2slMjBBcHAlMjB2MS45LjIlMjAtJTIwRG93bmxvYWQlMjAyMDI1JTIwQW5kcm9pZCUyMEFQSyUyQyUyMCUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhcHBzJTNBOCUyMiUyQyUyMmFwayUzQTYlMjIlMkMlMjJhcHAlM0E2JTIyJTJDJTIyeW91JTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026fc=t9wMwocZTHuXqxiYm-dIgA\u0026pr=R3nHriyal2GUy9BtmUAT1w","fqdn":"subportgommier.top","domain":"subportgommier.top","tld":"top"},"ip":{"addr":"23.83.67.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:07.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"subportgommier.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 22:40:50 GMT","end":"Sat, 27 Dec 2025 22:40:49 GMT"},"fingerprint":{"sha1":"5E:5B:72:4C:74:08:11:65:CF:2F:D4:FC:AC:AA:B6:F2:85:61:A9:F7","sha256":"F1:5A:1C:C6:B5:BD:6B:46:A8:21:66:4A:A9:23:0C:25:10:34:6B:8B:63:40:E8:CF:11:10:35:A8:76:44:22:A7"}}},"request":{"raw":"OPTIONS /gd/86551?md=eyJhIjo3NDM4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly94eHh0aWsuYXBwL3h4eHRpa3Rvay8iLCJoIjo2MTgzLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5Njk4LCJrIjowLCJ1IjoiNjc1YzE2ZjJjZjI0YzE2MTNmNGVjZCIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJ0NTI5YTR5aGkwYzZnM2IiLCJvIjp0cnVlLCJtIjoxNzU5Njk4NjY3MjE4LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjJYeHhUaWtUb2slMjBBcHAlMjB2MS45LjIlMjAtJTIwRG93bmxvYWQlMjAyMDI1JTIwQW5kcm9pZCUyMEFQSyUyQyUyMCUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhcHBzJTNBOCUyMiUyQyUyMmFwayUzQTYlMjIlMkMlMjJhcHAlM0E2JTIyJTJDJTIyeW91JTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026fc=t9wMwocZTHuXqxiYm-dIgA\u0026pr=R3nHriyal2GUy9BtmUAT1w HTTP/1.1\r\nHost: subportgommier.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-04-02T19:45:08.476061Z","times_seen":1524,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":0,"dns":4,"connect":22,"send":0,"wait":23,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/RViNBCjiXGchHhIPEksFqOAF59wicDqJp4lLLqe74VhII1pw-r7K9YloJcyBEzwhDSTNwUXf79BZVSExKMSqfR7GNAV29Rkw6jjfHLU2VikcXHj00xOvTDh-3k5LsDl1uqjSDiArvNnoC439hv5OU0_v3O63GNRW96k-1E3qbetszJc9-CViJpzAVuMhcH7UAaLMqQNsS-BTWdbmbET9ooPcOPHDGExXQGTZw7e_IBFN_if6fk9sRM3rv3tcmyDYH0dMn6vISYxs0HjNp_zS5jhXLeT3uEFo1d6PxVOKZQX5gp9eaHXe0MhFGckKqA6ulDru701BikdR8ihcbxRQuoEmDGl3jam_cA7bRcBqswsvxyHOpbI_ZxN7Rtwk0LQLnI0jjo0R9GaUpO-cgv5IgWZCiCN4_e3QTeoU-GTSASFx1Y6834vgYQA5LqWCjkyHIZherL6UIeNFwdD5LbFPOJUynZJoK300xmJLN0QFVwm0MXQaf1W1Nf5zU-fYUxoI8vwmd5CxQ35PtU2_utQ3w8iYarETod3W0J8h9iv447RrzNc2f_I17f9s4ZirLFFOW-oQYwOjZY5toqx2QKfjIEWmhaYKs7llKg7F7npKope7aWN55lef-VAiFhAWicEA2AHZlVJ6o-cuKXRdTQ-bRW_-L4R7wphrknCZZsawNUI-L0OYuai-ykcYjygBXVSOXK4bjKcO-Ca0oZVB19BaMzNgo6A7E885gCP3Lk1p2LyjzXz-xo1jcAEavywwMe1gESV-e5cxBnRqBiq5-5WD3HfdDfQay36JI8pfXrDNNrInrt8eRHQyvQuPvihrf7CQNvpVM7R1BAoxpn5kx9X4JFAPmisDJGcjWgZc-w==?_z=9977712\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:13.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/RViNBCjiXGchHhIPEksFqOAF59wicDqJp4lLLqe74VhII1pw-r7K9YloJcyBEzwhDSTNwUXf79BZVSExKMSqfR7GNAV29Rkw6jjfHLU2VikcXHj00xOvTDh-3k5LsDl1uqjSDiArvNnoC439hv5OU0_v3O63GNRW96k-1E3qbetszJc9-CViJpzAVuMhcH7UAaLMqQNsS-BTWdbmbET9ooPcOPHDGExXQGTZw7e_IBFN_if6fk9sRM3rv3tcmyDYH0dMn6vISYxs0HjNp_zS5jhXLeT3uEFo1d6PxVOKZQX5gp9eaHXe0MhFGckKqA6ulDru701BikdR8ihcbxRQuoEmDGl3jam_cA7bRcBqswsvxyHOpbI_ZxN7Rtwk0LQLnI0jjo0R9GaUpO-cgv5IgWZCiCN4_e3QTeoU-GTSASFx1Y6834vgYQA5LqWCjkyHIZherL6UIeNFwdD5LbFPOJUynZJoK300xmJLN0QFVwm0MXQaf1W1Nf5zU-fYUxoI8vwmd5CxQ35PtU2_utQ3w8iYarETod3W0J8h9iv447RrzNc2f_I17f9s4ZirLFFOW-oQYwOjZY5toqx2QKfjIEWmhaYKs7llKg7F7npKope7aWN55lef-VAiFhAWicEA2AHZlVJ6o-cuKXRdTQ-bRW_-L4R7wphrknCZZsawNUI-L0OYuai-ykcYjygBXVSOXK4bjKcO-Ca0oZVB19BaMzNgo6A7E885gCP3Lk1p2LyjzXz-xo1jcAEavywwMe1gESV-e5cxBnRqBiq5-5WD3HfdDfQay36JI8pfXrDNNrInrt8eRHQyvQuPvihrf7CQNvpVM7R1BAoxpn5kx9X4JFAPmisDJGcjWgZc-w==?_z=9977712\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: d635196843db20015f10e457d7f0a088\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T11:51:31.810394Z","times_seen":96483,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/impression/PuzfshlPhOVWNAXeZPhOM5o7UZrlJXAiDE_2yJox52dRsKeWRhZsv6PsmoKVqlejdBPAZz97I1KcI2Loog3ffjnNcr0q_Gt9lYyX-DMsE1hiKHwpIPxqxoYKE3uFgJh3qEHRb7-N5J97fODoMrjDEXDljOQLQFd6zPYpe5gMSMQtphqDtFnI4R03q6je0aRfZ6FdEyO_kd75vHlUe9lOZmC3aQ-IymAt-vl5VG6IvTfXdY6mUZ--BVeaghC7MF0gKO9zGNHLqZXnWzBQ7TmVNP4ZxyXexGrpZ6_oi6s1ZVoRaF5vhlVCYADVEmsIjuYRGZGWDU3w8IqIwe5QWEqD2aZ6esZwlWzInZt2Gok3XxicHe8Uz_auJOejp3vjrck_-TfX5hAOkQ9n5tSKCkY86xEv5BM9y1D9Y7ouLjNx1MfP0pOcGgx1DYUnUxegCbTy6yW6UlMF3rIWVwhB_bLQ2Szi_kN2-zI-lBlNN-SXsmrt4BD9oImSRKpnWUi2Rc9vSj2P_Npy4zBPZ2ixeE99OSwLePpx6uc3FFRt_nbTpXXjhi8eKITc4R9nQHv1Zny2FkkaFAiNH_XU7_phGsKwXC3ZfRfFu1vnO5PAYo1p8NMYZj-Hqy7_rOM-5hQ1ue45tBCMjjdQ7J_w7Dj8w_Wd2Bj4-I8N-aXiMSHlpegTe3dqhqORgSpH_0h3_L216XXIvM0dN1PxqFzKMidBIW5JANUXrfVAgQoNC6Zlve0zxE2SHUGHxnCcZPRPnpZfWaMLqhSr8y2iswq-erVkkpZznW4uYTIdFFzO3hcdsl13Ks0oyx9Mr49HdxTvBG1NXTZaRaZoulWRRZh6dhZkbrtdjpaIN0DCnjxcuKO-5w==?_z=9977714\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:16.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"GET /impression/PuzfshlPhOVWNAXeZPhOM5o7UZrlJXAiDE_2yJox52dRsKeWRhZsv6PsmoKVqlejdBPAZz97I1KcI2Loog3ffjnNcr0q_Gt9lYyX-DMsE1hiKHwpIPxqxoYKE3uFgJh3qEHRb7-N5J97fODoMrjDEXDljOQLQFd6zPYpe5gMSMQtphqDtFnI4R03q6je0aRfZ6FdEyO_kd75vHlUe9lOZmC3aQ-IymAt-vl5VG6IvTfXdY6mUZ--BVeaghC7MF0gKO9zGNHLqZXnWzBQ7TmVNP4ZxyXexGrpZ6_oi6s1ZVoRaF5vhlVCYADVEmsIjuYRGZGWDU3w8IqIwe5QWEqD2aZ6esZwlWzInZt2Gok3XxicHe8Uz_auJOejp3vjrck_-TfX5hAOkQ9n5tSKCkY86xEv5BM9y1D9Y7ouLjNx1MfP0pOcGgx1DYUnUxegCbTy6yW6UlMF3rIWVwhB_bLQ2Szi_kN2-zI-lBlNN-SXsmrt4BD9oImSRKpnWUi2Rc9vSj2P_Npy4zBPZ2ixeE99OSwLePpx6uc3FFRt_nbTpXXjhi8eKITc4R9nQHv1Zny2FkkaFAiNH_XU7_phGsKwXC3ZfRfFu1vnO5PAYo1p8NMYZj-Hqy7_rOM-5hQ1ue45tBCMjjdQ7J_w7Dj8w_Wd2Bj4-I8N-aXiMSHlpegTe3dqhqORgSpH_0h3_L216XXIvM0dN1PxqFzKMidBIW5JANUXrfVAgQoNC6Zlve0zxE2SHUGHxnCcZPRPnpZfWaMLqhSr8y2iswq-erVkkpZznW4uYTIdFFzO3hcdsl13Ks0oyx9Mr49HdxTvBG1NXTZaRaZoulWRRZh6dhZkbrtdjpaIN0DCnjxcuKO-5w==?_z=9977714\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: 99da32c08f1799997f13da92f12de969\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T11:51:31.810394Z","times_seen":96483,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/zone?pub=0\u0026zone_id=9977715\u0026is_mobile=false\u0026domain=xxxtik.app\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.635\u0026drf=","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /zone?pub=0\u0026zone_id=9977715\u0026is_mobile=false\u0026domain=xxxtik.app\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.635\u0026drf= HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 518\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":518,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"dfdaf869eb4f63365b750df95854df47","sha1":"a73d96ed19fb770e5b7cf4e88065469c011fbd8e","sha256":"69fb4436e37f5562a6f530b53b21ae233cef92de6dbe061e97a3a225f826f920","sha512":"6ab0571753cdb758dfb9d0c1473e1068ef798e2acc6443eefa6a3bf5ca3ac656955d2a011b939e291ffda44dbe3c7177cd0bbb36d39e3688f53b21510f89bec5","ssdeep":"","tlshash":"6ef0c03876a0fe394e591acc71a4f4820dfc943135a8544be9dd162404c3f8d704666d","first_seen":"2025-10-05T21:11:43.369354Z","last_seen":"2025-10-05T21:11:43.369354Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:13.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 21:11:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 16893\r\nlast-modified: Mon, 17 Mar 2025 02:12:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d78504-41fd\"\r\nexpires: Mon, 06 Oct 2025 05:30:16 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 56456\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oYMy4EcRhqOHIIkFq6Mdx1c8NG3dSiKfM2Pqy0L6dvj3WxJxZcoJ7VliKIiS%2FAwniqggi7jC4AqFSi1X0P5AGsoIAEb6WfOSKWEbTkONBQ%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989fe904dec256c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"31f5bb5f43a7bd2800c6724e3a4125d2","sha1":"bc1bcd6aa31ac91dd34359c2fbbcaefb3e15c875","sha256":"e5dd86d52381d2bff5f1b74d3923443d3d95ced64048662307ed3ec2d52eb61b","sha512":"472e23766bb20f680ab31d5c358d9555ce56596444072978dd6340ca5e918aedcf1985a811c7f3f41b72bb15ce3df8ca98a2fddb5ec9a1eeb5f30d586fc7c23e","ssdeep":"384:wDIuIpXyvlnQ8HrcT30rRp8Rp6g9TzBtnL1Ti7DpHQ9:wsHyvBXHrQxF93By7DhQ9","tlshash":"0572c06f0a4a5703999d1c0d1eab7c9d667a425f007c2e6b23239c5cf94a36f6042df5","first_seen":"2025-03-17T02:19:44.486682Z","last_seen":"2025-11-29T07:50:01.235056Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/themes/appyn/assets/css/font-awesome-6.4.2.min.css","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/themes/appyn/assets/css/font-awesome-6.4.2.min.css HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 21734\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 18:20:29 GMT\r\netag: \"19320-67e3f0ac-114499c;br\"\r\nlast-modified: Wed, 26 Mar 2025 12:18:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 267319\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y%2BzGSg%2BqKNZG7cSARU0%2F%2FOQTdyzY6syzXYB5tj2%2FV4GpOdHLb3BTcgBE5RRFm7H3GNFZZzip0F2vpcPjBAB1qRbE1O4Srdem\"}]}\r\ncf-ray: 989fe8d5e8760b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103200,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (52275)","md5":"557f11347724e1e5ac42a6db94b1a167","sha1":"85b2f792677ea5adb32d9c92203250233672879e","sha256":"145d77ba59b89688a67cde4afbbceb186b4e53fe0a46740b63ba400965ba18c5","sha512":"adefcf50fa10d80c19208c7f5a87d0bbf4bc0ffd9d9d09eb056c32ba651f70dc389a48eff2f43949afb4c60403789b1fa334a351585d2d552fa7a3584b310a00","ssdeep":"1536:0UMCMPMCMjMCM4MCMwMCM3sVMx709gbPMfjSFOTyPGuEprrlCg:y709gMGFiyPGuEprlCg","tlshash":"f6a3b8f5e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c2ad26a822c6f7a","first_seen":"2023-10-31T19:49:19Z","last_seen":"2026-04-04T21:47:03.688785Z","times_seen":485,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/11/xfree-l-75x75.webp","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/11/xfree-l-75x75.webp HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/webp\r\ncontent-length: 756\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 10 Oct 2025 12:56:13 GMT\r\netag: \"2f4-67d6543b-1166963;;;\"\r\nlast-modified: Sun, 16 Mar 2025 04:31:55 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 202492\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EYA8ClPFFfdwQh0tLok%2BdjIfxiT%2FoIkXBiGTeqrlZt2V1cBbYD1YM6cEHcOoOPwumuzCaGhV6oM3Bi991awKEY%2B4xvWrAbGv\"}]}\r\ncf-ray: 989fe8d628b60b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":756,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 75x75, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5fbe80fdd5126e0ae9605ea22e053084","sha1":"d8a9d03af553fa1ded31de3f8e8383fcf781aa65","sha256":"51e300b209a0673d73e819512faf2b324f5ccbde93ddc2133762414aa0a933df","sha512":"1bbb93d2481656fcf09c1355bfe43e6bb3908895c525ff3a72ce20e4d02146722370e589c1ac59502e54dfc0ab5e8548adb2ed25ba2d3f570a96048ae3eb361c","ssdeep":"","tlshash":"0701ba83658b469e37c5091f303b416228911e11775532de082cb7e5d3f23753559948","first_seen":"2025-10-05T21:11:43.374314Z","last_seen":"2025-10-05T21:11:43.374314Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/88/175985","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"GET /88/175985 HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: application/json\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4094,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"472c4353bf9ab199e1d51f4608cfe9a4","sha1":"9163c1c45e8f28e54a505dbb4b78c5b56101b46e","sha256":"702a1b5b1ad93533f8dfd91428fbf98d4d348e8c1ba2087f6aa9f69647a1ad0a","sha512":"7d9fab84efa18e9de7e0f77bd05ae54def091c30581047b2f3825ddd52d3c6ef1877a915bac140053171964c5467b7458a8833ac9ebda0d85927e7a802161ec2","ssdeep":"","tlshash":"fa81d50fc58a2abfd50b05dfcc3a660307bc1e1a39c42889d5982e4d63db4d617b874b","first_seen":"2025-10-05T21:11:43.377343Z","last_seen":"2025-10-05T21:11:43.377343Z","times_seen":1,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":93,"dns":0,"connect":30,"send":0,"wait":37,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/10/favicon-300x300.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:09.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/favicon-300x300.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3; dom3ic8zudi28v8lr6fgphwffqoz0j6c=619eb20b-0c70-488e-9788-174c75b967c0%3A2%3A1; pp_main_d8faf53894cdd595b3c9b5230c862bcc=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:09 GMT\r\ncontent-type: image/png\r\ncontent-length: 18758\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 30 Sep 2025 10:55:58 GMT\r\netag: \"4946-6714b443-1144e1f;;;\"\r\nlast-modified: Sun, 20 Oct 2024 07:41:55 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 446367\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U%2FCOUnG%2B6lezMf8JXA7ZGfnNLovVqBREUcMO5feve31Td8XUj1DTOVOdgVZCt60RD%2Bp9Q3bn56P7X29COiWLTB1hS7WfleeR\"}]}\r\ncf-ray: 989fe8ea5d6b0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18758,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"a51363c709459e23ea9f7c58b0131147","sha1":"2490cf7cd6b318a93c4a78ee7dbcfccce2a3e5be","sha256":"97f339c29c2f1ae1a9e7db097aa1e15c67b7f26a7857a9c7c52719b181694d25","sha512":"93f077d891f46144da9925d742eb7f81e8747a02b26dc5118f6cd1237eeaa0ffd893be9b6e2ab4ba598b430d74e0876234db713beeeb30987e9054c290dd46a2","ssdeep":"384:pL0X25cwCl2mzoj0yC23EXN+E21k2nJ4CZxtIskQYEWJ1:hTcw85W0yP3E321XnSCZxxYEw1","tlshash":"f782c08f93dec4bd88e2a889ddad8da548213c155793497108c43b7f4d10bedaace5f8","first_seen":"2025-10-05T21:11:43.380312Z","last_seen":"2025-10-05T21:11:43.380312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/10/xvids-75x75.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/xvids-75x75.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 3633\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 04 Oct 2025 02:51:53 GMT\r\netag: \"e31-67067cb9-1144df7;;;\"\r\nlast-modified: Wed, 09 Oct 2024 12:53:13 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 134494\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B1vRrCyDMlVNkx3EOgWZJbu%2BV1U8bhTyRc7FtgtheOEZ7OVdeh88ytr%2Fy1nYG4YLBudzEhMWP0P1hoOf7dblUwCr33MXgi%2Bf\"}]}\r\ncf-ray: 989fe8d628ba0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3633,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"4498b81bdad7fd5ccd7ddd97a3d5eaea","sha1":"57e63feffa96f7bd11275e4f9339d1813a94b350","sha256":"1036b435c796e0c0a71acbcfa4cf83f7f575c14be7f11e4f002286771d803559","sha512":"1b28741fc8c90950d8838ca8e7d0a90cc9a11b7a012a603ac25107c29a3c81fbcb6cae3c6730b1f0ca687b9e7b4c6bbcf36ee7eb3d3eeb675cac228340e0d9d6","ssdeep":"","tlshash":"4d717eb11fcac5adc8f150d3425bc6ca5f602d5ac4fa4670348577b117387d352c2ea9","first_seen":"2025-10-05T21:11:43.383815Z","last_seen":"2025-10-05T21:11:43.383815Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/XZ0kcx8xJSVT6BBiV8CegTHvX6ytVwFTj77nhmGMwBazcABhcPzrJQ4meCmMqerAzUMvsuV-Of9jajcQX-LMNVbaA9iHX6TIqd0uqYRDOcPyTtOyDZgaqyRK3SN68GQYCG7WdXiUNHHM7hQSWDUnCJxguZmHaY8leOFjfpb6wS2Rab8BQTSeL3Li4veZ9_xD1hC4sTy764Bs3gkZSaFSGw4fcfr-unxfYk5myUpeDEq8BvYF5hAqM9pDcF3SPTjJn4aSIiJQe4QCpAXAQQ44VxqYyTgwO3PdARTjaWz-qNkLRQ3yFY2e8nBAN463KO5a7bNhV7HV9WTubKWXxp-dAN_ZeD-NMVcrquS0qsAV_UFSkoogzloHo4rgL9vwlH3NiQjJ72CxxiUXWQI56TkEu96rlyKR3b_86KYVXwdDVPhmjqfBIoiDElz41cVMsuRe5wWN570A_PPf0y2j6KGEwTcOanbjo8vDRo9Zre196QtbQE2R7juRviRZ7ffL_skl-I0KbU33E8D8PPqObh1KpzJJra_7rxRF2mqAGw2gM8moyfOCB1OLea8KL1k87KEMxmLG9cWgzSeknftid7lbUV-UNGQnd-T7We8C8_Z8RTbuus5D9UW9wrbCgSLkzthmWt4WDeOhcfcYbDi87TtEgWl6yfnwDhTW1Qc-i4gLMM0ZwT2eYxfDV9Mk_eR_u4Ag6eLkQTLEwaMAsCT6nDEJJs2LFa_pU-tt29Y8d6063_tElrk_dE3vgOWmLAuDi-NR6V7834RjdIc7732WiRkIHNB_WE3Is3J1G8JxYTNAFwb-n0PDxnkVHUAkCTb63BJaxHGEZ9A8kQ6cHrkQAwnJbDkcf50wOdxnAQFAnQ==?_z=9977712\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:16.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/XZ0kcx8xJSVT6BBiV8CegTHvX6ytVwFTj77nhmGMwBazcABhcPzrJQ4meCmMqerAzUMvsuV-Of9jajcQX-LMNVbaA9iHX6TIqd0uqYRDOcPyTtOyDZgaqyRK3SN68GQYCG7WdXiUNHHM7hQSWDUnCJxguZmHaY8leOFjfpb6wS2Rab8BQTSeL3Li4veZ9_xD1hC4sTy764Bs3gkZSaFSGw4fcfr-unxfYk5myUpeDEq8BvYF5hAqM9pDcF3SPTjJn4aSIiJQe4QCpAXAQQ44VxqYyTgwO3PdARTjaWz-qNkLRQ3yFY2e8nBAN463KO5a7bNhV7HV9WTubKWXxp-dAN_ZeD-NMVcrquS0qsAV_UFSkoogzloHo4rgL9vwlH3NiQjJ72CxxiUXWQI56TkEu96rlyKR3b_86KYVXwdDVPhmjqfBIoiDElz41cVMsuRe5wWN570A_PPf0y2j6KGEwTcOanbjo8vDRo9Zre196QtbQE2R7juRviRZ7ffL_skl-I0KbU33E8D8PPqObh1KpzJJra_7rxRF2mqAGw2gM8moyfOCB1OLea8KL1k87KEMxmLG9cWgzSeknftid7lbUV-UNGQnd-T7We8C8_Z8RTbuus5D9UW9wrbCgSLkzthmWt4WDeOhcfcYbDi87TtEgWl6yfnwDhTW1Qc-i4gLMM0ZwT2eYxfDV9Mk_eR_u4Ag6eLkQTLEwaMAsCT6nDEJJs2LFa_pU-tt29Y8d6063_tElrk_dE3vgOWmLAuDi-NR6V7834RjdIc7732WiRkIHNB_WE3Is3J1G8JxYTNAFwb-n0PDxnkVHUAkCTb63BJaxHGEZ9A8kQ6cHrkQAwnJbDkcf50wOdxnAQFAnQ==?_z=9977712\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: fc1bd04f7096a879e9d22546a5f8b4c1\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T11:51:31.810394Z","times_seen":96483,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/8ea6c388449430a685ff104acce9cdc9.js?ver=9cdc9","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/js/8ea6c388449430a685ff104acce9cdc9.js?ver=9cdc9 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 954\r\netag: \"e3b-68e2de64-1161a00;br\"\r\nlast-modified: Sun, 05 Oct 2025 21:08:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZqgRxhIVUrOsPRfKuisOQC0scl7kGGtk1TEwopjXBSaFfogyurZ93WH7z84pTr7ZZiPrfWWLaSVyCIsmbtd8pPvYXj6zj1s4\"}]}\r\ncf-ray: 989fe8d5280c0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3643,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (920)","md5":"486df47e677c91f5a08ca880fe531803","sha1":"cebce4aa053a751178b6ca3ec231489682ea390b","sha256":"c88e892d9dc8290c6f3be8232bc33956755377a8d5df8c8e381cf741ecc2cbf3","sha512":"a08ab4078ae42269052bdd8980c693115921db7fdcb3f3cc2caf1b4b51e6c628849b9c5708f81c586c71ca283c310a60ad6b38464219d029ca504f772d941721","ssdeep":"","tlshash":"f571bf1de468d4ce43aebe2eb77e7b5530228366aa3e798bc0b5805d09e0607d4521e3","first_seen":"2025-05-13T03:13:59.725457Z","last_seen":"2026-02-07T16:13:04.998605Z","times_seen":7,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protectioncleave.com/d8/fa/f5/d8faf53894cdd595b3c9b5230c862bcc.js","fqdn":"protectioncleave.com","domain":"protectioncleave.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protectioncleave.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 21:39:52 GMT","end":"Fri, 26 Dec 2025 21:39:51 GMT"},"fingerprint":{"sha1":"82:89:B0:AD:B2:C3:75:3D:34:00:6D:D2:97:3B:1B:97:E7:7E:01:AD","sha256":"2F:E4:32:3C:0A:8B:47:64:DC:82:77:D0:70:0C:18:6C:E1:78:17:31:EC:41:E0:0C:26:65:A6:27:10:A7:CD:A7"}}},"request":{"raw":"GET /d8/fa/f5/d8faf53894cdd595b3c9b5230c862bcc.js HTTP/1.1\r\nHost: protectioncleave.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 21:11:06 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 36235\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: protectioncleave.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9c09f652bbfe2467da3490b5d3611a94\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99668,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bbca87d95fa4f32aa06f665a0f87c47e","sha1":"2589aff25029346592c2546faf508a3489baf867","sha256":"6ea0561d81373f142765dd4ebce563a114301e9743ae91dc99a247e53d7520bb","sha512":"874759be6c41ea90a13b67881421dfe721eef08517f2f8aa08d77b5bb3262593ad408354f72c0699a077976a7b29ebbee6cc89b8ebfe273aca15ee32416e0c7d","ssdeep":"1536:2H99DdEttPZyh1K9MX2SjoZCibaH+k207gz5vQJQQPXIDYZZpZpNen:dMU4xek77gz5vQo","tlshash":"e7a3b7797f00f05f1756a073223f9216f1aa9f02015ce754f946fa582badf1be43aa18","first_seen":"2025-10-05T21:11:43.38971Z","last_seen":"2025-10-05T21:11:43.38971Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1742,"timings":{"blocked":849,"dns":786,"connect":20,"send":0,"wait":25,"receive":19,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/d.m_FEzFdGGHV-2JZKWL5M0_PO2PFQkRS-WTQU9VMWT_AYzZMaDbU-4dNeSfZgh_ZiHjZkzld-WnJoppZqD_0smtYuXvN-jxPyTzIAm_ZCXDZElFb-nHRIUJeKX_BMlNPOTPI-mRaS3TcU9_eWHXhY4Zd-GblcrdJeT_JgDhYiXjB-wlJmnnBoh_eqWr9s1td-Dv0wwxJyn_JAlBdCmDV-uFdGWHUI9_MKCLZMyNc-mPlQkRPST_UUxVMWjXk-5ZNajbVch_MezfUgzhY-WjYk4lMmT_Eo1pMqjrk-0tMuTvkw2_ZymzEA0BY-jDkExFNGG_EIyJJKnLN-JNZODP0Qm_cS0TlUkVM-jX0YmZca0_lckdMezf0-mhci3jMk9_NmSnZozpd-Dr0sxtJun_Rwvxay2zV-uBPCSDZE1_bGmHlIxJQ-nLlMaNbO2_5QlRPSTTE-mVdWWX5Yp_caUbJc5dW-mf9guhZiV_Rk5lcmGnU-9pMqSrZs2_YuXvNw0xV-Gz9ArBZCW_4E9FQG2Hd-KJTK1LRM4_SOUPpQZRb-kTpU2VWWV_dYSZaaVbl-XdNeWftgL_aiUjFk4lT-VnRonpMqk_9sEtUuTvF-NxaymzdA3_TCkDdENFN-FHlIUJSKm_lMZNaOmPc-yRTSmTpUV_dW1XlYqZV-TbRcNdReE_Vg5hTiljd-albmUn5oU_RqHrZs2tW-XvZwIxQym_pApBbCDDN-nFTGSH0Im_eKmL9MuNZ-UPlQkRPST_YU2VMWjXk-zZNajbYc","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"GET /d.m_FEzFdGGHV-2JZKWL5M0_PO2PFQkRS-WTQU9VMWT_AYzZMaDbU-4dNeSfZgh_ZiHjZkzld-WnJoppZqD_0smtYuXvN-jxPyTzIAm_ZCXDZElFb-nHRIUJeKX_BMlNPOTPI-mRaS3TcU9_eWHXhY4Zd-GblcrdJeT_JgDhYiXjB-wlJmnnBoh_eqWr9s1td-Dv0wwxJyn_JAlBdCmDV-uFdGWHUI9_MKCLZMyNc-mPlQkRPST_UUxVMWjXk-5ZNajbVch_MezfUgzhY-WjYk4lMmT_Eo1pMqjrk-0tMuTvkw2_ZymzEA0BY-jDkExFNGG_EIyJJKnLN-JNZODP0Qm_cS0TlUkVM-jX0YmZca0_lckdMezf0-mhci3jMk9_NmSnZozpd-Dr0sxtJun_Rwvxay2zV-uBPCSDZE1_bGmHlIxJQ-nLlMaNbO2_5QlRPSTTE-mVdWWX5Yp_caUbJc5dW-mf9guhZiV_Rk5lcmGnU-9pMqSrZs2_YuXvNw0xV-Gz9ArBZCW_4E9FQG2Hd-KJTK1LRM4_SOUPpQZRb-kTpU2VWWV_dYSZaaVbl-XdNeWftgL_aiUjFk4lT-VnRonpMqk_9sEtUuTvF-NxaymzdA3_TCkDdENFN-FHlIUJSKm_lMZNaOmPc-yRTSmTpUV_dW1XlYqZV-TbRcNdReE_Vg5hTiljd-albmUn5oU_RqHrZs2tW-XvZwIxQym_pApBbCDDN-nFTGSH0Im_eKmL9MuNZ-UPlQkRPST_YU2VMWjXk-zZNajbYc HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nset-cookie: kadCCap=681631:2:1759591928; max-age=1791234672; path=/\nkadACap=869406:1:1759394611;446878:1:1759250102;1006270:1:1759529033;794290:1:1759673603;863517:1:1759476553;1029462:1:1759476553;869409:1:1759391893;997731:1:1759185716;388634:1:1759638954;963740:1:1759689786;902286:1:1759608219;1023536:1:1759328923;695566:1:1759650033;869407:1:1759316226; max-age=1791234672; path=/\nkadASCap=794290:1:1759673603;695566:1:1759650033;388634:1:1759638954;963740:1:1759689786; path=/\nkadUnP3=CAoQ5faJxwYaDQid35wCEAEY8cGIxwYaDQjO2NgCEAEY97eHxwYaDQj2iP8BEAMY4a6IxwYaDQi+xugCEAEYsaqLxwYaDQid8bsBEAEYlOyGxwYaDQjjq6cCEAYY5faJxwYaDQj0t4MCEAEYzcCKxwYaDQjUyNMCEAIYquuHxwYaDQj2z5QDEAEY8L2LxwYaDQiUp9ACEAEYuviKxwYiCggDEAgY5faJxwYiCggOEAEY8L2LxwYiCggBEAMYquuHxwYqDAif5i4QARj3t4fHBioMCLiOJRADGOGuiMcGKgwIpf4XEAEYlOyGxwYqDAjPtjAQARixqovHBioMCML/LBABGPC9i8cGKgwIsf8TEAEY8cGIxwYqDAjg9ykQBhjl9onHBioMCMTFJRABGM3AiscGKgwIg6AuEAIYquuHxwYqDAj7+SwQARi6+IrHBg==; max-age=1791234672; path=/\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:17.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:57:53 GMT\r\nexpires: Fri, 02 Oct 2026 12:57:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 288804\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fpyf8.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 Aug 2025 05:43:54 GMT","end":"Fri, 31 Oct 2025 05:43:53 GMT"},"fingerprint":{"sha1":"36:76:3D:BD:D8:16:B6:15:82:A3:C4:56:19:6C:4A:13:46:7C:6C:3B","sha256":"94:27:7A:D4:8A:21:76:3A:7F:74:B0:23:CD:05:68:2E:3D:CF:BF:BD:80:EC:0D:4D:B3:52:ED:FF:1A:7D:E2:0D"}}},"request":{"raw":"GET /88/tag.min.js HTTP/1.1\r\nHost: fpyf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 42449\r\ncontent-encoding: br\r\nx-trace-id: 4c05152f20b0dd08f38f004103a7d9c9\r\naccept-ranges: bytes\r\nlast-modified: Fri, 03 Oct 2025 13:28:28 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115379,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65494)","md5":"1dc38a743cdac6093b6f9096b2c72b70","sha1":"4a793504be63ecb0246a2ce14df614aca6195d1b","sha256":"83937feac6bedf544edae76b0472d319feb5e3469d19bc1ae8c62d63e76df78e","sha512":"085a97a587e1d5760547ed281838a4e2d8b8ef1c002737f0395aebbef617a545c3c68334aa8221e595c80dbf254a80ba9e9d9cb41d4adcb8f79236cd8a951c0a","ssdeep":"1536:k8zmHlk4JQ9aO4kD9DaZ06GUqo54Az0SBYQ4+DIVVWBWeOjLouPks:XzsJkaO44a06GUb0S6z3eWPouf","tlshash":"9bb33bca2265241612bf8035446bed0eb5aecd8104cdcc78e1e5b8662d78b16d3f7fe9","first_seen":"2025-10-03T08:09:32.651385Z","last_seen":"2025-10-06T06:55:28.057873Z","times_seen":11,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":88,"dns":0,"connect":30,"send":0,"wait":59,"receive":29,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fxxxtik.app","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"212.117.186.12","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 21:21:47 GMT","end":"Wed, 24 Dec 2025 21:21:46 GMT"},"fingerprint":{"sha1":"AB:7F:25:A4:47:EA:FD:C0:FD:04:9D:5B:DE:04:FB:AC:82:37:67:A1","sha256":"8C:B6:C9:8F:CE:4F:DB:23:24:8F:04:DB:40:06:BA:C3:2B:0E:91:55:37:A9:E1:FF:A6:E7:DF:7F:FE:FD:BB:65"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fxxxtik.app HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: a97fa794a0f9=675c16f2cf24c1613f4ecd; expires=Tue, 18 Feb 2053 15:21:45 GMT; domain=wrathypenitis.help; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ab2149bed00bad62da1c2c0d4aa529a3","sha1":"5f886ff030a5a289e00a9979fb5fa5adb86a6693","sha256":"91f0b3e54d159ceafdcdc943d13c0d4d5d1f32b096cd31cbcdbfc5198c5bf1aa","sha512":"c3493287f5eee5ac6eb442b37366190320a2e47d2b0b05a069869953c82cd28e2104559215637b432f6c4ae295b90e22d1d1c1f7334154bc699e9cd0665a3b93","ssdeep":"","tlshash":"0780002ca0ec80ab0a8ba0283c0800e30b00a2aaf8f20a28ce20a2c8000b08a0080803","first_seen":"2025-10-05T21:11:43.394984Z","last_seen":"2025-10-05T21:11:43.394984Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":5,"connect":24,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15112\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:46:58 GMT\r\nexpires: Fri, 02 Oct 2026 12:46:58 GMT\r\ncache-control: public, max-age=31536000\r\nage: 289447\r\nlast-modified: Tue, 18 May 2021 21:21:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15112,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15112, version 1.0","md5":"b596676fc00af9806c16a12e9a0350f8","sha1":"056bafe30541a1926905966fa58b0df058504e36","sha256":"c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c","sha512":"0666192a4a370bc14e8c525996ce65d576cc5df3b8cc8692ca2b90b357cbf0e6dc04251de37f0a891bc958be1a354c274a40e32d20931367b45e234de955e070","ssdeep":"192:E2qLG2Cf1KdIIeylMP8QyhVaNwtx9bWKtfebW/9XuKFD0aVBJODEd3762B:sLzCf1QeyGP8QcVazb6/R4iBhn","tlshash":"c662c0e77a8e8285f941fbf09d1817afeec725817936b846cc89ae1ce040493e2c8545","first_seen":"2023-04-07T23:55:09Z","last_seen":"2026-04-05T08:12:19.347994Z","times_seen":1400,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 963\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"105e017845072f56df622ed51ff912aa","sha1":"b7e3f278880881caf8bc62e944b9def0d39268a7","sha256":"a3a830dd895941d24a5422b6f16524fa3fbb3e68ffe818902a59f3fbd4bf450d","sha512":"1dbca7c267b68a205ddae8252c1e0d5a94bfaf5ef8dd9b217b2ed95f3cce923dac86321f99a5c6e39068cb7d878d25babe2c9a4e88f74b9d4e2ed178b26d0074","ssdeep":"","tlshash":"85a01240c04c88700585893d6095ac2009fd04334d01107a580c6d244821400c11d051","first_seen":"2025-10-05T21:11:43.335829Z","last_seen":"2025-10-05T21:11:43.335829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wabsyederly.com/gAs36mcmijz/68957","fqdn":"wabsyederly.com","domain":"wabsyederly.com","tld":"com"},"ip":{"addr":"172.255.103.117","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wabsyederly.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 04:09:38 GMT","end":"Tue, 23 Dec 2025 04:09:37 GMT"},"fingerprint":{"sha1":"90:92:77:8C:05:1A:A1:EC:D6:63:BE:2B:3A:BB:E2:8D:C2:40:09:12","sha256":"F7:D4:3D:47:E0:C8:6E:9A:AA:51:AA:7F:CD:98:5B:93:5E:6D:38:34:EF:43:51:73:27:DE:47:E1:64:DB:B7:2B"}}},"request":{"raw":"GET /gAs36mcmijz/68957 HTTP/1.1\r\nHost: wabsyederly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; GL_GI10=eJwVyMEKgjAcB%2BDtTwwiPfzA7j7ByhSxa3aM7eATqI0QZBvbKnr76vh9jDEqMtDikXcnWTWdrNqzbBvwB0hp0GwhlAvv8QMeQMcaFCx2Oq6u7N3Tpt%2FP2PwNviDTFz2U2hurTALZiG0%2FTqs5XIcbuBcMlJwgULwXDPwl9l8VoRyd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150095,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"cbc3eee88fbb41045356241ab5e5fffc","sha1":"69e17c2843fed1cacfa39f5419646fc232c4f0e5","sha256":"903d971116973395c6e8b7842ad33f53d8336a17e9635fd4128a6b8e3f683fda","sha512":"7a98cb5f3b6fc42e1a40cf7cae6fc63fac27c0ab077ee2b2e5d99d4a48fa200ca8dcd5dafcf6bb56b8135b5fa04efd6ece40af02d81559a69d82e6d7c78a7fbb","ssdeep":"1536:/H4Yb/N1nJ/VomtG6r2qbfG/GeEvOtJ78tArsW/0HLR/YQEyPuQmfMrn8lxnZ8ab:vH/3rArsW/0rR/YQEyPuia5ueFOTMaAB","tlshash":"dde30ae1f710f3bc575b84e2953e8509d22a0f4371c95ba096a9ec452b6d20fe13edac","first_seen":"2025-10-05T21:11:43.398385Z","last_seen":"2025-10-05T21:11:43.398385Z","times_seen":1,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/honeypot/includes/js/wpa.js?ver=2.3.03","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/honeypot/includes/js/wpa.js?ver=2.3.03 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1758\r\netag: \"16bf-68dd9bdc-11611a8;br\"\r\nlast-modified: Wed, 01 Oct 2025 21:23:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VjIEHXDJ1WHHbZdORdq%2BeFFfgGJE9RkIimkEV801XlGHGIU9AXfZ1hc4GCOrNAgdFsKcUEgEiP9017GiXW2UE0m9ABPsMKr2\"}]}\r\ncf-ray: 989fe8d51ff50b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5823,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (389), with CRLF line terminators","md5":"077015ce742a22cba4ebd4280af31eba","sha1":"20e873f3d4f405fd9b0bfe4ebabab00feb494bd0","sha256":"a7018dedda134f466c8bdff4d13aa04cb5616d6dd090fac028f1b62fbc0fadb6","sha512":"251d247d409982de8236956813b5566b15c074f417eac0beaac3ca1d43bcbba25f625057745abf8539153a6025fc54c8e9ccd84ae5b1873bf9ec43e1871bd65d","ssdeep":"96:0LJ3N+1CdQBjhla43aJ3v3qm3b343jDWhzXGhoSLLumHAAAgWGUXY9B7sVA+JPZb:093N+1CCa4Of6mLo3CTTJr8p4q/1jRn+","tlshash":"8bc12050275b04a62e32cb69ebf7b72473395013ea00ed05fb5d4be577a4c191232bea","first_seen":"2025-09-13T18:52:56.502875Z","last_seen":"2026-04-04T15:38:53.527097Z","times_seen":753,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/wps-disclaimer/public/assets/js/jquery.cookie.min.js?ver=1.4.1","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/wps-disclaimer/public/assets/js/jquery.cookie.min.js?ver=1.4.1 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 622\r\netag: \"514-68d8f11f-1140ef4;br\"\r\nlast-modified: Sun, 28 Sep 2025 08:26:07 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BRrVi3w%2B%2Bfn5z4PD0JaoKgg8Z7t%2BHtaUMtg2Vj7U%2B%2BaLuIMjh%2BlM%2BobnVm7S2ht94ASg9wt7aX28ycPULL6jV8RjotPKcEE1\"}]}\r\ncf-ray: 989fe8d51ff70b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1300,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1266)","md5":"4412bf8023109ee9eb1f1f226d391329","sha1":"c273960aa874a87dd022b5e597887142f1b8e34f","sha256":"d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6","sha512":"de3dd553a582e6b3d00782ddd639cb57b29de71afe72af5abef870ab36c7fed68244d511a1e129a0f04af690f27ae9304b1c113c9f1f0e0bd85dde9291a6764c","ssdeep":"","tlshash":"212120987089b815521b9a35677f109bb078ab55d09c40a9c391e4e03f708820d72ef9","first_seen":"2023-03-07T01:14:34Z","last_seen":"2026-04-05T12:14:59.880783Z","times_seen":17788,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/05/pornhub-app-75x75.jpg","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/05/pornhub-app-75x75.jpg HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2901\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Oct 2025 07:49:31 GMT\r\netag: \"b55-67e3fb01-11409cd;;;\"\r\nlast-modified: Wed, 26 Mar 2025 13:02:57 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 134494\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XwfcAA4QSJOCzc%2FaM6XVceggJe6HM7iebTf%2B3AkZhI1wMDcV5OHZKL%2BakuMB7YfcVzmUAuLm%2FK23HIi8ddugXYWA93v%2FFEQp\"}]}\r\ncf-ray: 989fe8d628b70b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2901,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 75x75, components 3","md5":"956881411423965258727a54e23f73be","sha1":"3afb144150614bc2b75c9977d29c6ee059042187","sha256":"47d228929cc09c641a2dca21272d5a894e6bb1948f9dce04745633845eb29506","sha512":"398a5f10ce525386f509c021bbf37582cee94b2b127144d4d5f61691dcb99f3644b602020ba43300d02836406f82be79bcfb02b77e6ac893d7f307b15b236902","ssdeep":"","tlshash":"42511bb1931553dcea942e34e8d07be4d6763f20ed63461ad23cd20b92391c049b46a7","first_seen":"2024-05-24T09:39:23Z","last_seen":"2025-10-05T21:11:43.402922Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"site-assets.fontawesome.com/releases/v6.4.2/webfonts/fa-regular-400.woff2","fqdn":"site-assets.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.64.147.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 21:04:01 GMT","end":"Fri, 21 Nov 2025 22:03:57 GMT"},"fingerprint":{"sha1":"CC:FF:C9:AB:7D:4F:0E:BD:2F:0D:51:59:D6:60:F9:CD:7D:68:E5:4B","sha256":"EF:79:B2:3F:26:48:FD:84:D5:42:BF:1E:35:73:D2:4A:8A:DB:54:C5:37:B0:F6:75:31:FE:6A:BC:D5:8A:F4:C2"}}},"request":{"raw":"GET /releases/v6.4.2/webfonts/fa-regular-400.woff2 HTTP/1.1\r\nHost: site-assets.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 395444\r\ncf-ray: 989fe8d758a38deb-OSL\r\nx-amz-id-2: ZycCNLanxS5XhObX9LnfpcUgXfRXCjZhnWMkUl8XKTJBqdCEa0GnrIvgtiJZ2EqJFfQHR9GbGAO5yr9kOBZPQTRbjW9SzY70Tcsv1ude918=\r\nx-amz-request-id: WN0F5306ZFZ8EQJT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nlast-modified: Tue, 01 Aug 2023 19:22:32 GMT\r\netag: \"f3100ca1d6b8939d47fe7e23a831bcd3\"\r\nx-amz-server-side-encryption: AES256\r\ncf-cache-status: HIT\r\nexpires: Mon, 05 Oct 2026 21:11:06 GMT\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":395444,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 395444, version 772.1280","md5":"f3100ca1d6b8939d47fe7e23a831bcd3","sha1":"7e9675560e6f9836855efa46cff0738cb02d51bc","sha256":"b85c4d4bcb7be039d30281d940426203622394a85d4cd2b43048b57a924a7d51","sha512":"b0fcdad92ec9f88f58b5e075a09cf84df99aabbae5a9b307d544ec9d8deb5a705922bcbd081cf6ac8e7277faf615208a67a96c692d950ff5170b07bf9e39f73a","ssdeep":"12288:YbzB8MYMJOSvwoCZYPP9cdtNjcD5HMDRA:e37oSdWYPlKNjctsG","tlshash":"998423d8d11ffb282891d6260a7fa781de93d35d907a4c8c1533fbac8d09ca92951fa0","first_seen":"2023-08-09T11:09:21Z","last_seen":"2026-04-05T11:11:08.516194Z","times_seen":2282,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":13,"dns":1,"connect":3,"send":0,"wait":47,"receive":6,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9977715","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /pfe/current/tag.min.js?z=9977715 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Sep 2025 13:19:37 GMT\r\netag: W/\"68d14ce9-785f\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30815,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30815), with no line terminators","md5":"e8aa54e0f45caba29d1929319247d6f7","sha1":"6e5fc61dddf1cf4e9c933e768eeb8707009d224a","sha256":"4863ced089760be4f6407d16c4d661da7f5b899dc4cbcf16dd2cddc629a4cad1","sha512":"df7faecbcf89310902a7f19c1d23943632f68d60378cb82ed61c06cda951f01c251fb45a35e0ec39df9ec27a97e0d9aff84a5fbdd24817488e8925d475769961","ssdeep":"768:N0/yQI4xFlPlGbz9Z+CugqWc0QimcED40TZxlsl05JFGS3J03WYveZ7mSbiaB6sq:BWCT60rmcE2CLY/sKBVsm","tlshash":"80d2c6813ebb685127d257c3d03f941a93a1d60434abf5a3b50e659229320dacff3e67","first_seen":"2025-09-22T16:48:47.194022Z","last_seen":"2025-10-31T08:17:13.404319Z","times_seen":162,"resource_available":true,"data":null}},"time_used":10296,"timings":{"blocked":5133,"dns":5042,"connect":30,"send":0,"wait":29,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tsyndicate.com/do2/88d03130b1764035a5c2153cd359b33d/vast?categories=Adult\u0026subid=5CMC5GAK0U\u0026subid=5CMC5GAK0UNO011","fqdn":"tsyndicate.com","domain":"tsyndicate.com","tld":"com"},"ip":{"addr":"94.130.167.206","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsyndicate.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Sep 2025 20:10:41 GMT","end":"Thu, 11 Dec 2025 20:10:40 GMT"},"fingerprint":{"sha1":"25:5B:D4:FE:8D:85:CA:1A:7D:3A:B0:58:EC:2D:7A:B0:62:90:21:1F","sha256":"DF:0A:26:3C:A9:CF:97:54:23:20:C6:11:EB:C6:8C:7F:02:14:58:C8:F6:3B:08:10:27:BF:78:67:09:32:DC:9C"}}},"request":{"raw":"GET /do2/88d03130b1764035a5c2153cd359b33d/vast?categories=Adult\u0026subid=5CMC5GAK0U\u0026subid=5CMC5GAK0UNO011 HTTP/1.1\r\nHost: tsyndicate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/xml; charset=utf-8\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: POST, GET, HEAD\r\naccess-control-allow-headers: Accept, X-Requested-With, X-Forwarded-For, X-Real-IP, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy, Content-Type,Authorization, Nav-Ua-He-Mobile, Nav-Ua-He-Platform, Nav-Ua-He-Brands, Nav-Ua-He-Platformversion, Nav-Ua-He-Model, Nav-Ua-He-Architecture, Nav-Ua-He-Bitness, Nav-Ua-He-Fullversionlist, Nav-Ua-He-Uafullversion, Nav-Ua-He-Wow64\r\naccess-control-allow-credentials: true\r\npragma: no-cache\r\nexpires: 0\r\nvary: Accept-Encoding, *\r\nx-vast: 3.0\r\nset-cookie: cookie_user_id=87a2e4a0-cdb6-5639-a1a3-eccdaa426134; expires=Sun, 05 Apr 2026 21:11:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None\nbfq=APeIECNCx5YuLESMKXgwYRmGXfoo; expires=Mon, 06 Oct 2025 21:11:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, no-transform\r\nx-robots-tag: none, noindex, nofollow\r\nreport-to: { \"url\": \"https://pxl.tsyndicate.com/api/v1/heavy-ad/report\", \"max_age\": 86401 }\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\npermissions-policy: ch-ua-model=(self \"https://tsyndicate.com\"), ch-ua-platform-version=(self)\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4348,"size_decoded":0,"mime_type":"application/xml; charset=utf-8","magic":"XML 1.0 document, ASCII text, with very long lines (4309)","md5":"6d4f2b552b669785a3755aab2cdd1e94","sha1":"e099820eb89a4be9c7972eda95dc13a40ba859bd","sha256":"c1c3d843cac01336050c91393dc28cb023a46400f1d251a2bdf5f5675b63e8c3","sha512":"e48dc9f8d77de570b3bff85186a4c1805bcef34e7c87700a7d1f4b8565d343753d4faf9b4561e038d84ed1633b6248fd77c1f275d2a17b5978d1e95993545673","ssdeep":"96:8fAyau+u9kE808zdAjjRfn0OF7vWxgKz7OjwWZ672:4A3q9kEYzdEjRf0SygCCjlZ6i","tlshash":"65915dbb36e554f20d0170147ed864e5aabf811f6bdfa057a9488447f8d11ec091f2f2","first_seen":"2025-10-05T21:11:43.407867Z","last_seen":"2025-10-05T21:11:43.407867Z","times_seen":1,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":80,"dns":2,"connect":37,"send":0,"wait":274,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 356\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b1ca6df0c9261b7709fa0e9b4fed8e7b","sha1":"17a1f78f7b28f98e9e6747edddaff5b79c32a9ef","sha256":"7b2c848ec04571441758e217ba10f35d1c7fe6d92b6b17ac16bac6614f4fa9f5","sha512":"63f7bf4a06920740cbb91c8b04162c34b8131327e96cb632ff3431c484b1767ff9e5c8b860ccab0c504c26c9b49ca938e272cba32c3cbc3a47a6d114c8feee2f","ssdeep":"","tlshash":"2aa0244050045c7c00d0470c51d05f104c3c34737d07c3344c1c7d534110040030f103","first_seen":"2025-10-05T21:11:43.410702Z","last_seen":"2025-10-05T21:11:43.410702Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:16.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 21:11:16 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9910\r\nlast-modified: Thu, 27 Feb 2025 16:35:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67c0943f-26b6\"\r\nexpires: Mon, 06 Oct 2025 01:16:56 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 71660\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AE6ymV2kpcRnttkmacA4jyceDRyN0XhDZvHEkRzoE8iUQ1I0D2kVZWcnlHc%2F9iiPSa9mI4Pfb1YMT%2Bo%2BrsK%2BJdUVtVYjBNOHTZoO9fhK4g%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989fe9179fdd56c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9910,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3","md5":"5e2ab0eed18d035e0ff0c39cc5cfd27c","sha1":"1baf8a735404756b573053e2e55471e90725e03c","sha256":"c2d42867eb040910ea0ac9142143ac620a1280c0160fdf2fa57bdb010ec318fa","sha512":"4a397ae895c598f1e07d5ba7f48e37900e633d576af80350f213dd997baa6d9198f2142421ad57a8504c2810e7c2830910594ab11415b401795c922513e88ae2","ssdeep":"192:eJZGe1Kgs442STFKHBahL4CxoUu47A5t4FUPVC15rC:ezGLgs+STFKHAh0C3NM5nC15rC","tlshash":"f212b0c4fca14c72db60cbbd1824d24a3f7c02539b91a75f22aa86315cba4bf71d55a2","first_seen":"2025-04-11T02:20:54.089609Z","last_seen":"2026-03-15T06:38:48.799887Z","times_seen":137,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/wps-disclaimer/public/assets/js/disclaimer.js?ver=1.5.0","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/wps-disclaimer/public/assets/js/disclaimer.js?ver=1.5.0 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/wps-disclaimer/public/assets/css/disclaimer.css?ver=1.5.0","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/wps-disclaimer/public/assets/css/disclaimer.css?ver=1.5.0 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/05/fikfap-75x75.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/05/fikfap-75x75.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 6832\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 10 Oct 2025 12:56:13 GMT\r\netag: \"1ab0-66404131-1144dd0;;;\"\r\nlast-modified: Sun, 12 May 2024 04:10:25 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 202491\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8izVCO98ZGmZ5Xlwzsx4oT7yVmFNmyPGVQsDvv5M3l5zGkilF7S4S86RC9c4tDFqP3tEJwzw0QBckq8iqIZxzRKc6KRM4Yoq\"}]}\r\ncf-ray: 989fe8d628b50b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6832,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"d9cf64aa3a239230693eb78a007eb094","sha1":"83cb31b9e099accd96a53f62968e954f6d2d889a","sha256":"1bb0642d952648fa3ecd0bc2a58da35415cdc181d2732c2449fab30862229e9e","sha512":"a617544097a0cfe63e6460b84fc0a9836ec92099674d31dea815eeb2c83a8e9cff48a3c37893d5b319dc4be971af667b23d067485a60b44389b1ed03c75c98fd","ssdeep":"96:XA3pd1lw/MtmmALYUIGAAYB/rHrF1TOJGymSLituwEQFcOoGrJN:XodXw0tmJLBARrF1KkmazrJN","tlshash":"44e1bf61e804b5395f936c19a12e589270b83a10ccdfc3759fb2b742d4b1ed3af70465","first_seen":"2024-07-07T18:41:41Z","last_seen":"2025-10-05T21:11:43.414322Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.125.168.103","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://xxxtik.app\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=619eb20b-0c70-488e-9788-174c75b967c0:2:1; expires=Wed, 03 Oct 2035 21:11:07 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"7e3f73a41d0ff9b45a8589972e1afda3","sha1":"74e87f27ada8193b5c754e2022f16a2e57065c11","sha256":"10722a2307dbbb251a826e8c0249f2f6393e48b2360a723662f18480605c2564","sha512":"e57ba68b075198bcaaab1064a269d5ad1f455b2ddddf546eb7f2370a7d0e31b3a7fc9700a231b4a7650a2a25eb45d69a61b29cb2059028126e4348eb044fcc35","ssdeep":"","tlshash":"5390047cd00cf4c041d1fc5345dc0dd00000031545757104050f543dc4750304773c51","first_seen":"2025-10-05T21:11:43.417413Z","last_seen":"2025-10-05T21:11:43.417413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":0,"dns":4,"connect":29,"send":0,"wait":29,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9977712?excludes=23316440\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:13.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9977712?excludes=23316440\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:13 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=102116da-fbae-4295-9145-bfe638bd7f23","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=102116da-fbae-4295-9145-bfe638bd7f23 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 451\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Sun, 05 Oct 2025 21:11:08 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://xxxtik.app\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":198,"timings":{"blocked":84,"dns":0,"connect":30,"send":0,"wait":30,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/dkm.FlzmdnG-NpvqZrGsU_/ucvnwNxy-YzzA1B2CY_XENF0GaHW-0JmKcL2Ml_kOPPSQZR6-bT2U5VlWa_WYQZ9aNbj-YdyeOfTgM_2iNjgk","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"GET /dkm.FlzmdnG-NpvqZrGsU_/ucvnwNxy-YzzA1B2CY_XENF0GaHW-0JmKcL2Ml_kOPPSQZR6-bT2U5VlWa_WYQZ9aNbj-YdyeOfTgM_2iNjgk HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/xml\r\nvary: Accept-Encoding\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6400,"size_decoded":0,"mime_type":"text/xml","magic":"ASCII text, with very long lines (6400), with no line terminators","md5":"646629b2c7529196544b611c60942da5","sha1":"b40fe8169b07c5a336bb2878f65387072fa45e97","sha256":"f8322308e6e34b4acd5fbc418a49600aeeb17f09d42dc93bc6ec50bc5c81d82d","sha512":"3e7aa002eaf8b524a823f651d6d2d7524e37fd8427629656872ad32c753c1aadccfa5aad0db667b9c79d05c6b51a6edd616b7ceb93eadafa123283a831b8e775","ssdeep":"96:/KDfyz2LL9Hj1aB62psCSoRZyPVnD6yqqoTBMWfgPYkuhig67W3yr:uazuHjmlIP2VGgqTuhHI","tlshash":"2dd15d5903419363ce43966c9b39e53eeb398d1ea7ee1c60d98be1c7148fd2044a21e7","first_seen":"2025-10-05T21:11:43.42Z","last_seen":"2025-10-05T21:11:43.42Z","times_seen":1,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/10/xxxtii.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/xxxtii.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 26097\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 29 Sep 2025 20:23:44 GMT\r\netag: \"65f1-6714b6d8-1144df2;;;\"\r\nlast-modified: Sun, 20 Oct 2024 07:52:56 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 446365\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xWp6IwUVhwGa6EZ%2FaBD8rdKQLykNEvKI1j9wGS24aO2SuHXim3S%2F0AMckTwzBu%2Fqn3rI9wocxFvSPfM7MI3PecGu76k4RePh\"}]}\r\ncf-ray: 989fe8d528050b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":26097,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1100 x 220, 8-bit/color RGBA, non-interlaced","md5":"b7cac37ea112c3e528a69daa1bde9307","sha1":"3e372923e809f4c5cf941575b4b5e8fd99859fc7","sha256":"e03c746a8a3359d640b45bd61ae041b108e83036682c139b228c53e60f69c350","sha512":"9bf8d3de7d4974c9626fd23ba4161badbdbf2e0d1f9f07b562f1cf7589cb759859991c16c7ad8fe5a5e5ff92421f8fc70375c0f71a94feb16abfd8c210e85a79","ssdeep":"768:IH4/vQtilY1wicAdd/oAlTMsvk5/DBNezi:NHQtZ5JTNxPMszi","tlshash":"2ac2e0c7c83be458ed3eee0102670c75f719553c6846b93a28b12a4dc55ae2e73617c6","first_seen":"2025-10-05T21:11:43.423158Z","last_seen":"2025-10-05T21:11:43.423158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wabsyederly.com/sbf/68957?md=eyJ0dmMiOjAsInoiOjI2OTUsImEiOjQ2NzAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3h4eHRpay5hcHAveHh4dGlrdG9rLyIsImgiOjIwMzQsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiYXVuM2QyazQ5aWJvcWdjIiwibyI6dHJ1ZSwibSI6MTc1OTY5ODY2NTczOCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyWHh4VGlrVG9rJTIwQXBwJTIwdjEuOS4yJTIwLSUyMERvd25sb2FkJTIwMjAyNSUyMEFuZHJvaWQlMjBBUEslMkMlMjAlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyYXBwcyUzQTglMjIlMkMlMjJhcGslM0E2JTIyJTJDJTIyYXBwJTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026cr=66010\u0026crp=9","fqdn":"wabsyederly.com","domain":"wabsyederly.com","tld":"com"},"ip":{"addr":"172.255.103.117","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wabsyederly.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 04:09:38 GMT","end":"Tue, 23 Dec 2025 04:09:37 GMT"},"fingerprint":{"sha1":"90:92:77:8C:05:1A:A1:EC:D6:63:BE:2B:3A:BB:E2:8D:C2:40:09:12","sha256":"F7:D4:3D:47:E0:C8:6E:9A:AA:51:AA:7F:CD:98:5B:93:5E:6D:38:34:EF:43:51:73:27:DE:47:E1:64:DB:B7:2B"}}},"request":{"raw":"POST /sbf/68957?md=eyJ0dmMiOjAsInoiOjI2OTUsImEiOjQ2NzAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3h4eHRpay5hcHAveHh4dGlrdG9rLyIsImgiOjIwMzQsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiYXVuM2QyazQ5aWJvcWdjIiwibyI6dHJ1ZSwibSI6MTc1OTY5ODY2NTczOCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyWHh4VGlrVG9rJTIwQXBwJTIwdjEuOS4yJTIwLSUyMERvd25sb2FkJTIwMjAyNSUyMEFuZHJvaWQlMjBBUEslMkMlMjAlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyYXBwcyUzQTglMjIlMkMlMjJhcGslM0E2JTIyJTJDJTIyYXBwJTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026cr=66010\u0026crp=9 HTTP/1.1\r\nHost: wabsyederly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 19\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; GL_GI10=eJwVyMEKgjAcB%2BDtTwwiPfzA7j7ByhSxa3aM7eATqI0QZBvbKnr76vh9jDEqMtDikXcnWTWdrNqzbBvwB0hp0GwhlAvv8QMeQMcaFCx2Oq6u7N3Tpt%2FP2PwNviDTFz2U2hurTALZiG0%2FTqs5XIcbuBcMlJwgULwXDPwl9l8VoRyd\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":564,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JSON text data","md5":"9b8a20aab2b33395f7844222f3dc752c","sha1":"a9008dfac41ba833fe4dfd333ed796574fc5f9a4","sha256":"9238b5f1d2fdf1c98964c0da24689ec545b09936130b6482a65ce6c360d49d28","sha512":"83733b5f8b90d5a38f31df9771b006bbaf048ab21ff9a8eb277af1956fbb89af0944038ad22e84e7c7b9fb1452307df077ec189a1293b12fce9b10129964e29f","ssdeep":"","tlshash":"d2f00c902b4886f837ca83d548a616eed4030182083d64c9d10dfe1882bc8a0b7ae3d3","first_seen":"2025-10-05T21:11:43.425646Z","last_seen":"2025-10-05T21:11:43.425646Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wabsyederly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/05/OnlyTik-App-75x75.webp","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/05/OnlyTik-App-75x75.webp HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1844\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 10 Oct 2025 12:56:13 GMT\r\netag: \"734-663230d9-1144dce;;;\"\r\nlast-modified: Wed, 01 May 2024 12:08:57 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 202492\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HtvjxWrqNAnICweoM5O7uurbLZVKiBYT1Fv42ZlITxbXPYuPxg0%2FfX0N3GF6PH6o7EAnUmuxA8heimycV4gw3tC8ChPv2uk1\"}]}\r\ncf-ray: 989fe8d638bd0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1844,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"84b3a71bad2a7deb0796972bffd661df","sha1":"627ea168d9432162635f555116b29a0c66776a88","sha256":"777403a57d3db01fc21bc58524a4dd5685b4fab6f440cd1c189544f3c3cd3fec","sha512":"8388478dfe27d03632a4881f968f41279b483a49806646c080b1a6ab43979e80a06067e072af0db71bda5f7e9306366ac5a019e8daaf8176d28c150597f26127","ssdeep":"","tlshash":"0731181a97203fadf0387bb004e0cb82e6d51de5465e9369c5855ab31bd90cfec0c447","first_seen":"2025-10-05T21:11:43.428829Z","last_seen":"2025-10-05T21:11:43.428829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/wps-disclaimer/public/assets/css/disclaimer.css?ver=1.5.0","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/wps-disclaimer/public/assets/css/disclaimer.css?ver=1.5.0 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 943\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 05 Oct 2025 22:43:01 GMT\r\netag: \"c99-68d8f11f-1140ef2;br\"\r\nlast-modified: Sun, 28 Sep 2025 08:26:07 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 599284\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i8bhKH4Byz2etlXC2hDaA3n4kzmv%2FqLexPPQcTk4VS3uGucRZc45KpmYUxykvc5pCR7i%2F00MlFF1LhfjA8F7q1Qje%2FaDpw6B\"}]}\r\ncf-ray: 989fe8d52ffd0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":3225,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"4eaa4a1a7fd1b16af42715672c0409d2","sha1":"7c736a180a8d8777609a9180ba1320610869e474","sha256":"d348a1e31aae25a763bbe7300efbf14dc58928dddabaa32febd37984d2ecc67c","sha512":"e7ffa9cbb8fdcf147b461838830aaa54beff41a72838a47c10c998e7e8b701c724097c93aaedb7a888662c7c2ab35c5068a1d184ae5b5aff2e9c4d8d2db90632","ssdeep":"","tlshash":"c861e03b6f985488a20ec5643bedff81191a4113972b7ceb64e5e52c93c636400f379b","first_seen":"2023-05-01T19:36:38Z","last_seen":"2026-04-04T11:43:31.541783Z","times_seen":159,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 02:39:12 GMT","end":"Sat, 22 Nov 2025 03:39:06 GMT"},"fingerprint":{"sha1":"B4:6C:D2:16:CA:52:EE:BD:22:D7:B4:2C:64:FF:A5:EF:67:D8:E1:F8","sha256":"FF:3A:23:84:D6:B2:73:DF:50:6E:1A:45:A4:AB:03:37:0B:C4:4A:8E:82:12:99:10:80:A2:F7:FC:71:E3:BA:1D"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 989fe8d53ce456a9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":2,"dns":0,"connect":1,"send":0,"wait":18,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/VPAIDFlash.swf","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"object","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /VPAIDFlash.swf HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3; dom3ic8zudi28v8lr6fgphwffqoz0j6c=619eb20b-0c70-488e-9788-174c75b967c0%3A2%3A1; pp_main_d8faf53894cdd595b3c9b5230c862bcc=1\r\nSec-Fetch-Dest: object\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-dns-prefetch-control: on\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\ncontent-type: text/html; charset=UTF-8\r\nx-litespeed-cache-control: public,max-age=3600\r\nx-litespeed-tag: fd4_HTTP.404,fd4_404,fd4_URL.b58f223ae1ec607b904e2736602e3f8e,fd4_\r\nx-litespeed-cache: miss\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BFoC26gF3sNRyJqOjlE9qvfiVLF8W1z%2F%2Bqsup187%2BB3ZqfPBs5tjspeetPcjhTW%2BIvSKkcYgKZnapxzXXikT26RX9SkAPJU5\"}]}\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\ncf-ray: 989fe8f84e55569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":135030,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (30390), with CR, LF line terminators","md5":"bf24c0678a7696c7ea82f5169a2566da","sha1":"47985443b66e3a766e83b86c0f1a370e0aed9e4f","sha256":"325ce277089428cf8476574db5e19848019f518ffc7b83773c076f92a3463df4","sha512":"5e3c3e5c9c71c923cb5302557e0f8c7319108e6cccf718805d31aebe4dc71ae4e1e2da2cb8d366bb9e2d01c0dced9933e7ca72a280a7fff64735de3724171378","ssdeep":"3072:QzveeeJu1iQg5MG7x+qehvP0x2pck2qkz:S1iQg5MG7x+qehvP0x2pck2lz","tlshash":"39d3a51017b4dcf939ffab3a5d4ee214a507a901c64a97ebe076d190628ca590df3b0f","first_seen":"2025-10-05T21:11:43.43285Z","last_seen":"2025-10-05T21:11:43.43285Z","times_seen":1,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":494,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/dmmnF-z.dpGqVrysc_mu9vywPx2-FzkASBWCQ_9ENFTGYHw-NJjKkLwMJ_nOpPvQbRm-VTJUZVDW0_2YNZjaIb5-MdzeYf2g?code=100","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"GET /dmmnF-z.dpGqVrysc_mu9vywPx2-FzkASBWCQ_9ENFTGYHw-NJjKkLwMJ_nOpPvQbRm-VTJUZVDW0_2YNZjaIb5-MdzeYf2g?code=100 HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ip423869593.ahcdn.com/key=XIPTXStYrED2UqmlsMQtzw,s=,,end=1759702272/state=aOLeUpSp/reftag=0410298788/origin=364804248/301305/351499/1030585_20951z.webm","fqdn":"ip423869593.ahcdn.com","domain":"ahcdn.com","tld":"com"},"ip":{"addr":"45.143.250.61","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ahcdn.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Thu, 29 May 2025 00:00:00 GMT","end":"Sun, 28 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:99:89:EB:9F:31:C2:E3:B2:10:F6:4F:E6:6D:E6:59:B7:6F:EA:13","sha256":"5F:9A:30:C1:4A:49:41:F9:B5:42:9D:E2:31:29:C9:A0:0A:15:DE:D8:A3:7F:7E:78:17:70:8E:31:1B:C6:CD:F0"}}},"request":{"raw":"GET /key=XIPTXStYrED2UqmlsMQtzw,s=,,end=1759702272/state=aOLeUpSp/reftag=0410298788/origin=364804248/301305/351499/1030585_20951z.webm HTTP/1.1\r\nHost: ip423869593.ahcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br, identity\r\nRange: bytes=0-\r\nReferer: https://xxxtik.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx/1.26.2\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-type: video/webm\r\ncontent-length: 237720\r\netag: \"acf0c9a27aed100f662f404a598ede42\"\r\nlast-modified: Thu, 02 Oct 2025 10:34:40 GMT\r\nx-timestamp: 1759401279.98251\r\ncontent-range: bytes 0-237719/237720\r\naccept-ranges: bytes\r\nx-trans-id: tx2e24a44cb4054bd982c94-0068e2def0\r\nx-openstack-request-id: tx2e24a44cb4054bd982c94-0068e2def0\r\nexpires: Sun, 05 Oct 2025 23:11:12 GMT\r\ncache-control: max-age=7200, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx:1.26.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237720,"size_decoded":0,"mime_type":"video/webm","magic":"WebM","md5":"acf0c9a27aed100f662f404a598ede42","sha1":"b41ffdaa8850a3ca0d46d99932b947c35cb8d62f","sha256":"e077dd656301d2d87865e1871603af2867e8499ec1127b0211495369bd631b9b","sha512":"d62cf25b216cf2610252897500f6b5724b22cad2213bdf22add8d1a5f7c8290c2c1f928b036f669906b4675c63bb99a4a4ef2deb814ef6afa7ede42c5525e9cb","ssdeep":"6144:Pwg8OE7lY4LI0kfTTbHZjCyVG0BK+KCRXY6xp:Y1NfYTXhDVAoXpxp","tlshash":"df3412024ff6a53ac48857f508da277b6f2b9d77000d928793958e3939f7a55bc3228c","first_seen":"2025-10-05T21:11:43.436304Z","last_seen":"2025-10-05T21:11:43.436304Z","times_seen":1,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":124,"dns":22,"connect":20,"send":0,"wait":35,"receive":47,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/16ff37aa3d68f8972c61041247eb574a.js?ver=b574a","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/js/16ff37aa3d68f8972c61041247eb574a.js?ver=b574a HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4756\r\netag: \"482f-68e2de64-11619fc;br\"\r\nlast-modified: Sun, 05 Oct 2025 21:08:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vL11E%2FuGxZZyp6TbcvZhpHfQLhrp70ezEhgqzA9b2Rr2oYZsCdZk8OtFZwMjgSDKnf5I7xcUhiitIExwoWezOy36cjjFAEH6\"}]}\r\ncf-ray: 989fe8d5280a0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18479,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (18477)","md5":"add484f1748beea3eb9f275c5e4c496e","sha1":"7744fe63c0cbdc64d83c11c66cabd608cad1b552","sha256":"6ca8bb49a96cc868d1e5357a2a0a7ca5ec0fbedd818bfb944c2f444d625e2551","sha512":"eee8ba8bdf347d0c9b1c0918826dd3d26754ffd81c13faaa672b68a7e3b894e8c188a4aa869d9dccbc6f1563abfd23cffa3deb223d435fd3dab1163778a4536f","ssdeep":"384:Yvf4xzL1bFFPWuGcEIEOqcxx3anCMzMLgfyLOd6aaBM/euL5nwEjhpyonUiwFzIo:YvANj1WuuZSFk5nwEjhpyonDczKPs","tlshash":"d382b718321864bd45bf177d211f920672391d3acb06984664bec4799fbed8a02b6f2e","first_seen":"2024-06-03T15:44:24Z","last_seen":"2026-03-02T13:31:43.51128Z","times_seen":13,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/07/favicon-75x75.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/07/favicon-75x75.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 4014\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Oct 2025 07:49:32 GMT\r\netag: \"fae-66a49c50-1144e37;;;\"\r\nlast-modified: Sat, 27 Jul 2024 07:05:52 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 134493\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jN04ka2bChywZkBdFHdcZQaxHL8nyYazcM2JTv6PZ4uhf2RiT6A58s3kHlAIvrBc3fqodA2c0WrPesdzrV2nnP6Zwt9fZsLu\"}]}\r\ncf-ray: 989fe8d638be0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"4054866a84838549729af89d7afa326a","sha1":"40044ea34492c038baa8d760e5dae013d4d82068","sha256":"c0ce372ee349b328acb6a66ffe2fd65ba6b3b8574cf12139186038ae4216dde1","sha512":"23b789609c68e78741145e482c2af61f57b767f9254122ab3baed58479939ded2a72bdb58abbf0666b58be04564e08baa4ea5e291483b74ff0f71df3e289fe3b","ssdeep":"","tlshash":"50817d6fcd6e9ce0d53d4db3997e4c3866527214c2345c5a8a218f8b1077cdd8e99819","first_seen":"2025-10-05T21:11:43.442748Z","last_seen":"2025-10-05T21:11:43.442748Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzegilo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Sep 2025 14:26:46 GMT","end":"Fri, 12 Dec 2025 07:20:07 GMT"},"fingerprint":{"sha1":"F3:16:05:8F:DD:38:43:0F:BB:E2:C4:D7:85:80:BC:FF:31:61:3D:76","sha256":"B5:31:C1:B7:C6:EF:62:4B:FF:EC:63:B7:C3:FC:AB:46:1C:7C:09:8C:E2:11:C2:6C:DC:B2:3A:57:84:15:F3:EC"}}},"request":{"raw":"GET /stattag.js HTTP/1.1\r\nHost: tzegilo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 11 Jul 2024 10:23:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nlink: \u003chttps://flerap.com/\u003e; rel=preconnect; crossorigin, \u003chttps://fleraprt.com/\u003e; rel=preconnect; crossorigin\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nm%2FOOWNdYPAlgkB8%2FyRja0KCH268Z29%2Flm%2BvmY%2FCALNibr22%2F0COs7eQDYr%2BpTj71xnoVzk6851Jqo02ReGMeRv35ylipbFgJA%3D%3D\"}]}\r\nage: 6594\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"668fb2be-45d7\"\r\ncontent-encoding: br\r\ncf-ray: 989fe8e55d185691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17879,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (17229)","md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-05T11:37:19.756326Z","times_seen":6366,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":35,"dns":3,"connect":3,"send":0,"wait":10,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oamsursumsauz.net/500/9977713?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"oamsursumsauz.net","domain":"oamsursumsauz.net","tld":"net"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:18.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oamsursumsauz.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:35:01 GMT","end":"Sat, 18 Oct 2025 05:35:00 GMT"},"fingerprint":{"sha1":"15:08:E5:10:97:98:9A:68:4B:96:AF:40:16:99:5E:A2:7F:6D:1B:FA","sha256":"80:1A:EF:F3:CD:54:AD:65:88:C6:E0:97:07:75:81:E5:4C:41:38:16:E0:EB:F9:4F:72:C9:12:E3:8C:7A:C3:23"}}},"request":{"raw":"GET /500/9977713?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: oamsursumsauz.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:18 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 8e594a5509a4c627a2da30d00fc93b04\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:18 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6071,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"041abc946219c00533a2149bb270f981","sha1":"484cb78d83a1e11df1f3eb157ce8e6c8bb9e7b02","sha256":"340fa3f82e9f403154b178e080b40f883f4ed70135cde1d3b7e3f6662b9902b5","sha512":"1a5ba751c3f4c04737c3953187e397e1127be8a70807b3e0deb83c976269b41dab098ec0b0a88ce971a958a69fb7dd454226159b4842d5d6f6f748e2d5f808a6","ssdeep":"96:J2FxfWxh5alaZI4R5E2cXmXbPE8WQN3weA0rs7c/uRdhpPC7h+TReJNThdh2hJba:Jzz5aksrWLPE87weABpPmWgD+Ju","tlshash":"2bc1e99f3806d903cdc1df4c2bb61d7998d7991916f62a0c928bda7582ce0b82c77790","first_seen":"2025-10-05T21:11:43.446527Z","last_seen":"2025-10-05T21:11:43.446527Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":33,"connect":30,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/wps-disclaimer/public/assets/js/disclaimer.js?ver=1.5.0","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/wps-disclaimer/public/assets/js/disclaimer.js?ver=1.5.0 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1180\r\netag: \"122a-68d8f11f-1140ef3;br\"\r\nlast-modified: Sun, 28 Sep 2025 08:26:07 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=adXjZbW%2B4fJX1x7E%2FdGlqNVI5ZxliYlKHiaRPbS4P3bjLXelTi3MNWeOiY4e1hB%2Bi%2BeXPTsms1LkV6V2dag5yphpD4Itb%2BVr\"}]}\r\ncf-ray: 989fe8d51ff80b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4650,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"bf3e3a5812d68371f4754d6c6dc9bb66","sha1":"ee15494eab31dfa4a09a9f6d055650508f4d5dea","sha256":"fbbaf2eca3f945c4a946db4d8b37be68768f95fbdd514b2c85c64ea928b30cd1","sha512":"d220d3724577f65aebc024786638f8a07cd8bcdaacbafa6c3d2d750f90e9c69b5cf88b5434aa296ce8a18d02f843928713bae924a4dd9c4e92fc289212762598","ssdeep":"96:Cnj1zm+DmCVo4JdHrlDtlUXZlilU+lSldlrlxlClwCdEu9dYR2+XQDjJ3aWaNgU2:ejxm+DmCVo4JdHrlDtl0ZliljlSldlrU","tlshash":"cba1ff2d98b894c5933fa92ef7ff764530210213a52aad47b5edd28d0fd012285a12f3","first_seen":"2024-08-13T02:04:39Z","last_seen":"2026-04-04T04:16:40.117728Z","times_seen":136,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/css/e969387914a98f4c06dfcccd712b79ff.css?ver=b79ff","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/css/e969387914a98f4c06dfcccd712b79ff.css?ver=b79ff HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 11498\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 12 Oct 2025 21:11:05 GMT\r\netag: \"d010-68e2da17-11619f5;br\"\r\nlast-modified: Sun, 05 Oct 2025 20:50:31 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vapckA%2BNM%2FpAZ5mzl1L3zORPgfWxugEhyVOz6JMVxXYH%2Fj0DtpFd6i6r1n7AtzIbAS%2Bew7A%2BkrOi2yFddCx%2BVBWjwWQbgtV9\"}]}\r\ncf-ray: 989fe8d528000b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53264,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (53264), with no line terminators","md5":"6fdfbf6e01c1384c8ee85b53b25c98a3","sha1":"c183168f602e61202f67bcbb16158dd6cb53293b","sha256":"38710a3e9ca472b4db5213631789ec9c2435a87db65105dd61083c8f0a1dce85","sha512":"36ee98d08f64a700a4dc1066349b74cd5c2117025f34dfa2f2519ec690f27c945a6eafa74695bca196b91ec050771e324caf054bb1aee23d0b607dd5aa71ef96","ssdeep":"768:3KeUB8BQlplrvYeb00NdCs+Hf6si6i7qdp+WOxBAs1XRCrv6:b4blpZhbej/Uqdp+ZAs1XYrv6","tlshash":"0033a32156d531acf437e276f9d16bc871344127e6230bfeea3ab179caca0950633a4d","first_seen":"2025-06-29T16:45:16.227449Z","last_seen":"2026-03-02T13:31:43.525578Z","times_seen":6,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-includes/js/jquery/jquery.min.js","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 29597\r\netag: \"15601-67b6dfd7-11426f1;br\"\r\nlast-modified: Thu, 20 Feb 2025 07:55:03 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HSJPJjC4JRrWYhdM9bFqN1lkNiNKmrnQlhchX0aseRCD0z99kIneKNusRThci%2BFvz0sZbMraKA1qYLiwHaNheCTqfacZYFEu\"}]}\r\ncf-ray: 989fe8d5d8690b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-05T11:47:06.785218Z","times_seen":687625,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /xxxtiktok/ HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-dns-prefetch-control: on\r\nx-pingback: https://xxxtik.app/xmlrpc.php\r\nlink: \u003chttps://xxxtik.app/?p=3302\u003e; rel=shortlink\r\nvary: Accept-Encoding\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rMwRWa6BuzeN2bGuWuO0ljk9YqYN%2B5%2Ff4Z1N1QZEvRLoqI0w%2BZPfLCj5C8G7COotoSljMLPUByY957xw7Os%2BGdztajvlvheP\"}]}\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 989fe8d5d8680b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":204920,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (27542), with CR, LF line terminators","md5":"a80a632ad82087d6cf8ad3add10f196c","sha1":"93c5ec687fc3704f55f126996947a87973daa121","sha256":"5ae87cd200f950b82ed922a398f318a8b362c3c9006e5d444c7a6c6a25f654ea","sha512":"b1bd1025a263b43138ad3460c3c2964f266bdf899ee8c9c6594b5fcec6ddee4d094ea7a22b4072ba3e384fb57a970f0bf488432937e7aa7513f58e012e7aac98","ssdeep":"6144:tcXL1iQg5MG7x+qehvP0x2pck2lATHg/W7ORq:tcXL1iQg5MG7x+qehvP0x2pck2lD4Oo","tlshash":"d414d56113b59cfa35bb97692d4da308a5039900c64a47e7f1bad29863cce950df3b0f","first_seen":"2025-10-05T21:11:43.454878Z","last_seen":"2025-10-05T21:11:43.454878Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/500/9977714?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"OPTIONS /500/9977714?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/dtmuF.zvd-GxVy2zZAW_5C0DPE2FF-kHSIWJQK9_MMTNAOzPM-DRUS4TNUS_ZWhXZYHZZ-zbdcWdJep_ZgDh0imjY-XlNmjnPoT_IqmrZsXtZ-lvbwnxRyU_eAXBBClDP-TFUGmHaI3_cK9LeMHNh-4PdQGRlSr_JUTVJWDXY-XZBawbJcn_BehfegWh9-1jdkDl0mw_JonpJqlrd-mtVuuvdwW_Uy9zMACBZ-yDcEmFlGk_PITJUKxLM-jNkO5PNQj_VShTMUzVU-zXYYWZYa4_McTdEe1fM-jhki0jMkT_km2nZompE-0rYsjtkux_NwGxEyyzJ-nBNCJDZED_0GmHcI0Jl-kLMMjN0Om_cQ0RlSkTM-zV0WmXcY3_Ma9bNcSdZ-zfdgDh0ix_JknlRmvna-2pVqurPsS_Zu1vbwmxl-xzQAnBlCa_bE2F5GlHP-TJEKmLdMW_5OpPcQURJ-5TWUmV9Wu_ZYVZRa5bc-GdUe9fMgS_Zi2jYkXlN-0nVoGp9qr_ZsWt4u9vQ-2xdyKzTA1_RC4DSEUFp-ZHbIkJpK2_WMVNdOSPa-VRlSXTNUW_tWLXaYUZF-4bTcVdRen_Mgkh9iEjU-TlFmNnaom_dq3rTsktd-NvNwFxlyU_SAmBlCZDa-mFcGyHTIm_pKVLdM1Nl-qPVQTRRSN_RUEVVW5XT-lZdaabbcU_5eUfRgHhZ-2jWkXlZmI_QomppqqrU-ltduBvLwS_0ymzeAmB9-uDZEUFlGk_PITJYK2LM-jNkOzPNQj_YS","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"GET /dtmuF.zvd-GxVy2zZAW_5C0DPE2FF-kHSIWJQK9_MMTNAOzPM-DRUS4TNUS_ZWhXZYHZZ-zbdcWdJep_ZgDh0imjY-XlNmjnPoT_IqmrZsXtZ-lvbwnxRyU_eAXBBClDP-TFUGmHaI3_cK9LeMHNh-4PdQGRlSr_JUTVJWDXY-XZBawbJcn_BehfegWh9-1jdkDl0mw_JonpJqlrd-mtVuuvdwW_Uy9zMACBZ-yDcEmFlGk_PITJUKxLM-jNkO5PNQj_VShTMUzVU-zXYYWZYa4_McTdEe1fM-jhki0jMkT_km2nZompE-0rYsjtkux_NwGxEyyzJ-nBNCJDZED_0GmHcI0Jl-kLMMjN0Om_cQ0RlSkTM-zV0WmXcY3_Ma9bNcSdZ-zfdgDh0ix_JknlRmvna-2pVqurPsS_Zu1vbwmxl-xzQAnBlCa_bE2F5GlHP-TJEKmLdMW_5OpPcQURJ-5TWUmV9Wu_ZYVZRa5bc-GdUe9fMgS_Zi2jYkXlN-0nVoGp9qr_ZsWt4u9vQ-2xdyKzTA1_RC4DSEUFp-ZHbIkJpK2_WMVNdOSPa-VRlSXTNUW_tWLXaYUZF-4bTcVdRen_Mgkh9iEjU-TlFmNnaom_dq3rTsktd-NvNwFxlyU_SAmBlCZDa-mFcGyHTIm_pKVLdM1Nl-qPVQTRRSN_RUEVVW5XT-lZdaabbcU_5eUfRgHhZ-2jWkXlZmI_QomppqqrU-ltduBvLwS_0ymzeAmB9-uDZEUFlGk_PITJYK2LM-jNkOzPNQj_YS HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:17.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 21:11:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 16893\r\nlast-modified: Mon, 17 Mar 2025 02:12:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d78504-41fd\"\r\nexpires: Mon, 06 Oct 2025 05:30:16 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 56460\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BzU5hA3kMFhkBUeInNTs10JWA1YpsuEIfjmpNNZUeNMYRbKjmar6wsJahpsOYG2RVmrPqSVGB1Vz2yzF7TCDnkL2a%2FLeWHywOBlp7T6zhQ%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989fe91c183556c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"31f5bb5f43a7bd2800c6724e3a4125d2","sha1":"bc1bcd6aa31ac91dd34359c2fbbcaefb3e15c875","sha256":"e5dd86d52381d2bff5f1b74d3923443d3d95ced64048662307ed3ec2d52eb61b","sha512":"472e23766bb20f680ab31d5c358d9555ce56596444072978dd6340ca5e918aedcf1985a811c7f3f41b72bb15ce3df8ca98a2fddb5ec9a1eeb5f30d586fc7c23e","ssdeep":"384:wDIuIpXyvlnQ8HrcT30rRp8Rp6g9TzBtnL1Ti7DpHQ9:wsHyvBXHrQxF93By7DhQ9","tlshash":"0572c06f0a4a5703999d1c0d1eab7c9d667a425f007c2e6b23239c5cf94a36f6042df5","first_seen":"2025-03-17T02:19:44.486682Z","last_seen":"2025-11-29T07:50:01.235056Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9977712","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roagrofoogrobo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 08:53:17 GMT","end":"Tue, 09 Dec 2025 09:42:14 GMT"},"fingerprint":{"sha1":"36:98:FD:42:B8:78:47:61:E6:41:83:74:32:D8:4E:C9:12:FC:2C:73","sha256":"AD:8B:CE:31:0A:CC:4D:23:3C:85:D0:8B:34:06:05:78:E6:43:91:6E:E5:86:22:C3:39:44:DB:D1:EA:07:67:57"}}},"request":{"raw":"GET /400/9977712 HTTP/1.1\r\nHost: roagrofoogrobo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K3pe8nP1FO2lxavus0%2BYL8AbT0t%2FIB85fQ6cymDTySUVuwmqiC3xrmJu3KqiteahGhh30NTid1NOC4YSJOsdn4Agdbe4jvPfLsFKOTYPZHdUMg%3D%3D\"}]}\r\ncf-ray: 989fe8e2099c35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164707,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"64707f8fe54513c4960fef0aa738469f","sha1":"85d6419fa13005d585592714e673e5076b78fc68","sha256":"f623471364d5e59a0ec0e277f736ba9d82e3ef21a01aedd4cf682c914559de80","sha512":"43753be9cd054672be722d37027dfc039ffdc9939aaea657e658313171e7c9c26cc5649c16940d0da876bf46e1aa983d116aaf3b7686214c78bcadf4b1ebbe6c","ssdeep":"3072:k+KTiU/5NcwS1hnidFtOdYyfTyCitmC7fj31gyEpNfC/SZWEcb:k+KOUzZcJ3faz7fj36yEPfC6oEcb","tlshash":"18f31a8c72a6b6861b73b4702d6fd60bb73e9944280f8541e385a0b87af540dc727bdd","first_seen":"2025-10-03T14:05:56.699382Z","last_seen":"2025-10-06T06:55:28.140224Z","times_seen":12,"resource_available":true,"data":null}},"time_used":1757,"timings":{"blocked":-1,"dns":1530,"connect":2,"send":0,"wait":69,"receive":0,"ssl":156},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"roagrofoogrobo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/401/9977714?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"POST /401/9977714?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2585\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json\r\nx-trace-id: 8625944bcf4d7a53f35dc58acdce2172\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:11 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2074,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"78aee4f18b126ffee02a997f58e9fe91","sha1":"70cf36bf499e85746cdc829ee85540fc465c3111","sha256":"3dacad869c9d56bff65a0f38f13e96dd084ffde64c5cb6ba8f34201a932d9f99","sha512":"e13c5248f23a14a4257f5fd243f1ca2475e7b00b7cddc4a5daf332a647980adde92ab3320efc8deb567dabe9a0cbadb04223058188051d4f6988842ad2eecbc8","ssdeep":"","tlshash":"7b4102088e28457e82de4ab5ec0b6d470bb9051f3a4c712eeb494d1770ebce403eb20b","first_seen":"2025-10-05T21:11:43.459315Z","last_seen":"2025-10-05T21:11:43.459315Z","times_seen":1,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.silent-basis.pro/301305/351499/1030585_20951z.webm","fqdn":"www.silent-basis.pro","domain":"silent-basis.pro","tld":"pro"},"ip":{"addr":"185.185.15.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.silent-basis.pro","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 Aug 2025 02:34:55 GMT","end":"Mon, 10 Nov 2025 02:34:54 GMT"},"fingerprint":{"sha1":"4A:EF:53:BF:E1:21:2C:56:95:8E:D1:18:C9:5F:97:85:8F:86:58:A9","sha256":"8C:AF:E0:D0:17:8F:63:B3:FF:11:05:D4:81:FA:B5:2C:3C:15:62:8A:77:53:D8:38:07:49:97:0A:55:E9:16:F1"}}},"request":{"raw":"GET /301305/351499/1030585_20951z.webm HTTP/1.1\r\nHost: www.silent-basis.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.20.1\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-length: 0\r\nlocation: https://ip423869593.ahcdn.com/key=XIPTXStYrED2UqmlsMQtzw,s=,,end=1759702272/state=aOLeUpSp/reftag=0410298788/origin=364804248/301305/351499/1030585_20951z.webm\r\ncache-control: private, max-age=300\r\nexpires: Sun, 05 Oct 2025 21:16:12 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237720,"size_decoded":0,"mime_type":"video/webm","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":107,"dns":63,"connect":20,"send":0,"wait":80,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/07/favicon-150x150.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/07/favicon-150x150.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 8574\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 12 Oct 2025 21:11:05 GMT\r\netag: \"217e-66a49c50-1144e3a;;;\"\r\nlast-modified: Sat, 27 Jul 2024 07:05:52 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M2KATuhUSfdbOgoVnKxGX%2BCkbYagzUwg%2F5hZqgo4ygkFoYoBP3s6Kf9OpIAm1fKljIAHwXUhACfidV5TP%2B50k%2FtN5%2FM5fZSs\"}]}\r\ncf-ray: 989fe8d51ff40b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8574,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"d27ed842324ee64826fe5352e496c724","sha1":"290539f41e34d2a75de45434ef514b290406fd23","sha256":"544ff5df1267160aecef285fd0f3ca0f484c3a806b6b1b957bba7e9a5bce53d5","sha512":"985b2ea8cf644a5824fe23e7233731444714e4c3f857a38b90509bc722c6023adef886c02b5248400172096c1706b68f9bf727d5b4a854f5aa526267c72868bd","ssdeep":"192:L47fU09xZg730nZiUpNrxgxWI+8ZTTNq+mVquOsoQ65uBRfvv:LqZ9LgLgZiQOemTQ5ZOQ6oTvv","tlshash":"6502bfc25b73b9ffdc24a1f389f887de094b825818a5db1c9e09f85c245af1095b1e47","first_seen":"2025-10-05T21:11:43.462293Z","last_seen":"2025-10-05T21:11:43.462293Z","times_seen":1,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-includes/js/jquery/jquery.min.js","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 29597\r\netag: \"15601-67b6dfd7-11426f1;br\"\r\nlast-modified: Thu, 20 Feb 2025 07:55:03 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9WBbuWdwfyu2g69NA6bkl7vdCZ0kwTfKsXuHJt4vWjlaR5csNb65XvRXK6iSDZnfVRpgWVnmrds0OjCUXVqmYddOkkZC6QlZ\"}]}\r\ncf-ray: 989fe8d528030b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-05T11:47:06.785218Z","times_seen":687625,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/wrr?z=9977711\u0026p_rid=68eea352-21ff-4f54-9b97-36241342ff3c\u0026rb=jeXoNMmLAs0iEv7J4HHjoeZFr0Bg58arOopar7Gk2m0rnGvC-YiFBeL6T3Ou-RyC-ndAYqXfZOBGNxKn33W2GUGbgNXL2YInL5is_V93uZyrHfuWL_i5lptMM8UoNeGiPPMeDAAn2saDzv5qvkK2ZnOwGld8Pa0ua4atE5XmRbsVhN2ea5ZfwpHA6U3GOmQavqnE1SpQtD_uHuNBWx4M6VZ3s4jEErQZckLS-Bgg_hBaXlbuince3h6MbNW07hTwhs2gl4_cUxgO_Hbl-wbe1XdZhHB_oPf5LkxWGeNRkeU=\u0026dmn=\u0026userId=008259d0a0ab4038fc1295696b53dbe8","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"OPTIONS /wrr?z=9977711\u0026p_rid=68eea352-21ff-4f54-9b97-36241342ff3c\u0026rb=jeXoNMmLAs0iEv7J4HHjoeZFr0Bg58arOopar7Gk2m0rnGvC-YiFBeL6T3Ou-RyC-ndAYqXfZOBGNxKn33W2GUGbgNXL2YInL5is_V93uZyrHfuWL_i5lptMM8UoNeGiPPMeDAAn2saDzv5qvkK2ZnOwGld8Pa0ua4atE5XmRbsVhN2ea5ZfwpHA6U3GOmQavqnE1SpQtD_uHuNBWx4M6VZ3s4jEErQZckLS-Bgg_hBaXlbuince3h6MbNW07hTwhs2gl4_cUxgO_Hbl-wbe1XdZhHB_oPf5LkxWGeNRkeU=\u0026dmn=\u0026userId=008259d0a0ab4038fc1295696b53dbe8 HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fxxxtik.app","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"212.117.186.12","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 21:21:47 GMT","end":"Wed, 24 Dec 2025 21:21:46 GMT"},"fingerprint":{"sha1":"AB:7F:25:A4:47:EA:FD:C0:FD:04:9D:5B:DE:04:FB:AC:82:37:67:A1","sha256":"8C:B6:C9:8F:CE:4F:DB:23:24:8F:04:DB:40:06:BA:C3:2B:0E:91:55:37:A9:E1:FF:A6:E7:DF:7F:FE:FD:BB:65"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Fxxxtik.app HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9977714","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"glempirteechacm.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 09:17:39 GMT","end":"Tue, 09 Dec 2025 09:53:30 GMT"},"fingerprint":{"sha1":"3F:A8:06:E3:71:9A:6E:58:27:6B:91:B4:76:71:5E:AA:9E:52:1B:B7","sha256":"6D:1D:F8:7C:0A:4D:64:81:EF:3B:5B:68:B9:EF:9A:65:98:6C:FE:23:BD:43:71:6C:71:C7:BB:F8:A1:9D:64:CE"}}},"request":{"raw":"GET /401/9977714 HTTP/1.1\r\nHost: glempirteechacm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aa5NYyh1ukaosrfMXtvONaUf2n393uYxFmVo4eb4JlJijRav7g1LZRlY6KfYKwAM7acgTiVIkBESJ%2BNK%2F4pQjr9FtsDbQ91rClxJiF%2BofrTy2Z4%3D\"}]}\r\ncf-ray: 989fe8f7dc18c759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":168170,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e2f502d56d1012a6c8f9f45996d9272a","sha1":"509e89091d9e581c4070ec7e61ae9a8dac65fe00","sha256":"cadd957ca3445b54783a660ad627095435abb32ecea082a37cda6c24a1c8b73c","sha512":"afcb3b616e42343552aa10c51775fc0c87b89d634a8bdc333fc4de8293676141847d6d0871bc1c623e9c7d495f8f169a5b2e574b22e062c276800a767168c483","ssdeep":"3072:kPGS7PMIPGWK8/UFoNWV3IZNo8y0YZy6/rp9T37ccqe//SJWN8i/:QhPMIPGWKKeoN44ZNo8y0h6/rp9T3hk0","tlshash":"3af3d59c329170dd1b76a421263b9e9eb52fd9d0ac8ec551e05af0fc7e3401a83a3ed5","first_seen":"2025-10-03T13:38:24.449553Z","last_seen":"2025-10-06T10:54:10.557209Z","times_seen":11,"resource_available":true,"data":null}},"time_used":10433,"timings":{"blocked":5180,"dns":5022,"connect":1,"send":0,"wait":71,"receive":0,"ssl":157},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 21:11:06 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 254be628ff76e7af9e03e816e898cddc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":3,"connect":20,"send":0,"wait":24,"receive":19,"ssl":45},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.plump-message.pro/ecc874/bf80491dfeaf.js","fqdn":"www.plump-message.pro","domain":"plump-message.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.plump-message.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 07:03:15 GMT","end":"Thu, 01 Jan 2026 07:03:14 GMT"},"fingerprint":{"sha1":"2F:51:C4:B7:97:9E:34:C7:13:A6:DA:D2:9E:CD:92:EE:5C:31:DF:25","sha256":"BA:B4:47:34:A3:80:4F:30:FA:EC:77:3B:65:78:08:AD:B2:6B:B0:AF:6E:5D:D5:FE:6A:B6:66:4E:7C:00:57:75"}}},"request":{"raw":"GET /ecc874/bf80491dfeaf.js HTTP/1.1\r\nHost: www.plump-message.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: text/plain\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Tue, 07 Oct 2025 21:11:11 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103679,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"1ee2e7d55324807126d33f98d5aa79a5","sha1":"abca75d68fb2ad2ede44f4c22d542bad554b4f06","sha256":"937a622a0542092f89060457db6c07ab17e673a8fa0ed76912d46a5c49f2f1fd","sha512":"a35c76568c8598b09a78264da61a49919263cbe4102695701c7ee8958c0a198b3adcf38a0526bb257972c9b11ca6bd05f4b583b102d43c2d707baf493fc7064f","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPv2C:OijxEQq3P5Enne9zkWHLj","tlshash":"61a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-10-03T08:37:41.665661Z","last_seen":"2025-10-06T01:17:23.154252Z","times_seen":34,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":47,"dns":4,"connect":21,"send":0,"wait":19,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/themes/appyn/style.min.css?ver=2.0.16","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/themes/appyn/style.min.css?ver=2.0.16 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 11493\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 10 Oct 2025 12:56:12 GMT\r\netag: \"cf8b-67e3f0ac-1144993;br\"\r\nlast-modified: Wed, 26 Mar 2025 12:18:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 202492\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1VykMMbFgGl0a4U9xpe4XcU5neYxLXqr8GeHEz%2BXNvxSX%2FP5bqzZL72q9%2BssTuz91M5caAm3wRwECqEgOkW5Tb73AoAcYrv%2B\"}]}\r\ncf-ray: 989fe8d52ffc0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":53131,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (53131), with no line terminators","md5":"1e4042029aa10d53bdd17a9b69eb06f0","sha1":"8bc3b1f3daba8cdc661a557b1a0012edd461028d","sha256":"de6a883e70f756583b96cadd0bedca6a808606cb61778019b07dbc6d35fe579e","sha512":"a51597bcb1b937245401bde7171c19718d74ff3aea2de1a1f903ba4c30d795f6d33ef0edbd2de35282f3e0bcc9ad269702cdeb9fb6f3bf5f56b581d23d12aa6e","ssdeep":"768:gKeUBjBQlplrvYeb006dCs+Hf6si6f7qwp+WOxBAs1XRCrv6:m4qlpZhbbj/zqwp+ZAs1XYrv6","tlshash":"bb33a32156d531acf437e276f9d16bc871344127e6230bfeea3ab179caca0950633a4d","first_seen":"2025-01-27T03:46:48.573777Z","last_seen":"2026-04-03T08:48:35.545802Z","times_seen":69,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js?userId=008259d0a0ab4038fc1295696b53dbe8","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 28 Aug 2025 13:14:02 GMT","end":"Wed, 26 Nov 2025 14:13:48 GMT"},"fingerprint":{"sha1":"7A:B2:21:7F:72:E3:39:3E:95:5D:FB:ED:BB:1C:7E:88:C4:7A:B1:B3","sha256":"FB:1D:6D:AF:DA:57:8D:9A:8B:B2:CC:FF:A2:55:C8:F3:71:3D:49:77:06:FC:4D:6F:16:91:61:6F:89:1C:A3:CB"}}},"request":{"raw":"GET /gid.js?userId=008259d0a0ab4038fc1295696b53dbe8 HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:06 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 989fe8d7add50883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ce2e4359923000044909dc3b0fc2d308","sha1":"107ac79d9c77133cff3c086e6263743c2d307a1e","sha256":"67266dadaddff6703a561ae38725cab9fd8d1e0aec33d3f40f850487885a7cf9","sha512":"603c0a0b5bd2768c5f7c36f1b6653a9453541b27ccdff3082abe9df5df6cc18448ff15c91853f5d515bce00b22dae784eeab1cb85afbaba671001b5037caf177","ssdeep":"","tlshash":"5ea022000e0c00c8000c0a2e3a2ac303c82a0080a000220c80fa820282e230c8f033a0","first_seen":"2025-10-05T21:11:43.472147Z","last_seen":"2025-10-05T21:11:43.472147Z","times_seen":1,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":48,"dns":0,"connect":2,"send":0,"wait":34,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.plump-message.pro/ecc874/bf80491dfeaf.js","fqdn":"www.plump-message.pro","domain":"plump-message.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.plump-message.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 07:03:15 GMT","end":"Thu, 01 Jan 2026 07:03:14 GMT"},"fingerprint":{"sha1":"2F:51:C4:B7:97:9E:34:C7:13:A6:DA:D2:9E:CD:92:EE:5C:31:DF:25","sha256":"BA:B4:47:34:A3:80:4F:30:FA:EC:77:3B:65:78:08:AD:B2:6B:B0:AF:6E:5D:D5:FE:6A:B6:66:4E:7C:00:57:75"}}},"request":{"raw":"GET /ecc874/bf80491dfeaf.js HTTP/1.1\r\nHost: www.plump-message.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Tue, 07 Oct 2025 21:11:11 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103679,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"1ee2e7d55324807126d33f98d5aa79a5","sha1":"abca75d68fb2ad2ede44f4c22d542bad554b4f06","sha256":"937a622a0542092f89060457db6c07ab17e673a8fa0ed76912d46a5c49f2f1fd","sha512":"a35c76568c8598b09a78264da61a49919263cbe4102695701c7ee8958c0a198b3adcf38a0526bb257972c9b11ca6bd05f4b583b102d43c2d707baf493fc7064f","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPv2C:OijxEQq3P5Enne9zkWHLj","tlshash":"61a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-10-03T08:37:41.665661Z","last_seen":"2025-10-06T01:17:23.154252Z","times_seen":34,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":45,"dns":3,"connect":20,"send":0,"wait":19,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:13.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 21:11:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9910\r\nlast-modified: Thu, 27 Feb 2025 16:35:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67c0943f-26b6\"\r\nexpires: Mon, 06 Oct 2025 01:16:56 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 71657\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S601RGW6hFLhdyKV9vkLlSh8r%2F5%2FNMsx6mcUZN08nWkpdaEncxNgc1J9%2FRe07NHHaE%2BRb92O44OlE%2BnJGU9HYZ08neAYwLsVFcCCIkUMsA%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989fe9049ebd56c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9910,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3","md5":"5e2ab0eed18d035e0ff0c39cc5cfd27c","sha1":"1baf8a735404756b573053e2e55471e90725e03c","sha256":"c2d42867eb040910ea0ac9142143ac620a1280c0160fdf2fa57bdb010ec318fa","sha512":"4a397ae895c598f1e07d5ba7f48e37900e633d576af80350f213dd997baa6d9198f2142421ad57a8504c2810e7c2830910594ab11415b401795c922513e88ae2","ssdeep":"192:eJZGe1Kgs442STFKHBahL4CxoUu47A5t4FUPVC15rC:ezGLgs+STFKHAh0C3NM5nC15rC","tlshash":"f212b0c4fca14c72db60cbbd1824d24a3f7c02539b91a75f22aa86315cba4bf71d55a2","first_seen":"2025-04-11T02:20:54.089609Z","last_seen":"2026-03-15T06:38:48.799887Z","times_seen":137,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/honeypot/includes/css/wpa.css?ver=2.3.03","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/honeypot/includes/css/wpa.css?ver=2.3.03 HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 247\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 09 Oct 2025 18:55:44 GMT\r\netag: \"2f7-68dd9bdc-1161197;br\"\r\nlast-modified: Wed, 01 Oct 2025 21:23:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 267321\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t9hXuz2gr48nDjfbWjxDlTu7oL%2F95fPZpbyHfPQzWZx%2Bj%2B6cJ1lo38IFLs5ZRcogf4JxZ6%2FL2Wspb%2FpM0UYXl%2BhrXVgeN%2Fsk\"}]}\r\ncf-ray: 989fe8d52ffb0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"a0b823f7ab1f0a3a563fb10c3664d2a6","sha1":"0dd5bce879ab0d3b972f3ea4dedc301bcfc9d6b1","sha256":"7e7d81a09a47d0726c0de06e37e162c4b83fc2b1a4a5f5962fb5c29840183421","sha512":"20cb6d2625469aeb463242449d5040a416dd9919b63074a7adeac3912e4d779db06816dc7388d2c6a3ac23664865c3233d4b1d466b01ff01cbe41c30d929dcba","ssdeep":"","tlshash":"1901ad13f6d81181a41747a8a96bf7fd7f7e825283410f7568a1b3388b88efb2d24585","first_seen":"2024-06-04T14:19:26Z","last_seen":"2026-04-05T11:52:01.855696Z","times_seen":7323,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9977712?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9977712?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":92,"dns":0,"connect":30,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/05/icon-75x75.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/05/icon-75x75.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 4002\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Oct 2025 14:07:54 GMT\r\netag: \"fa2-66337b12-1144dd7;;;\"\r\nlast-modified: Thu, 02 May 2024 11:37:54 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 134494\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7PfK9HqGL93BumOyKLJQuvVUh31YeU%2FWRtl7yr9%2FM42vuEiBypHAR4Hjysg9%2F2Ns7JRFgTo09BPjSKNVS%2FRUqe%2F%2FhUGnv2GH\"}]}\r\ncf-ray: 989fe8d628b90b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4002,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"65052875ea6ed2378ca42947ad811df4","sha1":"563cfb34997f99c5fc3b8b6673551bea21fb27c8","sha256":"e7e0e5c6c7d076b4e6f6f0f6f718e8e615c63fbc6b1855654c901fbf13b80a63","sha512":"92a797e7bf51881749ca8856c6e1d6777a5644f61109a0e15695be45f7ace35363302060386ad80bab1e4c136d6811d1bd0a2744f390c9aa316c2b2aefd04075","ssdeep":"","tlshash":"ac818db4e8290e7c83c9642beef62896ca0438190387ca6f91532d369f5fba417553f4","first_seen":"2025-10-05T21:11:43.476242Z","last_seen":"2025-10-05T21:11:43.476242Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/uploads/2024/10/favicon-75x75.png","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:09.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/favicon-75x75.png HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3; dom3ic8zudi28v8lr6fgphwffqoz0j6c=619eb20b-0c70-488e-9788-174c75b967c0%3A2%3A1; pp_main_d8faf53894cdd595b3c9b5230c862bcc=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:09 GMT\r\ncontent-type: image/png\r\ncontent-length: 4014\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 12 Oct 2025 21:11:09 GMT\r\netag: \"fae-6714b443-1144e00;;;\"\r\nlast-modified: Sun, 20 Oct 2024 07:41:55 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wPqOBP%2B8BLqBf1BUjGepKYVkgks%2BeI4UlX4WzyMiljZh6qWFe%2FGS4gvThwpKdw6rH8Ohrh52VGj9bzAeLTUfVRPJJww%2F8rXB\"}]}\r\ncf-ray: 989fe8ea5d6d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"4054866a84838549729af89d7afa326a","sha1":"40044ea34492c038baa8d760e5dae013d4d82068","sha256":"c0ce372ee349b328acb6a66ffe2fd65ba6b3b8574cf12139186038ae4216dde1","sha512":"23b789609c68e78741145e482c2af61f57b767f9254122ab3baed58479939ded2a72bdb58abbf0666b58be04564e08baa4ea5e291483b74ff0f71df3e289fe3b","ssdeep":"","tlshash":"50817d6fcd6e9ce0d53d4db3997e4c3866527214c2345c5a8a218f8b1077cdd8e99819","first_seen":"2025-10-05T21:11:43.442748Z","last_seen":"2025-10-05T21:11:43.442748Z","times_seen":1,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:17.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 05 Oct 2025 21:11:17 GMT\r\ndate: Sun, 05 Oct 2025 21:11:17 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26935,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"0674bb1b4725131d0ccedb9f2119d9fa","sha1":"354de89c766f790720b9b55a28ce76bc2f2878e8","sha256":"37e93534f20120328ca625c0011682d90e4e4f4e702b0f90baf22d0c1f7fc8b4","sha512":"db19ac78c34f52d076a4b91cc180acb24697a1c8385c2d848ea0363ca684177c9f01de0a7115c165c8a01d4ea1441e86c98c8ae32292c15d0bd373500c52db23","ssdeep":"768:DFAFRFYFKFf4FQLFDFXFRKNyEfSQv3rgXU/9ffQiqGr8vkSfEQNVR1GJuofOQjLh:EcvMo1","tlshash":"32c2fba108174000978358e223cebf34fe4f92507141d0b5abfdab6bedcbc6652693ad","first_seen":"2025-09-09T04:12:34.447807Z","last_seen":"2025-11-18T23:33:55.824058Z","times_seen":1117,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":48,"dns":0,"connect":8,"send":0,"wait":19,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/css/e026d4e93a9125a7d489462b895c709b.css?ver=c709b","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/css/e026d4e93a9125a7d489462b895c709b.css?ver=c709b HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 663\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 09 Oct 2025 18:55:48 GMT\r\netag: \"8ed-68dec5a2-11402b5;br\"\r\nlast-modified: Thu, 02 Oct 2025 18:34:10 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 267317\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bPOZHkMikIr1uwF7ySlhqyOEM0ITI9n7w05Q5NBPf8QVeUz3Qajx%2FymW7b%2FBPQ%2BVm1P0zWXIoo28xwNOLubBxyBW7qOofUqo\"}]}\r\ncf-ray: 989fe8d528010b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2285,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2285), with no line terminators","md5":"a76e976f05a6c563cbe2c326f73864c8","sha1":"0a6d7bbe5e014802b671a1d3d2d0fb484376d6f1","sha256":"1bdff9a0dae25b15c58a3a32da60da033e7c667efa310fa32a6ba5340d08feed","sha512":"b8ba84980c53119effea50bcac8a17f36430af85362e3dbb0ebb71a05ba8cfb95a777bda498b1323229f3f2ff4e1b1a3456a21c468ced7488a6c206d2757d678","ssdeep":"","tlshash":"7541fe375d98908cf62fc66273e9bec924208113e1b77d9b55e2fa2883c234500f2ad7","first_seen":"2025-05-13T03:13:59.709967Z","last_seen":"2026-02-07T16:13:05.042948Z","times_seen":9,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fxxxtik.app","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"212.117.186.12","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 21:21:47 GMT","end":"Wed, 24 Dec 2025 21:21:46 GMT"},"fingerprint":{"sha1":"AB:7F:25:A4:47:EA:FD:C0:FD:04:9D:5B:DE:04:FB:AC:82:37:67:A1","sha256":"8C:B6:C9:8F:CE:4F:DB:23:24:8F:04:DB:40:06:BA:C3:2B:0E:91:55:37:A9:E1:FF:A6:E7:DF:7F:FE:FD:BB:65"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fxxxtik.app HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: a97fa794a0f9=675c16f2cf24c1613f4ecd\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ab2149bed00bad62da1c2c0d4aa529a3","sha1":"5f886ff030a5a289e00a9979fb5fa5adb86a6693","sha256":"91f0b3e54d159ceafdcdc943d13c0d4d5d1f32b096cd31cbcdbfc5198c5bf1aa","sha512":"c3493287f5eee5ac6eb442b37366190320a2e47d2b0b05a069869953c82cd28e2104559215637b432f6c4ae295b90e22d1d1c1f7334154bc699e9cd0665a3b93","ssdeep":"","tlshash":"0780002ca0ec80ab0a8ba0283c0800e30b00a2aaf8f20a28ce20a2c8000b08a0080803","first_seen":"2025-10-05T21:11:43.394984Z","last_seen":"2025-10-05T21:11:43.394984Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:07:02 GMT","end":"Sat, 29 Nov 2025 00:07:01 GMT"},"fingerprint":{"sha1":"AD:4F:15:9E:60:62:A7:16:BA:4B:37:64:C6:01:6B:2B:99:47:89:BE","sha256":"44:74:EA:98:35:48:9C:28:63:20:61:17:18:F6:2B:0A:57:68:36:F4:EF:B0:67:1E:C0:7C:41:30:13:2C:02:F1"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 21:11:06 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5c9920ad0f4c8153b487ca5941196685\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":3,"connect":20,"send":0,"wait":19,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pxl-eu.tsyndicate.com/api/v1/error?errorcode=100\u0026p=APeICDOGjggdMFgMhAPnIA0cMXDgUEinzcEYN2rksJEDh40bMSi2kXEx48aOH2PkkJFDIRw2Yw4mFDHmjEyFY9AcdFOHDZs-CgIC\u0026s=9ba79b4ba1f7236b748ad5b0417ef9c48017dc1cad6df4176dd2d5e4786d498a1759698671","fqdn":"pxl-eu.tsyndicate.com","domain":"tsyndicate.com","tld":"com"},"ip":{"addr":"88.99.138.221","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:12.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsyndicate.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Sep 2025 20:10:41 GMT","end":"Thu, 11 Dec 2025 20:10:40 GMT"},"fingerprint":{"sha1":"25:5B:D4:FE:8D:85:CA:1A:7D:3A:B0:58:EC:2D:7A:B0:62:90:21:1F","sha256":"DF:0A:26:3C:A9:CF:97:54:23:20:C6:11:EB:C6:8C:7F:02:14:58:C8:F6:3B:08:10:27:BF:78:67:09:32:DC:9C"}}},"request":{"raw":"GET /api/v1/error?errorcode=100\u0026p=APeICDOGjggdMFgMhAPnIA0cMXDgUEinzcEYN2rksJEDh40bMSi2kXEx48aOH2PkkJFDIRw2Yw4mFDHmjEyFY9AcdFOHDZs-CgIC\u0026s=9ba79b4ba1f7236b748ad5b0417ef9c48017dc1cad6df4176dd2d5e4786d498a1759698671 HTTP/1.1\r\nHost: pxl-eu.tsyndicate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: cookie_user_id=87a2e4a0-cdb6-5639-a1a3-eccdaa426134; bfq=APeIECNCx5YuLESMKXgwYRmGXfoo\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:12 GMT\r\ncontent-length: 0\r\nx-robots-tag: noindex, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":105,"dns":29,"connect":37,"send":0,"wait":36,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9977712?excludes=23316440\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:13.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9977712?excludes=23316440\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nCookie: OAID=008259d0a0ab4038fc1295696b53dbe8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:13 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 0313b6308de73827801b4d47a9f00a1f\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:13 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1652,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"454a1a184e4cc833f589de356675fad2","sha1":"ecc8dc89b1df0200fd4208a5cca585132aa25ed2","sha256":"bda68a6cf6127605b25a9ee0310b96b86e31cfecbeefb3165a37ca723e5c9f61","sha512":"2b42642ad62627bf02c445f4a87163a3106334f0c416e7164b6387d19b31d69f09d558b05c411dd6fd4379aa725333544873246c539b68b8dea8ce1fb6afdc0d","ssdeep":"","tlshash":"85310f57ce372eb54e18c4809c6df49782d95045c8e1b3949d05dc93622ef6554c5ac0","first_seen":"2025-10-05T21:11:43.483234Z","last_seen":"2025-10-05T21:11:43.483234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"104.21.73.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 16893\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Mar 2025 02:12:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d78504-41fd\"\r\nexpires: Mon, 06 Oct 2025 05:30:16 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 56452\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rkj8EmGTgZyjYiDYP90pqAHsbi6XlvXULnTwOT3LJfXFigDgw80GTjU%2B2v%2FMKSR%2F%2F91GdQfrIIr3F7T%2Bm9ob4fV0dXmrMSfhPpzkGMeNSA%3D%3D\"}]}\r\ncf-ray: 989fe8e85f2f56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"31f5bb5f43a7bd2800c6724e3a4125d2","sha1":"bc1bcd6aa31ac91dd34359c2fbbcaefb3e15c875","sha256":"e5dd86d52381d2bff5f1b74d3923443d3d95ced64048662307ed3ec2d52eb61b","sha512":"472e23766bb20f680ab31d5c358d9555ce56596444072978dd6340ca5e918aedcf1985a811c7f3f41b72bb15ce3df8ca98a2fddb5ec9a1eeb5f30d586fc7c23e","ssdeep":"384:wDIuIpXyvlnQ8HrcT30rRp8Rp6g9TzBtnL1Ti7DpHQ9:wsHyvBXHrQxF93By7DhQ9","tlshash":"0572c06f0a4a5703999d1c0d1eab7c9d667a425f007c2e6b23239c5cf94a36f6042df5","first_seen":"2025-03-17T02:19:44.486682Z","last_seen":"2025-11-29T07:50:01.235056Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":51,"dns":4,"connect":4,"send":0,"wait":10,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fg.obanlazed.com/rFJ7sY2AYsw5gndBM/86551","fqdn":"fg.obanlazed.com","domain":"obanlazed.com","tld":"com"},"ip":{"addr":"23.109.170.98","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fg.obanlazed.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 23:12:15 GMT","end":"Wed, 12 Nov 2025 23:12:14 GMT"},"fingerprint":{"sha1":"56:93:1D:4C:57:2F:82:DB:D8:C4:17:9E:CD:14:AA:05:04:F2:D9:18","sha256":"60:CA:C5:DC:13:E8:7B:B6:B8:C1:E1:89:38:26:F3:8B:F7:3F:BD:25:D0:65:E1:75:74:3F:5F:31:13:21:13:A5"}}},"request":{"raw":"GET /rFJ7sY2AYsw5gndBM/86551 HTTP/1.1\r\nHost: fg.obanlazed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 06-Oct-2025 21:11:07 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyMEKgjAcB%2BDtTwwiPfzA7j7ByhSxa3aM7eATqI0QZBvbKnr76vh9jDEqMtDikXcnWTWdrNqzbBvwB0hp0GwhlAvv8QMeQMcaFCx2Oq6u7N3Tpt%2FP2PwNviDTFz2U2hurTALZiG0%2FTqs5XIcbuBcMlJwgULwXDPwl9l8VoRyd; expires=Mon, 06-Oct-2025 21:11:07 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87895,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"14d7231aeb6beefff225eeec02364fb8","sha1":"f71367ce70860c9f21be0127a8d84794ce7854bb","sha256":"98c45817f592fe735df7e8851faacd1349084b0d1dcce063ab792b2e16e401d8","sha512":"c96f360b3e1590b1f0f782b119b64ee02f3b61552510ee3289edaae97eaaadb1dc19020e39573afa4d317340dca9680da7b42dc0715c68a4c87d9c2067000a85","ssdeep":"1536:VH4Nb//9tCeyamXi3sTyHb74jsTQSP7NaXErDkybzXqr9ql:9CHKej7Ssn1","tlshash":"12833990b362b0fd8f8a55e7a2369113e13d3c84704e8cb4e17e7d543e5294ae17e6e8","first_seen":"2025-10-05T21:11:43.485868Z","last_seen":"2025-10-05T21:11:43.485868Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2768,"timings":{"blocked":1360,"dns":1322,"connect":21,"send":0,"wait":40,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"fg.obanlazed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14956\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 10:08:47 GMT\r\nexpires: Fri, 02 Oct 2026 10:08:47 GMT\r\ncache-control: public, max-age=31536000\r\nage: 298938\r\nlast-modified: Tue, 18 May 2021 21:21:26 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14956,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14956, version 1.0","md5":"4334c2753ff9f057d9de926e66882c9e","sha1":"36352b82f41b8de16636e5dee0c52cc70ef56080","sha256":"c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7","sha512":"31a49bbb18890fd63ba799dcde2da6e5ef65cf6bd3a34a8814924c76a2226177e387db2d82175b192e4ae28cd6d12e0e7d01b3ba2f22f52318561022acd4eed1","ssdeep":"384:JGTGE3FuVj1kxQnQBMRIzJfeU7y99uV55US1ZhCJZo4mCEloO:0TG5bnMughy99C5US1Zp4m5oO","tlshash":"ca62c07777727603f8c7927317b9065b24749e43a8ed33281cce610a6423b1eee45d44","first_seen":"2023-04-09T08:26:31Z","last_seen":"2026-04-05T08:12:19.357496Z","times_seen":1012,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/400/9977712?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"POST /400/9977712?oo=1\u0026sw_version=v1.740.0-s\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026st=true HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2585\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:08 GMT\r\ncontent-type: application/json\r\nx-trace-id: 84e482f20ab23f899daa5e182059582d\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=008259d0a0ab4038fc1295696b53dbe8; expires=Mon, 05 Oct 2026 21:11:08 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2072,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"08d5dd61e5309d526af1d458fced1bf8","sha1":"daf1c2217137d4d2b89f9f7dd69d0f8545e371c8","sha256":"9750f76c65f7a39bd379e007ba1c313d9d05ed60d0add3e1ebc1bb273a279f2a","sha512":"acb07d6e9873228ba3879c41b5b0e9074a53de6e5bdaa3e5d4e4ffaae3fe6b6aaccf4bdb159e3b69393a5f3590cb5f7e78b39dc41ca9e1f1abd3c352b702d8b9","ssdeep":"","tlshash":"354100089e28417e86de4ab5ed0b6d470bb9051f3a4c712ee7494d1770ebde503eb20b","first_seen":"2025-10-05T21:11:43.488932Z","last_seen":"2025-10-05T21:11:43.488932Z","times_seen":1,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":95,"dns":2,"connect":29,"send":0,"wait":32,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:28.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 05 Oct 2025 21:11:28 GMT\r\ndate: Sun, 05 Oct 2025 21:11:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26935,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"0674bb1b4725131d0ccedb9f2119d9fa","sha1":"354de89c766f790720b9b55a28ce76bc2f2878e8","sha256":"37e93534f20120328ca625c0011682d90e4e4f4e702b0f90baf22d0c1f7fc8b4","sha512":"db19ac78c34f52d076a4b91cc180acb24697a1c8385c2d848ea0363ca684177c9f01de0a7115c165c8a01d4ea1441e86c98c8ae32292c15d0bd373500c52db23","ssdeep":"768:DFAFRFYFKFf4FQLFDFXFRKNyEfSQv3rgXU/9ffQiqGr8vkSfEQNVR1GJuofOQjLh:EcvMo1","tlshash":"32c2fba108174000978358e223cebf34fe4f92507141d0b5abfdab6bedcbc6652693ad","first_seen":"2025-09-09T04:12:34.447807Z","last_seen":"2025-11-18T23:33:55.824058Z","times_seen":1117,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/litespeed/js/ad2c7feefaf76741ff4f028f0131e09a.js?ver=1e09a","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/litespeed/js/ad2c7feefaf76741ff4f028f0131e09a.js?ver=1e09a HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1049\r\netag: \"d09-68e2de64-11619fa;br\"\r\nlast-modified: Sun, 05 Oct 2025 21:08:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=USAP%2F%2Bo3mEewZ26cXq36TSA5Z6%2Bg9ShlVG3uV4YWNUPQS9%2BHZEfNwnQ1wOx%2BNc%2Bg6ORWp3n5NzAg5ANnxp%2FuSXb4Z2n0LKA0\"}]}\r\ncf-ray: 989fe8d528080b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":3337,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1229)","md5":"fc8c089e48c61d9bb9e2b9ef5110520c","sha1":"93aac259cc549c2b1c573af01b72a1675b112f62","sha256":"ed2fbe244441cba2c9e0d25d5782b212e48c518ca3edd2302f56c3faba59df5d","sha512":"1b6389a74850f62882dda957ab8c18167e767ea7571bb9612070d38a08f14d82824fe4b6f5049083c40589b28cf0043014a2d2a75dcbdc6f13d14e7196ffdf3b","ssdeep":"","tlshash":"6d61e204915508e23632d7f5fee7e72523199016ff08dd46ef28dcea8b84d967122f89","first_seen":"2025-09-21T22:44:54.549581Z","last_seen":"2026-03-01T13:05:12.455702Z","times_seen":30,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/wrr?z=9977711\u0026p_rid=68eea352-21ff-4f54-9b97-36241342ff3c\u0026rb=jeXoNMmLAs0iEv7J4HHjoeZFr0Bg58arOopar7Gk2m0rnGvC-YiFBeL6T3Ou-RyC-ndAYqXfZOBGNxKn33W2GUGbgNXL2YInL5is_V93uZyrHfuWL_i5lptMM8UoNeGiPPMeDAAn2saDzv5qvkK2ZnOwGld8Pa0ua4atE5XmRbsVhN2ea5ZfwpHA6U3GOmQavqnE1SpQtD_uHuNBWx4M6VZ3s4jEErQZckLS-Bgg_hBaXlbuince3h6MbNW07hTwhs2gl4_cUxgO_Hbl-wbe1XdZhHB_oPf5LkxWGeNRkeU=\u0026dmn=\u0026userId=008259d0a0ab4038fc1295696b53dbe8","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:06.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"POST /wrr?z=9977711\u0026p_rid=68eea352-21ff-4f54-9b97-36241342ff3c\u0026rb=jeXoNMmLAs0iEv7J4HHjoeZFr0Bg58arOopar7Gk2m0rnGvC-YiFBeL6T3Ou-RyC-ndAYqXfZOBGNxKn33W2GUGbgNXL2YInL5is_V93uZyrHfuWL_i5lptMM8UoNeGiPPMeDAAn2saDzv5qvkK2ZnOwGld8Pa0ua4atE5XmRbsVhN2ea5ZfwpHA6U3GOmQavqnE1SpQtD_uHuNBWx4M6VZ3s4jEErQZckLS-Bgg_hBaXlbuince3h6MbNW07hTwhs2gl4_cUxgO_Hbl-wbe1XdZhHB_oPf5LkxWGeNRkeU=\u0026dmn=\u0026userId=008259d0a0ab4038fc1295696b53dbe8 HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\ncontent-type: application/json\r\nContent-Length: 2585\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:06 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 360\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7c3a176be0369aaaac0b39146dae36dd","sha1":"354b60010dcc3d6429125302ebb7119ef09b0c59","sha256":"834a97bec7d26456fc4d90b51a4ebb1fe3c851030e36227b359c40066026b503","sha512":"27406587224cae1c544f9ad345398b21ce84f4a9c097ab191b4f44da10d2c7be222cf11355a81e4e0cca061d4a82d8823f851317b2e53f922f2d1a53c43d57fd","ssdeep":"","tlshash":"fda01220800435181582140b0964dc2147fc439319550020e51c3f708018100020a001","first_seen":"2025-10-05T21:11:43.493283Z","last_seen":"2025-10-05T21:11:43.493283Z","times_seen":1,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/wp-content/plugins/litespeed-cache/assets/css/litespeed-dummy.css","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /wp-content/plugins/litespeed-cache/assets/css/litespeed-dummy.css HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/css\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 29 Sep 2025 20:23:44 GMT\r\nvary: accept-encoding\r\nlast-modified: Thu, 11 Sep 2025 21:24:33 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RmskIHIx7uo2aBjyG8QhPeDiTnW8FHeIT0ZOvWhYXqbz5LwJybu65EMeosQS5JGOwsRWyVQvjPMUtY%2FNttgudVJK8hCrcHip\"}]}\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 446365\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"3c-68c33e11-1144a92;;;\"\r\ncontent-encoding: br\r\ncf-ray: 989fe8d51ffa0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":60,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"6fa931a5525f902f3af4b91fc1ad6d21","sha1":"e95d117369b53f5e8432a7f609b7417a6c70f794","sha256":"5899796194a008757d3c6a62459c262e20d5f41a863153669f33b7ee3f87093c","sha512":"59bcabbfc4cbdd6194bae49a74412416d8c30ddc23471334d4f78b611a4bc378138698a1c598dd2f191a0b247a73be0d76f6404cc5827038e3e4c0b05643c940","ssdeep":"","tlshash":"dda002b2e4150792e2c56655f61242702231a24d5195de1714d1595971d613cb207259","first_seen":"2025-07-24T23:40:56.081957Z","last_seen":"2026-04-05T08:54:23.991866Z","times_seen":1814,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=102116da-fbae-4295-9145-bfe638bd7f23","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:08.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=102116da-fbae-4295-9145-bfe638bd7f23 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1403\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Sun, 05 Oct 2025 21:11:08 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 12\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://xxxtik.app\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"adb4650bfc9d2a73d4dd69583b0ceb14","sha1":"1ce399d6e936232aaf2192cd7903a279c5015f22","sha256":"21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed","sha512":"3fbce22572bbed1aada0f7c6706f16a97e7c0ea132dfee1a7eb80f5e68da1cc63c891a5bc3ea8e87f0c97be3002212a0efbb2af9553acb45e0d447a685cd805b","ssdeep":"","tlshash":"436000000c3000000cc00c0000c00030ff300f00000f00c0000c00f003030c0c00c000","first_seen":"2023-04-05T07:30:31Z","last_seen":"2026-04-05T11:37:19.74613Z","times_seen":56019,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":85,"dns":0,"connect":30,"send":0,"wait":30,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/Y.2-xLpMZNWO5_0QZRGSFT0-YVTW9XyYc_malbkcPdT-kf0gZhWiJ_lkOlTmUnz-MpGqVrhsO_TuEv3wNxj-Qz4AOBTCl_hEZFjGgH1-MJjKhLjMN_TOkP2QZRG-QT3U","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"POST /Y.2-xLpMZNWO5_0QZRGSFT0-YVTW9XyYc_malbkcPdT-kf0gZhWiJ_lkOlTmUnz-MpGqVrhsO_TuEv3wNxj-Qz4AOBTCl_hEZFjGgH1-MJjKhLjMN_TOkP2QZRG-QT3U HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 52\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:17.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:57:53 GMT\r\nexpires: Fri, 02 Oct 2026 12:57:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 288804\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oamsursumsauz.net/500/9977713?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"oamsursumsauz.net","domain":"oamsursumsauz.net","tld":"net"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:18.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oamsursumsauz.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:35:01 GMT","end":"Sat, 18 Oct 2025 05:35:00 GMT"},"fingerprint":{"sha1":"15:08:E5:10:97:98:9A:68:4B:96:AF:40:16:99:5E:A2:7F:6D:1B:FA","sha256":"80:1A:EF:F3:CD:54:AD:65:88:C6:E0:97:07:75:81:E5:4C:41:38:16:E0:EB:F9:4F:72:C9:12:E3:8C:7A:C3:23"}}},"request":{"raw":"OPTIONS /500/9977713?excludes=\u0026oaid=008259d0a0ab4038fc1295696b53dbe8\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.740.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fxxxtik.app%2Fxxxtiktok%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: oamsursumsauz.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:18 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":124,"dns":32,"connect":30,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/xxxtiktok/","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-05T21:11:05.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"GET /xxxtiktok/ HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 21:11:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-dns-prefetch-control: on\r\nx-pingback: https://xxxtik.app/xmlrpc.php\r\nlink: \u003chttps://xxxtik.app/?p=3302\u003e; rel=shortlink\r\nvary: Accept-Encoding\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g909tMGcGyB0rbCYqIx9hYWK4SJ2nrr3QMXNwOtHgUGC6uKlwG8SN15mqoq8isABkLv3XPPTWrN%2B9dljN988i1SOAZUg5CDL\"}]}\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=3,cfOrigin;dur=32\r\ncontent-encoding: br\r\ncf-ray: 989fe8d4afae0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":205424,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (27542), with CR, LF line terminators","md5":"160c01a8fa103c10d992c862a5e014be","sha1":"33134d9d47739e2484814ca6ffb5ad37111fb71c","sha256":"ec236efb4d6888c2fa4a9dd4340537662d428512e886d1f97abcaf1f0f94d09e","sha512":"6ee52338714f9b778ed060280a8cbb9f4ff59a6e0aba79bf0f1298621b93cf15eb6353de4815f0b96e570f842131678ef28ffd124377e53621abad167c0cd125","ssdeep":"6144:tcXL1iQg5MG7x+qehvP0x2pck2lATHg/W7ORl:tcXL1iQg5MG7x+qehvP0x2pck2lD4Ov","tlshash":"1714e56113b59cfa35bb97692d4da308a5039901c64a07e7f1bad29863cce950df3b0f","first_seen":"2025-10-05T21:11:43.496898Z","last_seen":"2025-10-05T21:11:43.496898Z","times_seen":1,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":14,"dns":1,"connect":4,"send":0,"wait":52,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amusingbase.com/b.X/V/sedcGPlN0nY/W/cV/eeYmk9/uYZtUglLkWPkTrYL2mMkj-k-z/NqT/gOtyNrj-YPytOWTDM/1HO/QJ","fqdn":"amusingbase.com","domain":"amusingbase.com","tld":"com"},"ip":{"addr":"88.85.94.250","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amusingbase.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:52:14 GMT","end":"Fri, 19 Dec 2025 23:52:13 GMT"},"fingerprint":{"sha1":"CF:4F:A1:A9:80:00:5C:01:99:49:96:3E:59:40:C1:C2:98:52:F8:6B","sha256":"CB:73:6C:5F:9D:0A:7D:54:6F:7A:64:D5:44:0C:46:C0:9B:70:68:2B:FA:7F:6F:37:61:5F:DA:6C:97:C9:61:8E"}}},"request":{"raw":"GET /b.X/V/sedcGPlN0nY/W/cV/eeYmk9/uYZtUglLkWPkTrYL2mMkj-k-z/NqT/gOtyNrj-YPytOWTDM/1HO/QJ HTTP/1.1\r\nHost: amusingbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: application/javascript\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET\r\nlast-modified: Sun, 05 Oct 2025 21:11:11 GMT\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding, Origin\r\nset-cookie: uniqCookie=588326de784bcbd85d28307a5124530e; max-age=1762290671; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":737890,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22794)","md5":"a2ab3a2805e10803a21d549c6855bf6f","sha1":"44166b41a53a11cb8f907f76f20a5233943620f2","sha256":"15574654d090b7c7293cfb1b2246de1ba1b9e005902c5b4dcfb204f7be2ac489","sha512":"61ff76df5b9b949c524d0872abc2adeccc87df16038f960d15a2ac5467423f19d7a4dd5f2861592a5889bf5a8c17aec9630a6b3507e0538520034e0051a398ac","ssdeep":"6144:YHZboEBkleZbAf9SjZxPLJv79EnVtK2QnUOl2M3Ty3N1vVdgyYhvcpgs0kOREQUJ:Y5Af9SjZxPN5ECrl2MDZvLtCRCHaF","tlshash":"8ff43bcdb195707202d760b5953f530e733a9a299408c06cf529e9e92db8e4da23bf7c","first_seen":"2025-10-05T21:11:43.49868Z","last_seen":"2025-10-05T21:11:43.49868Z","times_seen":1,"resource_available":true,"data":null}},"time_used":10585,"timings":{"blocked":5228,"dns":5163,"connect":21,"send":0,"wait":129,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://xxxtik.app/\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxtik.app/cdn-cgi/rum?","fqdn":"xxxtik.app","domain":"xxxtik.app","tld":"app"},"ip":{"addr":"104.21.2.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:11.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxtik.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 07:50:33 GMT","end":"Sun, 21 Dec 2025 08:48:06 GMT"},"fingerprint":{"sha1":"72:98:6C:94:29:80:FC:6E:34:D4:78:8C:3E:9F:90:03:A2:25:7B:AE","sha256":"3D:1E:A0:9F:D0:6B:0E:56:A7:96:90:AB:D0:78:99:FD:82:C8:48:79:EB:76:7B:72:AE:D5:E7:11:E7:66:4E:7E"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: xxxtik.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 1016\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/xxxtiktok/\r\nCookie: cf_clearance=PtgQF.dSVk5HyfOXxCtzINIKJnOLP3Aqj_OjR6rctsw-1759698665-1.2.1.1-3cZYcPKABSXibBQA1yAf_.yC_4qtfZMVrDQhKj6PN.vZLO64B7mfD0Sx8qGK4Q3smCyFNmcYllycn_EncFyyXcHEKa3ghVZu_fSzets_3J7Gk7z1ZqjBQ4ukyKJ7k.eOamyjj8CrdkABeiQjarX6grGnsicxKUwnFfFORPAXknStc_53fTMQgSUpZtr6emLTt5Hx35GoA8lwNJAQ.btU5BLAQqWhqXR3whnsoQwOLgU; _lscache_vary=25535832db285c9c2ae7620ca706ea91; test_variant=3; dom3ic8zudi28v8lr6fgphwffqoz0j6c=619eb20b-0c70-488e-9788-174c75b967c0%3A2%3A1; pp_main_d8faf53894cdd595b3c9b5230c862bcc=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mcL48jH1vDeXqZXqM6G%2BBu0jxN%2F70eRvRGsRayO%2FmwxpAGF8EQl1yWmK%2FTuDYB2VzW1Bz5WIL2pYu6ru%2BBoDTW83mCMpuEGv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 05 Oct 2025 21:11:11 GMT\r\nserver: cloudflare\r\ncf-ray: 989fe8fb7e71569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:05.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxtik.app/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 78972\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:55:48 GMT\r\nexpires: Fri, 02 Oct 2026 12:55:48 GMT\r\ncache-control: public, max-age=31536000\r\nage: 288917\r\nlast-modified: Tue, 27 Jul 2021 16:27:13 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78972,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 78972, version 1.0","md5":"97d61470a7ead61a027990e86b8042ce","sha1":"5153316ff4c573cd4e8c236a01c71742f5fd0544","sha256":"9c702801fa3fee8f55c6dd59c5ed20c4277a439e8410e99cc883231a16863910","sha512":"dd97ed528bb1f3803b90f8ae9dab9d8ba98d894acc95294ed8a00908a99b3bc54685328011145ac1c75461f219897db58130c9dc3f8545bfe4074717fed156c3","ssdeep":"1536:NSSeBJ46tBrt+1lAlcBDPlkPwrE5J4r7H/da8lb54yP8VhBuD+Re:NM46jrt+M9wrWJ47H1a8lt4yEVhBrRe","tlshash":"6b73120f992422d246e0cfed1cf152cc8a616db2faa27dc983d0d095b65477ef9b5388","first_seen":"2023-05-05T03:32:30Z","last_seen":"2026-04-04T21:47:03.671704Z","times_seen":648,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":27,"dns":0,"connect":8,"send":0,"wait":11,"receive":16,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"subportgommier.top/gd/86551?md=eyJhIjo3NDM4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly94eHh0aWsuYXBwL3h4eHRpa3Rvay8iLCJoIjo2MTgzLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5Njk4LCJrIjowLCJ1IjoiNjc1YzE2ZjJjZjI0YzE2MTNmNGVjZCIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJ0NTI5YTR5aGkwYzZnM2IiLCJvIjp0cnVlLCJtIjoxNzU5Njk4NjY3MjE4LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjJYeHhUaWtUb2slMjBBcHAlMjB2MS45LjIlMjAtJTIwRG93bmxvYWQlMjAyMDI1JTIwQW5kcm9pZCUyMEFQSyUyQyUyMCUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhcHBzJTNBOCUyMiUyQyUyMmFwayUzQTYlMjIlMkMlMjJhcHAlM0E2JTIyJTJDJTIyeW91JTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026fc=t9wMwocZTHuXqxiYm-dIgA\u0026pr=R3nHriyal2GUy9BtmUAT1w","fqdn":"subportgommier.top","domain":"subportgommier.top","tld":"top"},"ip":{"addr":"23.83.67.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xxxtik.app/xxxtiktok/","date":"2025-10-05T21:11:07.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"subportgommier.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 22:40:50 GMT","end":"Sat, 27 Dec 2025 22:40:49 GMT"},"fingerprint":{"sha1":"5E:5B:72:4C:74:08:11:65:CF:2F:D4:FC:AC:AA:B6:F2:85:61:A9:F7","sha256":"F1:5A:1C:C6:B5:BD:6B:46:A8:21:66:4A:A9:23:0C:25:10:34:6B:8B:63:40:E8:CF:11:10:35:A8:76:44:22:A7"}}},"request":{"raw":"POST /gd/86551?md=eyJhIjo3NDM4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly94eHh0aWsuYXBwL3h4eHRpa3Rvay8iLCJoIjo2MTgzLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5Njk4LCJrIjowLCJ1IjoiNjc1YzE2ZjJjZjI0YzE2MTNmNGVjZCIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJ0NTI5YTR5aGkwYzZnM2IiLCJvIjp0cnVlLCJtIjoxNzU5Njk4NjY3MjE4LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjJYeHhUaWtUb2slMjBBcHAlMjB2MS45LjIlMjAtJTIwRG93bmxvYWQlMjAyMDI1JTIwQW5kcm9pZCUyMEFQSyUyQyUyMCUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhcHBzJTNBOCUyMiUyQyUyMmFwayUzQTYlMjIlMkMlMjJhcHAlM0E2JTIyJTJDJTIyeW91JTNBNiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWUsImR0IjpmYWxzZX0\u0026fc=t9wMwocZTHuXqxiYm-dIgA\u0026pr=R3nHriyal2GUy9BtmUAT1w HTTP/1.1\r\nHost: subportgommier.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxtik.app/\r\nContent-Type: application/json\r\nContent-Length: 82\r\nOrigin: https://xxxtik.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Oct 2025 21:11:07 GMT\r\ncontent-type: application/json\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xxxtik.app\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 06-Oct-2025 21:11:07 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyMEKgjAcB%2BDtTwwiPfzA7j7ByhSxa3aM7eATqI0QZBvbKnr76vh9jDEqMtDikXcnWTWdrNqzbBvwB0hp0GwhlAvv8QMeQMcaFCx2Oq6u7N3Tpt%2FP2PwNviDTFz2U2hurTALZiG0%2FTqs5XIcbuBcMlJwgULwXDPwl9l8VoRyd; expires=Mon, 06-Oct-2025 21:11:07 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":751,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c4bc97b168b7bed91b4a075a47699c32","sha1":"541d1911cdf5838b80dcec1e469a5444241fc8a0","sha256":"0f5e9f29fe5309caa9891eef249f7def4745aabfc4171f6482d9d592b4c88965","sha512":"6c18ff69602d5ea8db0367b6b0305f3f9d1ca133e8c24b0cf55c90f95d284ea67c22892d74055f98de44fbd9272cb45c58dfb4a0be3979b79e6cc08bf33ddfff","ssdeep":"","tlshash":"da01b5a0f5d0b0e9e69669ec1f161f6e9422b7833b514a485f01a3d88170d31338d57d","first_seen":"2025-10-05T21:11:43.501539Z","last_seen":"2025-10-05T21:11:43.501539Z","times_seen":1,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":-1,"dns":6,"connect":23,"send":0,"wait":429,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"subportgommier.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}