{"report_id":"56f16c87-2361-4fa2-a7fd-441061074c41","version":6,"status":"done","tags":[],"date":"2026-01-19T15:47:57Z","url":{"schema":"https","addr":"kroll.mplace.vip","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"ip":{"addr":"172.67.181.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kroll.mplace.vip/","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"title":"Kroll | TOP","dom":{"size":11568,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"f378b56bdb93468653ad304a8765a743","sha1":"7ff81b531443503a86b37de5d02089c07d9df109","sha256":"04e30c2a24fd2777af6131539a2f1311b6e538901348b817cf255946488cbd34","sha512":"919928a15c637758ab878013918f3c611a811f428c901c25b5a946b84c9c24ffc41bf5a347fee3a3b54ce02efe517d529c4673e9f8fdf01f865a588526fc31a7","ssdeep":"192:P83kW3MiB0b+0q6UFxyGJG20FQn+Kk+y6ScIV0wY8blWNnb0ByTH/pyJwQ23s8Ia:DQbYc1B3vI5rO4kSDEx","tlshash":"ed32842a16f310196047e2641bab730863759017ed0bcc5c7fdca788cfd6565d8e7ba8","dom_hash":"domhashcbefe5e61f8ff5fd82e0d2b21d16d593","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kroll.mplace.vip","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"ip":{"addr":"172.67.181.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-23T15:47:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"foximbox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"foximbox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-01-18T22:25:16.015191Z","alert_count":0,"request_count":1,"received_data":744,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"foximbox.com","ip":{"addr":"172.67.223.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-09-20","domain_rank":4206670,"first_seen":"2024-10-20T14:27:41.171779Z","last_seen":"2025-06-04T23:53:59.265845Z","alert_count":2,"request_count":1,"received_data":2659137,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kroll.mplace.vip","ip":{"addr":"172.67.181.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-10","domain_rank":0,"first_seen":"2026-01-19T15:47:57.576213Z","last_seen":"2026-01-19T15:47:57.576213Z","alert_count":0,"request_count":2,"received_data":13319,"sent_data":931,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-18T22:30:25.777558Z","alert_count":0,"request_count":1,"received_data":2934800,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kroll.mplace.vip/","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"ip":{"addr":"172.67.181.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"913bee1c85a149867cb02183d488f1b3","sha1":"b94c5252f688927c550a3e0aea364e723f476e17","sha256":"9183749ee41c06f51e2afcaaf722fc7f63aaf7a1a7db89c094cafc309e60a35c","sha512":"0d82b7bc11282a52c84ddee5c44dd84df1cb147a1e560c3caecfbffce28d15e07d8fada0b21b2215f103d8096ef25944ad0c4308dbfa2eaf55624c0498f664cc","ssdeep":"","tlshash":"96719b1e63f30a3650bb73a91f9f6344a22150172947cd5c7e1c87888f6292a96b6fb0","size":3533,"data":"","first_seen":"2026-01-19T15:47:58.934021Z","last_seen":"2026-01-19T15:47:58.934021Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"kroll.mplace.vip/","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"ip":{"addr":"172.67.181.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-19T15:47:34.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mplace.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 03:43:26 GMT","end":"Sun, 08 Mar 2026 04:40:59 GMT"},"fingerprint":{"sha1":"51:BB:CF:63:35:FB:56:41:2D:62:F6:0A:63:B6:2E:CA:8B:E8:16:29","sha256":"52:58:99:7A:B5:CD:15:A7:85:F1:39:18:9B:6D:47:AD:1B:4F:62:DF:9E:DB:9D:E7:BF:F9:03:0D:F1:CF:69:B8"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kroll.mplace.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 15:47:34 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pRx%2BfxXe6BFFk2mUFEW%2BAp8FpTDFhe3lNSISclgTvrejdFBngiuvdKavv0veOAf7lWcfqeaUHNbmh82uDMQ0Z%2Bso1AsabEo23PUGIJxsFM%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c0778aa481d2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}],"data":{"size":11551,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"db78b545206698f3b6828be4c839b3ca","sha1":"7cd086ab0d35b9bd77a6eab194e1c6eeeeb49f10","sha256":"6777831b3cc50d5dc729e5b16d2bf24613f364d4c9e8b2d4c590ff9ea9a58dc7","sha512":"0d499a8cf5ec532d0b53413545ef7ab4cccbf1f5a29f342fde66bebeaa11890326ee4b77f90036e15a301984da01453933e3fa8811868532537e046c880495fc","ssdeep":"192:t83kW3MiB0b+0q6UFxyGJG20FQn+Kk+y6ScIV0wY8blWNnb0ByTH/pyJvQ23s8Ii:FQbYc1S3vI5rO4kSDEV","tlshash":"7232952a16f310196087e2642bab730863759017ed0bcc5c7fdca788cfd6565d8e7ba8","first_seen":"2026-01-19T15:47:58.917901Z","last_seen":"2026-01-19T15:47:58.917901Z","times_seen":1,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":43,"dns":40,"connect":1,"send":0,"wait":256,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kroll.mplace.vip/","date":"2026-01-19T15:47:34.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/tailwindcss@2.2.19/dist/tailwind.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kroll.mplace.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 2.2.19\r\nx-jsd-version-type: version\r\netag: W/\"2cc503-cyTPK4s7rX9aC3Y3NNaHIxjV1fQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Mon, 19 Jan 2026 15:47:34 GMT\r\nage: 2290421\r\nx-served-by: cache-fra-etou8220049-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 255702\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2934019,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fd1515a3d70a9d3d1efe23553fb559ab","sha1":"56977de783ee69a0dbd14635c5a34fa3946b2252","sha256":"9209ca41f0f277ebe6b6e87354dc667081a638b83945f4531807bf06046227c7","sha512":"d3f9747c4e662b5dc6bf2e4e88b68425f82c89cc01c4a088574bcae8fa6c9896052b26355c2a1d93f4b6e8a5a4e589378f004c8d33299a0a53e0e5e63731c78b","ssdeep":"24576:TNmEvSBlsi1KhVzbweQgx+oaiM8eMkEcnxnF/DlZKmTKvxg4hahhDAeYYL24qC0s:TNmEvSBlsi1KhV6xnF/DlZKmTKvxg4hc","tlshash":"31255f3cabb1253baca7a1e9e145fdacd50762d8ed3005e7bc9221019be13f7c947264","first_seen":"2025-07-26T19:06:20.805876Z","last_seen":"2026-06-08T21:06:12.596124Z","times_seen":3825,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":64,"dns":1,"connect":26,"send":0,"wait":27,"receive":86,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/gsap@3.12.5/gsap.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kroll.mplace.vip/","date":"2026-01-19T15:47:34.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/gsap@3.12.5/gsap.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kroll.mplace.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Mon, 19 Jan 2026 15:47:34 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 18\r\ncf-ray: 9c0778acde5cc272-OSL\r\ncf-cdnjs-via: cfworker\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\nexpires: Mon, 19 Jan 2026 19:47:34 GMT\r\ncache-control: public, max-age=14400\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=InnxWRcU8C2fjYraPwsAh%2BRhOzkFX9h5yeYpgAnsLCj4wN9M6iOwi%2By8uMzTOu09bEnCGDunmu4Ycobkd%2FNtYJuhoq5dwmLqBqQtSWxk6JImzF0t7jX4goEEUNwijTB7UTBkNAmM\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":64,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":28,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foximbox.com/img/pm/p/vl3psunu6hcrnigsprt5vfyr6.png","fqdn":"foximbox.com","domain":"foximbox.com","tld":"com"},"ip":{"addr":"172.67.223.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kroll.mplace.vip/","date":"2026-01-19T15:47:35.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"foximbox.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 00:09:33 GMT","end":"Sun, 08 Mar 2026 01:04:55 GMT"},"fingerprint":{"sha1":"02:86:41:FD:84:8C:74:C4:FB:5B:22:23:E6:11:62:41:56:33:D3:2E","sha256":"27:60:F5:1C:C3:EA:ED:4D:D6:00:F1:F6:C0:0A:24:AA:0C:4B:7D:B8:71:A7:FD:40:3A:C9:B5:8D:B1:06:38:F0"}}},"request":{"raw":"GET /img/pm/p/vl3psunu6hcrnigsprt5vfyr6.png HTTP/1.1\r\nHost: foximbox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kroll.mplace.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 15:47:35 GMT\r\ncontent-type: image/png\r\ncontent-length: 2658427\r\nserver: cloudflare\r\nlast-modified: Wed, 09 Jul 2025 12:15:49 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"686e5d75-28907b\"\r\nexpires: Tue, 20 Jan 2026 15:47:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aLiVtkXGN8k5UlPBkzhrZDV9WDhwgnpLd6XZ31x%2FoN19Ig1xygyu1UNVPj4QZbcinImrp5UPsdobo%2FYKGrVlCg%2Far6B3kFcI9XDeNA%3D%3D\"}]}\r\ncf-ray: 9c0778b09b9a49c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2658427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1536 x 1024, 8-bit/color RGB, non-interlaced","md5":"ada1d84a738efa08784f7cc0ecdadf96","sha1":"8ade97418eb8e5e4fe943271c0ece339185a1a12","sha256":"ddc5cbc8d4438d0b7ab6248296e7de9a52a874ebc58a816795e9e48ee280c6ab","sha512":"91f46d08db16faf4e17a297a8707d2312b56840a5c58760dfc1161f0e8ee46a71c0c00d681f19181388fcac126bd0035a04237d89cac77c60e00f9cc5f4f6350","ssdeep":"24576:0B64DA+2nTk1soXtkfTYG/JJEhp+FJZQh/qb3z71woOd:0J2nT47tUTYG/ohQFJZQQ3zROd","tlshash":"8d25330a10f863f58737413502aab4fe219c384bea7335b057d9bd49bcac5ac9724b5b","first_seen":"2026-01-19T15:47:58.924112Z","last_seen":"2026-01-19T15:47:58.924112Z","times_seen":1,"resource_available":false,"data":null}},"time_used":543,"timings":{"blocked":24,"dns":9,"connect":1,"send":0,"wait":185,"receive":310,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"foximbox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"foximbox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kroll.mplace.vip/images/favicon.png","fqdn":"kroll.mplace.vip","domain":"mplace.vip","tld":"vip"},"ip":{"addr":"172.67.181.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kroll.mplace.vip/","date":"2026-01-19T15:47:35.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mplace.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 03:43:26 GMT","end":"Sun, 08 Mar 2026 04:40:59 GMT"},"fingerprint":{"sha1":"51:BB:CF:63:35:FB:56:41:2D:62:F6:0A:63:B6:2E:CA:8B:E8:16:29","sha256":"52:58:99:7A:B5:CD:15:A7:85:F1:39:18:9B:6D:47:AD:1B:4F:62:DF:9E:DB:9D:E7:BF:F9:03:0D:F1:CF:69:B8"}}},"request":{"raw":"GET /images/favicon.png HTTP/1.1\r\nHost: kroll.mplace.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kroll.mplace.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 19 Jan 2026 15:47:35 GMT\r\ncontent-type: image/png\r\ncontent-length: 491\r\nlast-modified: Fri, 16 Jan 2026 11:06:04 GMT\r\npriority: u=6,i=?0\r\netag: \"696a1b9c-1eb\"\r\nexpires: Tue, 20 Jan 2026 15:47:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mSYmRE2g0oD9mOz4dAJlJVgi6VGdQT87IkuePxUM7fPiwfdBQ4Zj%2F3n7QIskJbbvZxE0aziWV3rABWs5QZ9X7KTHI4U5%2FgweKQd2dq0dl98%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c0778b1eeedc759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":491,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"f3f215e8545b64debf26c0f4f4ffaec7","sha1":"faaa0141436fa00abca4231297b2f4513d6325ef","sha256":"1f136233e2be2c1164778f54c4964244cef80a826a542150cb0ef843de451fcc","sha512":"3f43c235721a9a8683c20febaa9650b26d9c316828e72f5fa4b516717609d006128e207a6ce09c9b5dc1ba416f08158e863d306e4bb0af6a13af17dafae36906","ssdeep":"","tlshash":"3cf0c4e8dffce9acc620132248d008fdf537e740d812183002038912d2b6b7c8ce090a","first_seen":"2026-01-19T15:47:58.929713Z","last_seen":"2026-01-19T15:47:58.929713Z","times_seen":1,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}