{"report_id":"3acfcc96-fd6a-4c1f-a220-110d9632e945","version":6,"status":"done","tags":[],"date":"2025-12-21T20:17:28Z","url":{"schema":"http","addr":"www.mrkiit.ga/","fqdn":"www.mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":0,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"final":{"url":{"schema":"https","addr":"mrkiit.ga/","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"title":"mrkiit.ga - Quality Private Cams Videos","dom":{"size":16711,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (600)","md5":"7cb16a6d09062fec9145b4758c15cade","sha1":"b36a3f12a032b25b401476756465aa5d85f65288","sha256":"fa41bfc1a2fea6b62de754a29e4577835334257f8345e67ad436b12b8585ebce","sha512":"b22dbb8ae4f203a45f7354650b797c305aa36d02ddd2c377fa8120dbf414c394253e926bf15daffe41834e69f2ea50bbdf8482dd5c813ceba6e8a14410a016af","ssdeep":"192:/yLZsN0x6nbmCt5EoU5hoMwvlzbHanstYbO201NcZqUe4pQDKd+ld:qLZsXbms8hoT62Ya1EF+b","tlshash":"fa72b527548d293f025242c6f4553ead9afb843ce6980867b5f7883f33c4ec9a4663d9","dom_hash":"domhash622307ce6b905c40d60fd418e0f9b882","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.mrkiit.ga/","fqdn":"www.mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":0,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-25T20:17:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"xteensfap.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"hidden-harbor.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"www.mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"www.mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"mrkiit.ga","ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-03T05:35:58.447702Z","last_seen":"2025-12-19T03:02:59.457234Z","alert_count":25,"request_count":13,"received_data":208696,"sent_data":7088,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"MyBB","description":"MyBB is a free and open-source forum software written in PHP.","website":"https://mybb.com","common_platform_enumeration":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","icon":"MyBB.png","categories":["Message boards"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"xteensfap.com","ip":{"addr":"104.21.23.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-30","domain_rank":0,"first_seen":"2025-11-03T05:35:58.441557Z","last_seen":"2025-12-12T05:57:09.66872Z","alert_count":2,"request_count":2,"received_data":117883,"sent_data":881,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hidden-harbor.top","ip":{"addr":"104.21.53.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-28","domain_rank":1375147,"first_seen":"2025-06-13T17:06:10.494131Z","last_seen":"2025-12-12T05:57:08.924218Z","alert_count":1,"request_count":1,"received_data":58435,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.mrkiit.ga","ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-21T20:17:28.587222Z","last_seen":"2025-12-21T20:17:28.587222Z","alert_count":2,"request_count":1,"received_data":16962,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img1.pixhost.to","ip":{"addr":"94.229.45.2","port":443,"asn":48326,"as":"DataNetworks s.r.o.","country":"Slovakia","country_code":"SK"},"domain_registered":"unknown","domain_rank":1934784,"first_seen":"2025-05-02T03:31:52.819602Z","last_seen":"2025-12-21T19:39:18.561036Z","alert_count":0,"request_count":1,"received_data":2661,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"t94.pixhost.to","ip":{"addr":"94.229.45.2","port":443,"asn":48326,"as":"DataNetworks s.r.o.","country":"Slovakia","country_code":"SK"},"domain_registered":"unknown","domain_rank":5474762,"first_seen":"2024-03-04T09:09:44Z","last_seen":"2025-11-23T03:52:43.86975Z","alert_count":0,"request_count":1,"received_data":9812,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/jquery.plugins.min.js?ver=1821","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf1f71e20e14765d6d5ea640aa4f7fc7","sha1":"d1f3a0e46dd50d3a4d1839cb821ad42802619def","sha256":"a3f1ec1a12c5ba59cf41f98406b4a296f7a54b8c4904de9a6f1fc2e4db19b149","sha512":"db3f8dba9327793a4d00b0e1266ef60d6f2424ab1235d673def9ee026be896aa10cb02e0b95f8b82bdf76ac49720662c84fa2b419026178c905c5a9c2f1bff0a","ssdeep":"384:HWwrEXSUb3GjSPqGorxn+viQRvuB6haZ7braU:HWmE/3G2hcraU","tlshash":"f662924fba7523a48aff2177a01f196521339db508c24858f1bd87d95d78c0492afb3e","size":14799,"data":"","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-04-19T10:47:58.152987Z","times_seen":1246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfd6e84569438112f01765db6764f593","sha1":"19310a44a23a22894fd2b9d41002f55c07b4de04","sha256":"c66ad6c148809c9d85859d9d89b4c8c8dae32f89e889c85f877f26cd16b0996a","sha512":"69797168b59b8fb90606cd709baf36c562e4c1c2700041aac9da55ebb8eaa8fe75d80515497d26f4cc13738e718b817b32cc1f8cc0dffca4dba604574d3e5012","ssdeep":"","tlshash":"604144d374cd5c35004d20a36c7d68c19e4bd098bb1cac27db29f87d63808dd97b66aa","size":2283,"data":"","first_seen":"2025-12-21T20:17:35.944436Z","last_seen":"2025-12-21T20:17:35.944436Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/general.js?ver=1827","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":false,"md5":"373ad0e5af45e8cd17b064aaa7c2d465","sha1":"9e83f3daac4c6387937fa2a3e98dbe9cc1c9169e","sha256":"491afa838f1b1eef0454c529c8f6fcdcec59ea31110dda7430f85cc53fb82898","sha512":"0014001020da5ef12874c5727ce95d1163834414dbe201ea72f60423bde91e8e7d2d671fa18ec190d0573e3b76093a496f7662d5b81e0f804d42834dddffd98a","ssdeep":"384:7HrwCLFwqbPl88aLqh8cOrT6CIJ6X5jO1/zD:oqbPltaLqUXCJ0jOx","tlshash":"bb6262c8ff2c152b81be3069949f58c96c3c803188945cf7bc6855d4bae8a1e536fe78","size":15709,"data":"","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-04-19T10:47:58.153547Z","times_seen":1140,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"3e778a0599600893f6740e061f0db321","sha1":"a9f01d1beac63e231a419894462ddf00adcd86ae","sha256":"391dc11066c3b8e2f89bfe77f24d5ccb9f39c5ab3a499559caa7a4d5a8b175c6","sha512":"60da55c43f8b588bfa9c280f855c11935b06942db1ea1dace8e65dfb315d22cde302286d00ab6e5c4db011f0f37faead51987ed5b9a1fef5123fda6fafad5cc6","ssdeep":"","tlshash":"5ab0929862985b5a02f311986a9814a616708abe816c695b2a05b914a20d84462cae43","size":125,"data":"","first_seen":"2023-03-07T14:37:29Z","last_seen":"2026-04-19T06:50:43.970191Z","times_seen":409,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":true,"md5":"e0e774c6eac4073121eb55b9e21d3511","sha1":"5156ea2435d223d0519ddce05085a2510c7b1807","sha256":"45a342390daafbd778ec29ac08c0cd3273410c225c6c1101306700c811b530b5","sha512":"2fd9fdf983e2f651be2955965a0be96ad581a2544bfd5718d3959966bf6d6ed8a39bce6a3d076b735638bb24d1cfc5646f72ac151c295478abe2361e5298f4d9","ssdeep":"","tlshash":"45a012a1c08c0407823411120c002025202fc4780052de496cb159a050c4706036040a","size":77,"data":"","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-04-19T10:47:58.179755Z","times_seen":1012,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/jquery.js?ver=1823","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"introduction_type":"scriptElement","is_inline":false,"md5":"12b69d0ae6c6f0c42942ae6da2896e84","sha1":"d2cc8d43ce1c854b1172e42b1209502ad563db83","sha256":"6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f","sha512":"a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:AYh8eip3huuf6IidlrvakdtQ47GKl","tlshash":"e893f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89475,"data":"","first_seen":"2023-03-07T01:02:27Z","last_seen":"2026-04-19T10:47:58.169293Z","times_seen":15122,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mrkiit.ga/images/forum_icon_sprite.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:10.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/forum_icon_sprite.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/cache/themes/theme1/global.css?t=1702465910\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 1130\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1130,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 120, 8-bit colormap, non-interlaced","md5":"212f6e3895ee44bf54b31cf39a162611","sha1":"7d1f15044536b4f243495c47b03b2334b5493b4f","sha256":"b95e7d7fb4d9efd1e305194cd5ec83f0b16a02baad62b355c66f1af8688a528b","sha512":"7c968518495f4b58c53f29a58bc0151ce5d37500769a1c7f838c39b56613eae5ba36a4f3f6fbc059fa117578b098411b56837319d772e61af97c76d4de9d55a9","ssdeep":"","tlshash":"f021b97b4b9164208d8c7bfc691374124e7a999d3846757fb1af2630041d5bb5409150","first_seen":"2023-05-08T13:43:42Z","last_seen":"2026-04-19T06:50:43.917009Z","times_seen":321,"resource_available":false,"data":null}},"time_used":1146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-21T20:17:07.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:08 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, private\r\nSet-Cookie: mybb[lastvisit]=1766348226; expires=Mon, 21-Dec-2026 20:17:06 GMT; path=/; domain=mrkiit.ga\nmybb[lastactive]=1766348226; expires=Mon, 21-Dec-2026 20:17:06 GMT; path=/; domain=mrkiit.ga\nsid=fa22e1ff88209146071983038aab2084; path=/; domain=mrkiit.ga; HttpOnly\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MyBB","description":"MyBB is a free and open-source forum software written in PHP.","website":"https://mybb.com","common_platform_enumeration":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","icon":"MyBB.png","categories":["Message boards"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16769,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (602), with CRLF, LF line terminators","md5":"7fd4bc839ff66a0a84e63752dcd59eff","sha1":"f445a3f46af5dd218ec22e6c6524404fb34c5512","sha256":"97ee900aec28413c0ce2c9042ebf1f991f95892dcfd91ada8b42185e8c493544","sha512":"df410f71caf1355b23bb3a51f659f1668c73ae6eb774962f925f8a730b6059951392fad308acd135693fb868221ac383249dbd717d00adf8133bb717585ea002","ssdeep":"192:My8Usz0x6WYimCt5EoQp5oVwv4wvDPBicunstjOYrOh0FNqoVqUcbDSbfg:r8UsoYimsAoVYps12jN5FMIfg","tlshash":"8372b526548c393f029242c6b4613ead96fb843de7580867b5f7483f33c4ec9a4672d9","first_seen":"2025-12-21T20:17:35.932822Z","last_seen":"2025-12-21T20:17:35.932822Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1872,"timings":{"blocked":430,"dns":12,"connect":205,"send":0,"wait":1013,"receive":0,"ssl":211},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/cache/themes/theme1/global.css?t=1702465910","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /cache/themes/theme1/global.css?t=1702465910 HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:10 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Dec 2023 11:11:50 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31277,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"6dca31a92bd774f00e8513b3f141ca51","sha1":"2f8b2c7d691ee232eb76b0c3e7c905419efe896c","sha256":"969bc9ffb0d9ee825abb23a99e1f634f4cffe59df319d1afdcdf61e5733c2623","sha512":"691fc035589397c4e661836d88524ad187a2499bff9d4f4f3bd5a85fafdd74fe697268272206432c35e24cfa6f339a18a5207b208aabacbd2e8a6edefc97cef3","ssdeep":"768:SSlX9UEND0StaM7xZ6h6tLSGOL3bLnSbcAmSna:SSB9UENCMrLSGOHLnSna","tlshash":"c4e2507b35511989720f90eafe15dbd9272f0092be0e1f25b4ad3d7ca3894e01537ea8","first_seen":"2023-04-14T13:41:58Z","last_seen":"2026-04-15T18:04:00.602311Z","times_seen":276,"resource_available":false,"data":null}},"time_used":2010,"timings":{"blocked":419,"dns":0,"connect":206,"send":0,"wait":1170,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/cache/themes/theme1/css3.css?t=1702465910","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /cache/themes/theme1/css3.css?t=1702465910 HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:10 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Dec 2023 11:11:50 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3114,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"926db993b5ce157d2f8dc0a3ebbb198b","sha1":"7b31fcb7d12af07bb714c01c03e13857a98a2bc3","sha256":"ca63f43eff03f479ba21b135c7164d4ff0eef2d0cf3cea4767c1c52c14833f6e","sha512":"b4123c9f2322e53f026cb79d2a1d6974fe865847e765a4dbb26df9dc00885f2e02ec727132c2e192dd3718adc49dd846a5448a410cdafcf9d90273518e688a04","ssdeep":"","tlshash":"ad5152bf341c06986326e94aba19dee3718f03136576aca5f1d0fc3c1202dbe5e558ad","first_seen":"2023-05-11T01:58:08Z","last_seen":"2026-04-19T06:50:43.941804Z","times_seen":326,"resource_available":false,"data":null}},"time_used":1810,"timings":{"blocked":415,"dns":0,"connect":206,"send":0,"wait":977,"receive":0,"ssl":211},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/images/logo.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 29996\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Dec 2023 11:54:28 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 253 x 159, 8-bit/color RGB, non-interlaced","md5":"e7e0a165723f1e547901b3cd18e0e448","sha1":"067175d52322b7ff3786852ef9da91a2aade2e14","sha256":"7685180092541729fd56f6de00381f493e0b541377a6d6e0dbd4c86269d7666f","sha512":"53c3cfefdde5914cbdd95eaefe6a05e7473e3ed4e9ef0e4343f23da51ad795654713ba587f87ef563ebeca96da314e5d4f4acd7b478942778d50a905b6d08656","ssdeep":"768:fvJbeRuH0IZwqV0IQ89s20c0E9Kniscwe5bj6D6:HIRg0IVKb2KniDN5beD6","tlshash":"bed2f193e3f27c8c22d95841238061339d11c103bb7b9511a3dafa756ad2e8de875ef0","first_seen":"2024-08-29T17:58:15.111596Z","last_seen":"2026-02-21T21:16:38.060571Z","times_seen":6,"resource_available":false,"data":null}},"time_used":3109,"timings":{"blocked":1596,"dns":0,"connect":0,"send":0,"wait":1511,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xteensfap.com/wp-content/uploads/2025/09/banner1.png","fqdn":"xteensfap.com","domain":"xteensfap.com","tld":"com"},"ip":{"addr":"104.21.23.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xteensfap.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 30 Oct 2025 10:03:15 GMT","end":"Wed, 28 Jan 2026 11:00:24 GMT"},"fingerprint":{"sha1":"9D:20:7A:C9:12:19:09:14:CD:1D:8B:22:77:95:DD:2C:4D:9D:1B:0C","sha256":"23:BE:12:16:B4:AD:AC:DC:38:6B:D4:86:EE:E7:D8:9C:DE:98:8A:AD:F1:46:3B:31:76:1F:93:63:CB:9A:92:11"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/banner1.png HTTP/1.1\r\nHost: xteensfap.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 20:17:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 69367\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 20:11:30 GMT\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kgRaFX5RjxKBKMtZ1hc04%2B53nio%2FsGjvaFaCD5SRy3oCMdniHM62RlHvkNA%2FdulpyfevXsOUETiM7cmzz%2FyYISf%2BT5hGODDsMC%2FR5Ho%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\ncf-ray: 9b1a0fcb284149c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69367,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 567 x 82, 8-bit/color RGB, non-interlaced","md5":"0e29b879d3ddd65d487c5b45d79d71e0","sha1":"4f18e6e300c1dbbfdbeaabddb4e65af5667ae04b","sha256":"5082be9cf3ad06db111c0accde2deeb8a5f8e8230de1eb4b34b114d66c60e2d0","sha512":"1e12e6f158fdeb60222d3bf0c9e27be4da11c8a51bde8d085bdef382adec1d6db97909021348a4d544467168b4255c6e0ce5c090ccf37a8bde275d1de11decc4","ssdeep":"1536:m/L6Y8kjJzYTYCrHRz2IrQBwzylaFe+C2VS6Q9HRo75uokm3:TGJzYTYcqIrQBey0MyoHRyam3","tlshash":"886302b4b0bced9a08b1060f77a8f13464be10937795ded2e1b3d4b268ddb45325135a","first_seen":"2025-09-08T18:21:29.801246Z","last_seen":"2026-04-10T00:02:00.656102Z","times_seen":40,"resource_available":false,"data":null}},"time_used":5090,"timings":{"blocked":1590,"dns":0,"connect":3,"send":0,"wait":361,"receive":2,"ssl":3134},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"xteensfap.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hidden-harbor.top/static/images/banner.jpg","fqdn":"hidden-harbor.top","domain":"hidden-harbor.top","tld":"top"},"ip":{"addr":"104.21.53.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hidden-harbor.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 21 Nov 2025 20:09:29 GMT","end":"Thu, 19 Feb 2026 21:07:13 GMT"},"fingerprint":{"sha1":"97:2F:64:9A:08:5E:2C:48:6D:20:C8:25:1A:04:67:00:6B:18:27:B1","sha256":"24:D3:41:4C:75:89:AD:A9:24:87:3E:F3:D3:CB:B4:68:40:18:72:DA:D2:5E:72:00:55:6A:8B:E4:FF:80:CD:A7"}}},"request":{"raw":"GET /static/images/banner.jpg HTTP/1.1\r\nHost: hidden-harbor.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 20:17:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 57728\r\nserver: cloudflare\r\nlast-modified: Sun, 03 Mar 2024 12:47:52 GMT\r\netag: \"65e47178-e180\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nage: 3645\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3uXSiLx3tEfAGUoeNT7xU0%2FT%2Bmu0RCpI0KxYwkPn%2Fj4LC2vh8u0oOOWacHlqiUz8VIa5nn5ziXoG5i%2FDxMd39Yt7JEfe841T4CtwR1DJBg%3D%3D\"}]}\r\ncf-ray: 9b1a0fb7992156c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57728,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2024:03:03 07:10:05], progressive, precision 8, 468x60, components 3","md5":"61e902d01f0d2406d7e358225dc2729f","sha1":"5ff23b949f090835731570e1f78f43782d5604e8","sha256":"dd03a8110295840e1fed53ef996fd9a255e5889cf3934df9a6989a6c19ac07c6","sha512":"67fc19b4e8fdbd66772b7ef58dc614138914671b708545941d938ceb2b77660f763910c6675d2ee58e8cb54060de41318a9a95ebf0634d3f818e0353d35adbfd","ssdeep":"1536:57aW7a+LrXnSxpM1QmOgt+/5NymXfy04Mi0l:85OQp7mERNymvBfl","tlshash":"9743e122b7918e06fae09b75d4f1d3d3f7754f9a175366137d9c750063a8382e88e281","first_seen":"2024-04-28T04:23:43Z","last_seen":"2026-04-10T00:02:00.674748Z","times_seen":51,"resource_available":false,"data":null}},"time_used":1617,"timings":{"blocked":1594,"dns":0,"connect":1,"send":0,"wait":10,"receive":2,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"hidden-harbor.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/images/headerlinks_sprite.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:10.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/headerlinks_sprite.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/cache/themes/theme1/global.css?t=1702465910\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 2342\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2342,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 196, 8-bit colormap, non-interlaced","md5":"e38f7f29cf3f740d7dc3651cb82098ec","sha1":"65787e91831d3707a9ec747ab272c1fb5d52b2d8","sha256":"bc8ea31d4d1a30effac6bed60a41d1ec64a7cd42a711c694a103e42da7aa4c0a","sha512":"160481f72d35abdbc7114bb1164915891335978ad8f60529af7e03082cbd29b833e761f97422838e05161ccbffc8b9760573ae27a3f35f367342f98b1abceacb","ssdeep":"","tlshash":"cb414bbb7671dd3c78f04437a0e7f598ee505e2c59948d762898b1909d3008294b1c88","first_seen":"2023-05-10T14:20:13Z","last_seen":"2026-04-19T06:50:43.915987Z","times_seen":512,"resource_available":false,"data":null}},"time_used":1107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/general.js?ver=1827","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /jscripts/general.js?ver=1827 HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:10 GMT\r\nContent-Type: text/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15709,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (322)","md5":"373ad0e5af45e8cd17b064aaa7c2d465","sha1":"9e83f3daac4c6387937fa2a3e98dbe9cc1c9169e","sha256":"491afa838f1b1eef0454c529c8f6fcdcec59ea31110dda7430f85cc53fb82898","sha512":"0014001020da5ef12874c5727ce95d1163834414dbe201ea72f60423bde91e8e7d2d671fa18ec190d0573e3b76093a496f7662d5b81e0f804d42834dddffd98a","ssdeep":"384:7HrwCLFwqbPl88aLqh8cOrT6CIJ6X5jO1/zD:oqbPltaLqUXCJ0jOx","tlshash":"bb6262c8ff2c152b81be3069949f58c96c3c803188945cf7bc6855d4bae8a1e536fe78","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-04-19T10:47:58.153547Z","times_seen":1140,"resource_available":true,"data":null}},"time_used":2011,"timings":{"blocked":412,"dns":0,"connect":204,"send":0,"wait":1185,"receive":0,"ssl":209},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/favicon.ico","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:12.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:13 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 355\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-04-19T12:28:34.69204Z","times_seen":28796,"resource_available":true,"data":null}},"time_used":972,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":972,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.mrkiit.ga/","fqdn":"www.mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-21T20:17:05.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 169\r\nConnection: keep-alive\r\nLocation: https://mrkiit.ga/\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16769,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T12:23:02.643109Z","times_seen":13933290,"resource_available":true,"data":null}},"time_used":3545,"timings":{"blocked":1670,"dns":0,"connect":232,"send":0,"wait":205,"receive":0,"ssl":1438},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"www.mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"www.mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/jquery.plugins.min.js?ver=1821","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /jscripts/jquery.plugins.min.js?ver=1821 HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:09 GMT\r\nContent-Type: text/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14799,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (14798)","md5":"cf1f71e20e14765d6d5ea640aa4f7fc7","sha1":"d1f3a0e46dd50d3a4d1839cb821ad42802619def","sha256":"a3f1ec1a12c5ba59cf41f98406b4a296f7a54b8c4904de9a6f1fc2e4db19b149","sha512":"db3f8dba9327793a4d00b0e1266ef60d6f2424ab1235d673def9ee026be896aa10cb02e0b95f8b82bdf76ac49720662c84fa2b419026178c905c5a9c2f1bff0a","ssdeep":"384:HWwrEXSUb3GjSPqGorxn+viQRvuB6haZ7braU:HWmE/3G2hcraU","tlshash":"f662924fba7523a48aff2177a01f196521339db508c24858f1bd87d95d78c0492afb3e","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-04-19T10:47:58.152987Z","times_seen":1246,"resource_available":true,"data":null}},"time_used":1785,"timings":{"blocked":412,"dns":0,"connect":204,"send":0,"wait":959,"receive":0,"ssl":209},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.pixhost.to/images/5862/601083115_image-3.jpg","fqdn":"img1.pixhost.to","domain":"pixhost.to","tld":"to"},"ip":{"addr":"94.229.45.2","port":443,"asn":48326,"as":"DataNetworks s.r.o.","country":"Slovakia","country_code":"SK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pixhost.to","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 01:39:47 GMT","end":"Sat, 07 Feb 2026 01:39:46 GMT"},"fingerprint":{"sha1":"57:C2:EC:47:24:41:01:96:A1:79:35:1B:1D:97:9E:1B:B1:37:13:EE","sha256":"3F:66:2D:86:84:E5:0B:C4:E3:40:B4:13:B6:AE:64:21:3B:36:38:E4:EE:A6:89:E5:3E:C6:B1:62:81:E8:01:F0"}}},"request":{"raw":"GET /images/5862/601083115_image-3.jpg HTTP/1.1\r\nHost: img1.pixhost.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 21 Dec 2025 20:17:16 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 2373\r\nLast-Modified: Mon, 19 May 2025 10:17:42 GMT\r\nConnection: keep-alive\r\nETag: \"682b0546-945\"\r\nCache-Control: max-age=604800, public\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2373,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 88x32, components 3","md5":"b0e15f33786b00a14450914e4ec2a589","sha1":"99ad925440780a9e974598be4e2a68a2debdb724","sha256":"80c0826158380aeb3c77301930ae7f930cd3bc51b79aafff3ca296ef0ff25913","sha512":"c55b5417e6a9f8ba4be7ba87aa902ed9646d356856afcbceeeb5920c776e644511efa7a49088b806114518199832fa0c1af5aedbdbee8f7c835fe4a733ac9bff","ssdeep":"","tlshash":"4041397abf0f0e98e8f798fd850ad019985c33703787512238a2c7c47ba04dc53a4e68","first_seen":"2025-05-23T07:47:59.489481Z","last_seen":"2026-04-10T00:02:00.680291Z","times_seen":40,"resource_available":false,"data":null}},"time_used":9397,"timings":{"blocked":1595,"dns":3,"connect":33,"send":0,"wait":6203,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/images/thead.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:10.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/thead.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/cache/themes/theme1/global.css?t=1702465910\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 115\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 40, 8-bit/color RGB, non-interlaced","md5":"96dfa0b7296d710946b220639f5a9d1c","sha1":"40838eabc4f6384d72ec9adca7a773fc4db21c44","sha256":"d2d9d86e65050d0197318b4478cff3931f3e7a071bdee4f12364c2c47d4d576f","sha512":"7d2df3e6522d5253eabf321574f9b319f2f5504a2fc469d4d4c49c5a8bdb68e13273ce62c88d8926163ac5a754d211d228765be73b8826cd8aef23211e39000c","ssdeep":"","tlshash":"e0b022c2ba02ac28e8e2a23382080302ac30022c0fa022000008c0088ab2388c088383","first_seen":"2023-05-10T14:20:13Z","last_seen":"2026-04-19T06:50:43.952615Z","times_seen":410,"resource_available":false,"data":null}},"time_used":1135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/jscripts/jquery.js?ver=1823","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /jscripts/jquery.js?ver=1823 HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:09 GMT\r\nContent-Type: text/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89475,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"12b69d0ae6c6f0c42942ae6da2896e84","sha1":"d2cc8d43ce1c854b1172e42b1209502ad563db83","sha256":"6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f","sha512":"a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:AYh8eip3huuf6IidlrvakdtQ47GKl","tlshash":"e893f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:27Z","last_seen":"2026-04-19T10:47:58.169293Z","times_seen":15122,"resource_available":true,"data":null}},"time_used":1361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1359,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/images/collapse.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/collapse.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 369\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":369,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"6af553ac5e86504743b02f220405abdd","sha1":"c07e8d586443c0ace4d91eea0d46476845b6baec","sha256":"408e40949e493302b9fd79a82e68c13509ba6370f04be5088ccd7503a4d1f94c","sha512":"ad6b02d1d9bbfd12b1eea6e8e59f5dd29229cefb66f92cef7e6a64f9839fb10273d226b8935bce9d44cabf08ee68c207670917b04322f9d3c8fa11df9ae291f2","ssdeep":"","tlshash":"b2e0f8d6a1522829dc94ae828906d008bb52272802899f4a8a0690a60039fc806b56fa","first_seen":"2023-05-08T13:43:42Z","last_seen":"2026-04-19T06:50:43.930075Z","times_seen":356,"resource_available":false,"data":null}},"time_used":2492,"timings":{"blocked":1596,"dns":0,"connect":0,"send":0,"wait":896,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xteensfap.com/wp-content/uploads/2025/09/banner2.png","fqdn":"xteensfap.com","domain":"xteensfap.com","tld":"com"},"ip":{"addr":"104.21.23.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xteensfap.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 30 Oct 2025 10:03:15 GMT","end":"Wed, 28 Jan 2026 11:00:24 GMT"},"fingerprint":{"sha1":"9D:20:7A:C9:12:19:09:14:CD:1D:8B:22:77:95:DD:2C:4D:9D:1B:0C","sha256":"23:BE:12:16:B4:AD:AC:DC:38:6B:D4:86:EE:E7:D8:9C:DE:98:8A:AD:F1:46:3B:31:76:1F:93:63:CB:9A:92:11"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/banner2.png HTTP/1.1\r\nHost: xteensfap.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 20:17:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 47218\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 20:13:48 GMT\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RUe8MgGBY7ppCXCl27FhkjdBzpiOnzyehqc8zGzLMObnwRaBFQUumIbeQNLkZuQjCZTchBMEt84HSEdwEwc9E0%2F9b3zUN4dfiw5zwjg%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\ncf-ray: 9b1a0fcb080249c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47218,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 586 x 82, 8-bit/color RGBA, non-interlaced","md5":"12843ad2246721583d222ce4394ac92f","sha1":"8a615983ed115aaebeddeb4237795e806950a72d","sha256":"b92f64d082b4e46f3ebf3b62155dab02db8a3951d401be053ee49daa9543fafc","sha512":"be9632a73802342abbe8c08ea06cb34d7d8249bf6521821d6036f0e9c4f3791a74a18e83bd09d55d87395958cd140535dcf6aec528bac294e7d52158d9be0320","ssdeep":"768:GK2odwQCD+qU6sU04vGpwc2V72XOGkU1ufoFhH/EMnXgpYypTIvb8EUFY:GDodEzsRUzQ8U160t/EMXgXOv4a","tlshash":"f82301d0bab8e0441ea67b38be8773327abcb4506191adac54c63462d341651ac93cff","first_seen":"2025-09-08T18:21:29.789817Z","last_seen":"2026-04-10T00:02:00.665889Z","times_seen":40,"resource_available":false,"data":null}},"time_used":5078,"timings":{"blocked":1595,"dns":0,"connect":1,"send":0,"wait":363,"receive":1,"ssl":3118},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"xteensfap.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t94.pixhost.to/thumbs/80/450001247_banner-self.jpg","fqdn":"t94.pixhost.to","domain":"pixhost.to","tld":"to"},"ip":{"addr":"94.229.45.2","port":443,"asn":48326,"as":"DataNetworks s.r.o.","country":"Slovakia","country_code":"SK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:08.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pixhost.to","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 01:39:47 GMT","end":"Sat, 07 Feb 2026 01:39:46 GMT"},"fingerprint":{"sha1":"57:C2:EC:47:24:41:01:96:A1:79:35:1B:1D:97:9E:1B:B1:37:13:EE","sha256":"3F:66:2D:86:84:E5:0B:C4:E3:40:B4:13:B6:AE:64:21:3B:36:38:E4:EE:A6:89:E5:3E:C6:B1:62:81:E8:01:F0"}}},"request":{"raw":"GET /thumbs/80/450001247_banner-self.jpg HTTP/1.1\r\nHost: t94.pixhost.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 21 Dec 2025 20:17:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9523\r\nLast-Modified: Fri, 01 Mar 2024 05:40:46 GMT\r\nConnection: keep-alive\r\nETag: \"65e16a5e-2533\"\r\nCache-Control: max-age=604800, public\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9523,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality\", baseline, precision 8, 468x60, components 3","md5":"779098e25a84ef66d8469c63bca54a33","sha1":"dc9a0f3e971b078f06ca81855f82a354c7f53ba0","sha256":"b64508d16258c9eeaa3f7c84bcfe63b92b11fdff63e289cb4ec17bb255d94c57","sha512":"1a8d0c18444e81b79b270f7b61790d7c96214c39e21467edc785f9e37f317beb4a4624d575f99d374f54f81add60ca489c85d30508ddd3950a78faa927c9aa26","ssdeep":"192:GY1HZkwXAnPS2eefFlU3MRQ5eWj0OZ7qxUJ1xg2Fm01xjm2J+Q+UrPYLaP:Go52nPS2vgMRQ5wOLJ3PFmelm2J+Q+U/","tlshash":"aa12af0be94741809b5b45b60a3709b676f76b8c3e3e3bb15651a1a484e2cbbd4dc841","first_seen":"2024-06-08T04:20:24Z","last_seen":"2026-04-12T19:10:50.505755Z","times_seen":55,"resource_available":false,"data":null}},"time_used":5138,"timings":{"blocked":1595,"dns":3439,"connect":33,"send":0,"wait":34,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrkiit.ga/images/tcat.png","fqdn":"mrkiit.ga","domain":"mrkiit.ga","tld":"ga"},"ip":{"addr":"125.212.241.134","port":443,"asn":38731,"as":"CHT Compamy Ltd","country":"Vietnam","country_code":"VN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mrkiit.ga/","date":"2025-12-21T20:17:10.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrkiit.ga","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:9C:1F:37:28:09:44:0E:1A:AC:0F:CE:41:FE:06:2D:44:C0:1F:F9","sha256":"AA:61:1C:47:64:23:F0:00:53:2D:2A:09:72:18:18:73:04:14:F2:27:E6:C9:F2:8D:CE:A1:D9:9F:3D:CA:D7:12"}}},"request":{"raw":"GET /images/tcat.png HTTP/1.1\r\nHost: mrkiit.ga\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrkiit.ga/cache/themes/theme1/global.css?t=1702465910\r\nCookie: mybb[lastvisit]=1766348226; mybb[lastactive]=1766348226; sid=fa22e1ff88209146071983038aab2084\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 21 Dec 2025 20:17:11 GMT\r\nContent-Type: image/png\r\nContent-Length: 131\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Nov 2023 12:00:00 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 60, 8-bit/color RGB, non-interlaced","md5":"10b96a318e186e39860a5945a9071b92","sha1":"daa068efc07bb97ff0a2af218aedebbb28c9f1bb","sha256":"91697e7d6cc941b2bff9f05520c0c22b95d460a655e65b480452ce60da209cdf","sha512":"7b1f7e9ee0a9157cf0edebfd597a9f1a7bf42bb1062c63b420a86234799b2db8bc707d4d570d4b5dab3c192347543f35c15767528eb3b390e3b03150e843c33c","ssdeep":"","tlshash":"11c02bf277614836ec150f770fd50124f9b0464072f52620004f80313c71104d4441c2","first_seen":"2023-05-10T14:20:13Z","last_seen":"2026-04-19T06:50:43.935002Z","times_seen":459,"resource_available":false,"data":null}},"time_used":1097,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1097,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-21","alert":"Content Category / Application Block","trigger":"mrkiit.ga","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"mrkiit.ga","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}