{"report_id":"6a521d8b-9a8b-4483-95bd-457e206631d4","version":6,"status":"done","tags":[],"date":"2025-09-23T09:17:12Z","url":{"schema":"http","addr":"xtipnl20245.xtpxadmnpnl.com/tnewp/member/3750830","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"104.21.22.64","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/tnewp/login","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"title":"Tipobet"},"submit":{"url":{"schema":"http","addr":"xtipnl20245.xtpxadmnpnl.com/tnewp/member/3750830","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"104.21.22.64","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T09:17:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"xtipnl20245.xtpxadmnpnl.com","ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":14,"request_count":14,"received_data":889494,"sent_data":10811,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.24","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-21T22:11:31.798564Z","alert_count":0,"request_count":1,"received_data":58098,"sent_data":531,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"unpkg.com","ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2025-09-21T22:13:13.943291Z","alert_count":0,"request_count":1,"received_data":7993,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-21T22:11:31.014241Z","alert_count":0,"request_count":4,"received_data":195104,"sent_data":2264,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/tnewp/member/3750830","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-23T09:16:50.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /tnewp/member/3750830 HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Sep 2025 09:16:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nserver: cloudflare\r\nx-powered-by: PHP/7.4.24, PleskLin\r\ncache-control: private, must-revalidate, max-age=0, private, no-store, no-cache, must-revalidate\r\nx-ratelimit-limit: 90\r\nx-ratelimit-remaining: 89\r\npragma: no-cache\r\nexpires: -1\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TLEqKcEfbDV0wUjwXywfT7ao1F4lusSofahY%2FFqWrqfFHnxTdPoGi%2BrGaISGb0%2FOzrTgQOIbDeciUJ248XNwp8cVopO5nJKu5uMvztigdDA6vzzTr5VHXw8%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nset-cookie: token=deleted; HttpOnly; Secure; Path=/tnewp; Max-Age=0; Expires=Mon, 23 Sep 2024 09:16:49 GMT\ntoken=deleted; HttpOnly; Secure; Path=/webapi; Max-Age=0; Expires=Mon, 23 Sep 2024 09:16:49 GMT\ntipobet_session=eyJpdiI6IjVUMFNHUXhSU2Rtbk9MM0duRm0xSmc9PSIsInZhbHVlIjoid2JUdGsxSENGQUZMdkQrZmRiWmdhYkU0ZWNzQXBvRnhEZU41MzhBTFNYZWtydDg0Q1l4d3I3aVFYVEQ2M3JhSyIsIm1hYyI6IjIyYzIzYTZiMmYwODZiZWE3YTUzNWRmOTc4MzA3YzU2OGYwOTkxMjZhYWNlZWYyYTRjNmZmMjhlMTdjYmQyZDMifQ%3D%3D; HttpOnly; Secure; Path=/; Max-Age=7200; Expires=Tue, 23 Sep 2025 11:16:50 GMT\r\ncf-ray: 9838f20e2ea10b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.24","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":432,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"16c7d7f3d12b221b8794434ce633c427","sha1":"35ea184d471782bb9b05b44265dbc73ff8c1d84a","sha256":"8f032939a2ff02d61fb26b578008e7426b5652e95f9e2e13101f21a9693e1c1b","sha512":"cf34073b40a990049f06dd37827328dddd533102b44f39dc9c615fe9a3d00e81bedd8bfaf73f8002cb35e80327ea560643ea995cb868f402053de6c93a88b9f3","ssdeep":"","tlshash":"2be06dab40956c400621a5a505c8b836a99e0a8bbfcd8a5efebe1290cf44bd545db1f1","first_seen":"2025-09-23T09:17:17.719642Z","last_seen":"2025-09-23T09:17:17.719642Z","times_seen":1,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":40,"dns":18,"connect":1,"send":0,"wait":278,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Montserrat:300,300i,400,400i,500,500i%7COpen+Sans:300,300i,400,400i,600,600i,700,700i","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css?family=Montserrat:300,300i,400,400i,500,500i%7COpen+Sans:300,300i,400,400i,600,600i,700,700i HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 23 Sep 2025 09:16:51 GMT\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57412,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"13474ed9b989b6ac9693fe2d717ce45d","sha1":"5e698233f3aefedad1f2936b4d6833799a4c15d3","sha256":"87daacc54800c5c20b942408c48a4cc87fdb161b1a7916341142da47e80089f8","sha512":"0f79f7318f3efaaae2c16c0d329b813c3763d4608278acf798b43d2605a3966b31b1cec76c76422b75a22936767c043e76fdca8e264c0fb56e3d730831ee0933","ssdeep":"384:Aew3FsccLwgFx9dwwVFGGLb/SjpveO2pXt2tv/qY49Ynx8bOjI8t7KvGqY49xn+e:UbPUiCAgkgHLFosL3Jbc2","tlshash":"ef431d910417644066432dd633de3e30de0fa2617084c076abfe5bdaeedad6a63b536c","first_seen":"2025-09-23T09:17:17.72113Z","last_seen":"2026-03-20T20:35:19.927042Z","times_seen":21,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":102,"dns":1,"connect":16,"send":0,"wait":38,"receive":0,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/vue-multiselect@2.1.6/dist/vue-multiselect.min.css","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 10:31:15 GMT","end":"Sun, 23 Nov 2025 11:31:12 GMT"},"fingerprint":{"sha1":"77:EF:87:8D:9A:D6:8C:EF:F9:8F:05:89:BF:F2:6B:C2:CF:78:19:EF","sha256":"3C:23:A9:CF:90:2C:6B:74:27:D0:FC:3B:92:A8:A9:AD:66:5F:B0:D4:DE:28:80:4D:49:D0:4C:22:AE:D2:F3:90"}}},"request":{"raw":"GET /vue-multiselect@2.1.6/dist/vue-multiselect.min.css HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\ncontent-encoding: gzip\r\ncf-ray: 9838f2133f80569f-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 2168903\r\ncache-control: public, max-age=31536000\r\nexpires: Wed, 23 Sep 2026 09:16:51 GMT\r\nlast-modified: Thu, 15 May 2025 21:22:24 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncontent-digest: sha256=:z2yEj00DOz/exljY7gOZL3Zw4pHEGcPY3UeiH97DRHE=:\r\ncross-origin-resource-policy: cross-origin\r\nfly-request-id: 01JVAX7ECNA5K0C791GF9RX195-ord\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7158,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7158), with no line terminators","md5":"852f8d3449dafd2df5426a8fff8d5918","sha1":"9a1e546bed35fbe764eeb550f9cec431e736bbe4","sha256":"cf6c848f4d033b3fdec658d8ee03992f7670e291c419c3d8dd47a21fdec34471","sha512":"f7ec8e1476c4f4e4e6a31106497d51a74c66eb217f17a02fc559fb05399b6c913f19166f7cabb3e2da05c94a0cee8940bfb93192f415252150c2efbea47cd165","ssdeep":"96:uCVU8DABDz6NUt3dWSlnIWK9pZrPruExRTpWatsK2Y/nvwTT+K4Ynr:uCmuEoUtNWkn+JPaEpXpYnr","tlshash":"d2e1b9619e58b839e12ff2a75cb06ac95027d2beec323e6de4d06518f1c508b1b2355b","first_seen":"2023-04-09T09:30:40Z","last_seen":"2026-03-27T08:10:00.331188Z","times_seen":26,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":5,"dns":1,"connect":1,"send":0,"wait":32,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/favicon.ico","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Sep 2025 11:16:50 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0T5PWfbP%2BjQiI62wTHV3%2FMwViOp9mFHnZAHjd8339ViPZoQvEDL6%2B%2FigAeQq3bC0vjoHny3knzDzJPP9vryNy0dto0Z81XPt9GRYYXuvOpruMXtU0QIsqJ0%3D\"}]}\r\nx-powered-by: PleskLin\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\netag: W/\"68cd3ba2-1a8c3\"\r\ncf-ray: 9838f215990eb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108739,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"9e76bfce810f6ed43d903653ebac49a9","sha1":"0eca1bf45f6b70313e12af4cdec1208638973ad8","sha256":"86a04099b23f134cd1a95b0ce95df98be88d39accb1535becfba2461f3384ea1","sha512":"8945c1de91e1171d5f70ce93d45b3e23fceffdcce6ae744272dd4bf11490b5d4005f25e51195bd11484b7d19f78389f62bc46579e12ef71939328d66acd26d2a","ssdeep":"384:ktPYuzsrJ6VYeDlS/jAcv/D7z38U9SI7r9Waw+QHCTL9cFvJ36WUDZiglBr/XQFA:WPBYrJ62GMMcHz3+kT","tlshash":"14b371ffe41fe496c548497ce8a693fe86152cd2c5f43d3b56093e6a74bce122a38904","first_seen":"2025-09-23T09:17:17.722919Z","last_seen":"2025-09-23T09:17:17.722919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WlhyyTn89ddpQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WlhyyTn89ddpQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xtipnl20245.xtpxadmnpnl.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 37756\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 00:32:07 GMT\r\nexpires: Sat, 19 Sep 2026 00:32:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 377084\r\nlast-modified: Thu, 04 Sep 2025 17:09:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":37756,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 37756, version 1.0","md5":"8a6a885dd57e60ddd85f3190737fa209","sha1":"dbca56b7fe8ee5e4bfb648d639fc6a3bfc5c6e85","sha256":"b9b102f608e8252e3c1e7287309832b16af7dcc6e788651fa503a3faacd7fb2f","sha512":"2bd785869777dc57dbb5934d4c6915b66f89746dd79897820eb4bbd0d262b2612bafdfb07c1e092658ad819f582a97e6a196531f74187d8a0b0bbd07fcbba56a","ssdeep":"768:sqRKhgpCf9U72WeD4A/5IqtBr0ikGvEaQh38/LBu3Emdc043RpgZKMqjkEfO1m:jKgp+9U7Ve8A/7Ai9Et3EBKEUE3RqMMu","tlshash":"3e030130df5884edcc0ba371fdeea81fc7a332a594c0b3368297af1b80111499d99e49","first_seen":"2025-09-05T00:25:10.258656Z","last_seen":"2026-04-04T16:45:59.433402Z","times_seen":307125,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":112,"dns":3,"connect":15,"send":0,"wait":15,"receive":18,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xtipnl20245.xtpxadmnpnl.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Sep 2025 00:00:57 GMT\r\nexpires: Thu, 17 Sep 2026 00:00:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nage: 551754\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-04-04T16:48:42.960912Z","times_seen":199299,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":120,"dns":1,"connect":15,"send":0,"wait":37,"receive":5,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/font-awesome/fonts/fa-solid-900.woff2","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/fonts/font-awesome/fonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/font-awesome/css/font-awesome.min.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 73852\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: \"5c124a48-1207c\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QAxi44k32PTKZQAYuuwJE6NsAJGVsB3JYFOl88OnN7vJ5gfK4Q88nMZb5PVsBMly8N203HjMWsNCv4T4s6ZctMepzshVUU1qvypGGyBaK%2Fpr3LQnA55KG1M%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9838f2161918b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73852,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 73852, version 1.0","md5":"fb493903265cad425ccdf8e04fc2de61","sha1":"fef2f08d60e907750df0bc41ce64a7139642ddf0","sha256":"7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2","sha512":"321c63dc142426eee5e8c048e1d5a3e29fa1407f660f927889029e3a1db4e8b5d085ab7b757e5b9ee711646ff4adffc7730cd0cea16ed2d95e4be125a9d9b081","ssdeep":"1536:SuS+6SpmWvQxPsoy7ducmwmoyDU8ashRtSxxKEX/0KD:Zxc6asogducmG/OhRAr1P0KD","tlshash":"537302172360deb0fe84a66aed78df89911a5f07635ac039c4e3f4b598c401efae45e4","first_seen":"2023-04-06T20:07:21Z","last_seen":"2026-04-04T15:22:23.216189Z","times_seen":5010,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/feather/style.min.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/fonts/feather/style.min.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: W/\"5c124a48-2d97\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XsoqYrOAqQwXFhhGCIqPUx8eJxAAQ5QHRSo6XMyMj1scesnQ39zJMX1DRFuI21BD%2B42OQhLvAXU%2BtoD3eW%2BDzwYwf2%2FtLM44dPmWGZX99ufbxEjcDBKc%2FEs%3D\"}]}\r\ncf-ray: 9838f21448fbb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11671,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1b3f9968710de7da88799be65805197e","sha1":"1a7e893d59a5b23be9a534babc353489a3736e0c","sha256":"4ebe3a09f84d7a475628348f117fb3d6dafa1e4dbbc8e6472d4a9a2112e49d8b","sha512":"4f9082ccec6d490cba34c895e726255d4f9008c13562559a27e8be78df00ab06eb307aabcb6094970e7db9de674cae06f12db15d8dd2cf72c324edfb3ad78c87","ssdeep":"96:WmALRmrZmjTjCtVO4x4fqi7Z+elYNnsLUvmt+:S9YZmjTjvfvYJLvmt+","tlshash":"7f32c1a494ff08811708e495278ba260b705b7ab8d484c1df796bf9dfbc26359186acc","first_seen":"2025-09-23T09:17:17.725814Z","last_seen":"2025-10-30T13:13:47.625131Z","times_seen":2,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/flag-icon-css/css/flag-icon.min.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/fonts/flag-icon-css/css/flag-icon.min.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: W/\"5c124a48-81b5\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cQSOEQDBi8IDI9PSG0wnhAdaLyz4%2FZyB%2BigzULFcVdvyqnojqj5YKa230uXiJWIakU%2FaQ3FseYZVVbRukHHUk1twB9%2B%2FDUV2wDzF%2BTGn6qTCwUL%2BwAMdsrg%3D\"}]}\r\ncf-ray: 9838f21448fdb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33205,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (33205), with no line terminators","md5":"f486eedf043f0a90f672dc5927e5a967","sha1":"71d4986c251ae445d7fdcd8843233f310e2e8148","sha256":"c791da09b2c361a32959d06fa0e7db96a0f0f645189cc81c335d2c6f425f0cb4","sha512":"941c5ea86281560f18281b9b9072e44fe2faed3a130e4b41516f4f8dd3caaf52ee68f4bb3a73fded2f25a7f8589e354735644421b480b07c32d4e1fe4a60874b","ssdeep":"192:65B9y1dbzi85+DkROJup2j0S+iSM2nTMVZVJggtfQxK/dyweH:HdK85+DkROJup2j172nTeVJgAfQxOC","tlshash":"7fe2f963da83e41fb60756337a167618a3df2492db814f2a34bf52b1d576244343afb0","first_seen":"2023-04-05T09:29:12Z","last_seen":"2026-03-27T05:02:45.954216Z","times_seen":245,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/css/vendors.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:17 GMT\r\netag: W/\"5c124a49-fc\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cvjrIntfkcSU6h%2BcnzQE2yiOj9G5NguJtbE%2B%2FBrK9PaGNqpOgCar69LCA%2F7jTzChNflBJpb%2BErrPhzr4L1a7czO0QP4Zv6c%2Fa8HBsRWoXACNpnNJxProFzw%3D\"}]}\r\ncf-ray: 9838f21308e5b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":252,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"875e031fcd4f1852acafd45c0d480e35","sha1":"d3735e6e476065c759e139421d4f58cf3854265f","sha256":"7a97cbd4f1a880a58ba3295ffd70d13e0227e9db5d46ca6c65c3b851a5d05949","sha512":"b3bcdd22404e1ce44fa3d926ca888282c38282f8ef880d9d1648613fa8925d9e05a002e855bf447d97e388befc3481ed08cfb3a50b254b8ab5430eb69350dadc","ssdeep":"","tlshash":"aad09e27ce01335369a2989364297350bff4c848bee17553a0760676c5f0a6ab539305","first_seen":"2023-05-24T03:51:20Z","last_seen":"2026-03-15T12:33:19.998422Z","times_seen":19,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/app.min.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/css/app.min.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 18 Apr 2024 10:38:46 GMT\r\netag: W/\"6620f836-59fb1\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rLJxGn0FMCDEBlcPgQxrY6tKh8ileCtCF3GNKNWsTtvvm1hbUoPT77rz%2F4LjvCYhMdCzeGakX14lqomNeBlw9AoDr9j0l63ADgZUQPGf2AsOxvTJHjTEIQI%3D\"}]}\r\ncf-ray: 9838f21308e6b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":368561,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36835)","md5":"aaed47767a872d6c3d89b830e7d4bb54","sha1":"3786c4ae11d711244a4e260cf197acc8cf635366","sha256":"33870abf9aebd49d48acfaa778a3b7fefce9e8bb5706a4cc805881555949b4da","sha512":"258732139e5df51dbe9468914df054aa7ef0a30e12a95e4aa55bbfe11fb68941ab9b0e3a17c378940714f6bb06f890acc67d89e8c3523eada3a2da4936ea5c03","ssdeep":"6144:NENptEXXC+JH8KTSjeLEfLZ2wQOI+zO4KCDJ2Py:NENptePy","tlshash":"5d74dcf3f2c5140d759ec61e60a1ffbe173e5352db442b75f81abba886005ce2a53a09","first_seen":"2025-09-23T09:17:17.728062Z","last_seen":"2025-10-30T13:13:47.630963Z","times_seen":2,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/pages/login-register.min.css?a","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/css/pages/login-register.min.css?a HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:17 GMT\r\netag: W/\"5c124a49-308\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jv0nSMyvRGRamVO2ug8TqwLBAorn%2FvVGAr%2BhiTlcAJw8Pgo%2BKeI5KmpeYD0yoaSJ1SSLEzfS29WztHZrly2bU35XES1WaczkggCj4ABvKDwM1il%2FMZ3Gq5U%3D\"}]}\r\ncf-ray: 9838f21308e7b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":776,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"a050967b96b4b38eef441c8ee296f08b","sha1":"d10f7f63903cda64fd37a0996f1bb60286605024","sha256":"185be46fc2c3dc465621f1c76ecd3300cf582c5a53e34ff225a7daca12c129be","sha512":"27991c29b0bd50bfae2bb6959fa1e553d378f2676692a250e79943b8c4d0eae367abfed20ca7307fa136c27319d8fe32888459da4b2bdbab48d840e7cacccaf0","ssdeep":"","tlshash":"cc012efabc5e085a2464e510afe4afd162e40a03613da4e2b2c1763c9f08ec80d62e4c","first_seen":"2025-09-23T09:17:17.729304Z","last_seen":"2025-10-30T13:13:47.637278Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WdhyyTn89ddpROi.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WdhyyTn89ddpROi.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xtipnl20245.xtpxadmnpnl.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 70532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 01:25:05 GMT\r\nexpires: Sat, 19 Sep 2026 01:25:05 GMT\r\ncache-control: public, max-age=31536000\r\nage: 373906\r\nlast-modified: Thu, 04 Sep 2025 17:10:58 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":70532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 70532, version 1.0","md5":"a3538ea24dbf115d688964fc374db38c","sha1":"d5ff95b327b6cb2371a0f0cfff9092d2f7f6f58f","sha256":"545f27e4a3f64bafcffd2912b4d9e4d8b89fb7a87f5d257fdb4eae3c0eb9e224","sha512":"cd0d910665c070475cbe4b4e0830be5b463d3ff2537ca174e875ceb610f0f0cc627ff33dbbc95fa3e308e8cee0d0fd697e85e1244aa6023ee3113b3d10815fbe","ssdeep":"1536:1+9A/N3bmPFNtCqzOzD9khgUkon9FoooVdjlV+It4UEct:1+oBINnCzXUv/obdjlVfyM","tlshash":"5d6312976c22c87f804a02f99ebee1b487733021192a1b1370aff35654d46684afef70","first_seen":"2025-09-05T03:00:03.770574Z","last_seen":"2026-04-04T16:31:57.090186Z","times_seen":7800,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":111,"dns":2,"connect":28,"send":0,"wait":30,"receive":17,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/tnewp/login","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-23T09:16:50.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /tnewp/login HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: tipobet_session=eyJpdiI6IjVUMFNHUXhSU2Rtbk9MM0duRm0xSmc9PSIsInZhbHVlIjoid2JUdGsxSENGQUZMdkQrZmRiWmdhYkU0ZWNzQXBvRnhEZU41MzhBTFNYZWtydDg0Q1l4d3I3aVFYVEQ2M3JhSyIsIm1hYyI6IjIyYzIzYTZiMmYwODZiZWE3YTUzNWRmOTc4MzA3YzU2OGYwOTkxMjZhYWNlZWYyYTRjNmZmMjhlMTdjYmQyZDMifQ%3D%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/7.4.24, PleskLin\r\ncache-control: private, must-revalidate, max-age=0, private, no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\nx-ratelimit-limit: 90\r\nx-ratelimit-remaining: 88\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nset-cookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D; HttpOnly; Secure; Path=/; Max-Age=7200; Expires=Tue, 23 Sep 2025 11:16:50 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aNa6kJkhHgCp%2FNxEAWrTJO%2B6vIIc%2F9elNDpheUAMZ3QrQBb8XXXF061IK0xC97WHfuKQwZIqb3vaKXl%2BW9VJL3sg1yZ7YzYSwHBnnwkXv7RqDhXja4xESpQ%3D\"}]}\r\ncf-ray: 9838f21198cfb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.24","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5115,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5bff64ffb4360db7c47e07034dea7d33","sha1":"22357bef5293ba43cb9fe49cc0826340233bb753","sha256":"12456c88273da3fafedcab947b78ea2a5614be79e647210cba7aa16d25574c33","sha512":"233491f052da35a0d44e67d2600c8a54920a2f130f14167f929734af1e8f4c06adb00e18a4c079da0ff4bc59cc99e35b710b2cdf232464699bf7673f8ccf71a3","ssdeep":"48:gtJA9HznSmZS0ZSnNwFASOPdy2mUETFJoJPKcHlKWk2PjCbrE:iJA9S5PnNw7YlETF+JPHlOVbrE","tlshash":"c6b1eb6010f0343611a2c5a4bae2ae17aed1d617ca6b4d4472fc4bd81fd7f838d8364c","first_seen":"2025-09-23T09:17:17.7311Z","last_seen":"2025-09-23T09:17:17.7311Z","times_seen":1,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/assets/css/style.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/assets/css/style.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/tnewp/login\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: W/\"5c124a48-1f6\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ABzM2SfWqtKPOkmlq6KsjcEScKBwn3fVqoyMOpMXOAic2yATSjYI14qqM3OjvU7FXU35uM1L4TqEpq5%2Fa0Hqylp56KXrId2cvGbsalSBBDw31PB%2B3NknTlM%3D\"}]}\r\ncf-ray: 9838f21318e8b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"fc9dfc8793432469405153b391274c7b","sha1":"8dca6332dcac504c30019570e0b7edf0945c2343","sha256":"9418ebd0e0f5caf9eee17bb2788877e44dc22c53eee9e73eb48bece9e2ab260f","sha512":"5839e522aa4ead6d235da80dd7c01ebb510e10c32ea91c1ea454e8ddd01c7bf83017664a58d008148fd9653e051896a673e3d2920efdbb2325c48c0a320d1249","ssdeep":"","tlshash":"edf0c03f7a6491e4b360a73037727144f686954c209565bdd01c234c512131824fcb56","first_seen":"2025-09-23T09:17:17.732308Z","last_seen":"2025-11-28T01:34:36.905201Z","times_seen":4,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/bootstrap.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/css/bootstrap.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:17 GMT\r\netag: W/\"5c124a49-24f04\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HVwCf2pAVHhLFVk6Y1hdK0PXSECiQdurKBm1%2FcV8hERCAIlN6jkT5%2FZ2Hb7F4yjBw9kSKObeGKM134XVdb3%2FzRAeKFPmNCPzTvuOq3TlxHyAtFEebEcXQxs%3D\"}]}\r\ncf-ray: 9838f21448fab51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":151300,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"865338b55f1cb6a7afca657f6ab9b8dc","sha1":"49fd0b58d314d8ca8d47f174d710b1ee4654892c","sha256":"7227c0e9775ec747b7fa68ff5a1a9817e35807da6317a3a24c9124f599be4d87","sha512":"4e00d8c619ebdff4ab6850e73eed0c2432e2cf5b9198237c6631d068649705320c1bd5070994478beed2cd0fb5a1d7e47f25fdf7cf9c1df024668743613b3225","ssdeep":"1536:kxyAk2Uz2HmhXuruhaMwiD+Fh5AoBjSjQqpN85yoO30yVB3ckZG5DB4ID/4n:/zavmG5DB4ID/4n","tlshash":"aae38587faf121443473979c64abeae5772a0003c61ecdba77a63258cf4c6c559f2e48","first_seen":"2025-09-23T09:17:17.733418Z","last_seen":"2025-10-30T13:13:47.632662Z","times_seen":2,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/font-awesome/css/font-awesome.min.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/fonts/font-awesome/css/font-awesome.min.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: W/\"5c124a48-1019a\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5rFF29U4Csq3Hz8liASS%2FGUy3FRR1nVLvhZWTdJ30ix%2FuVQawD9q%2BsOxJFaPUhvcwYvw3bDwS5yvsxIJIU6PNg1%2Bn5taphiHa1d2SyVX0CATiZDSsrjPe%2BE%3D\"}]}\r\ncf-ray: 9838f21448fcb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65946,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5d13e4799864cdb8decff4a434f39634","sha1":"d7e6ae68ed7502d5968cca0a10fd60103358f29f","sha256":"65aeed92588fe1624611e18b5ddeeb2ae5f2543d55856753d9b3bdad1d4859ea","sha512":"731a50e3332d3fb944fbc37f621ead2a729b0ddcee13c8fbaac7c09ed096210f0c0648b2e39ffbdd5f09329583740dd6241e39b51bfef48c6db17d848d8d5f1e","ssdeep":"768:oCIMq6Y2MgKJiQ3lFyMCJETO/j9344ETncj8WifxHf9q:oClq6YNJzlFyMgE6/j9344QW8Wco","tlshash":"0553d3fe91bf10944311e095264be2c0b329b66e9c484d5cf286be9dfbc065ca186bdd","first_seen":"2025-09-23T09:17:17.734609Z","last_seen":"2025-10-30T13:13:47.626342Z","times_seen":2,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/vendors/css/extensions/pace.css","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/vendors/css/extensions/pace.css HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/css/vendors.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: W/\"5c124a48-13f\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nvary: accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f5xITEyiL4lJzLenFMQx4CWkDj6BNpfN3C%2B%2FM%2BgQm99gyy%2BkLhZqqyCx1PmZliR4O%2BHF7YPJmNKL1DR9zWbmmRQF9LHKXfzNghN2POvYEUyXIlWgkgELyt0%3D\"}]}\r\ncf-ray: 9838f21458feb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":319,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"8a484df21b7346425c6c0557b52f7a46","sha1":"9b43aef87504ae832d4ff9156799802818c3dfbe","sha256":"853923de28a989efb85d40877caa8b066feda885e454c6cffc74d18e8e500838","sha512":"98fdf993db9833a0c5123abc7d149391cb3930cb970078482b0fe666518646575ba3f8694edfa88ae944a8e624eba0e1e6f85aca8907d2b9a4e9efc32e39e196","ssdeep":"","tlshash":"eae04fac0997d524700dc8f71b32be25667691417d2ac54025e2bc01df86b5d50517c2","first_seen":"2023-05-24T03:51:21Z","last_seen":"2026-03-26T08:32:14.000005Z","times_seen":50,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/feather/fonts/feather.ttf","fqdn":"xtipnl20245.xtpxadmnpnl.com","domain":"xtpxadmnpnl.com","tld":"com"},"ip":{"addr":"172.67.203.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xtpxadmnpnl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 13:32:47 GMT","end":"Sun, 30 Nov 2025 14:30:48 GMT"},"fingerprint":{"sha1":"AB:F0:0E:03:CC:D6:84:64:CF:50:36:67:E5:76:32:AB:C1:F9:A1:F3","sha256":"A0:D5:2B:74:69:95:D1:89:5C:F7:0B:4B:76:5E:BB:A7:B7:41:87:4D:41:99:84:23:D5:A3:1E:0D:3F:9F:F1:BD"}}},"request":{"raw":"GET /stack/app-assets/fonts/feather/fonts/feather.ttf HTTP/1.1\r\nHost: xtipnl20245.xtpxadmnpnl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xtipnl20245.xtpxadmnpnl.com/stack/app-assets/fonts/feather/style.min.css\r\nCookie: tipobet_session=eyJpdiI6Inh3UDJPTFBMb1FhbWY2M3l2ZXNoMnc9PSIsInZhbHVlIjoiSmtETFF0VVp4MTM2RFlpUGlnWE5OUVFlbkhpYWYwTElpOUk1bHNDNHJ1OWJoM2gybDlMUE9OUk5qSFhEN1ZHSSIsIm1hYyI6IjZiN2EyY2M2YWE3MmNmZWE1ZjliMWQwZjc1MTlmOGI5ZGVmMDZlZjNmNjU5NjBiM2VjMWVjNGRiYjNiZGZhYTYifQ%3D%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 23 Sep 2025 09:16:51 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 58264\r\nlast-modified: Thu, 13 Dec 2018 12:02:16 GMT\r\netag: \"5c124a48-e398\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yDHUGuKLKqX1CS7yM%2BzZ09WCO4v%2BpfKj16tbqQ8dNj7tlvczwLX2K%2FUmXSCWMAzksb90CbmuP15RE%2FcCAJthgPP7qwUZmovMpchdrTDD1zysMo47kc%2FzBbw%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9838f215f916b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":58264,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, feather    ","md5":"ef0bf66f5cdfc7822401247ceac26332","sha1":"3310ebed9c7498ef70f90d91696ba37356807732","sha256":"3b8fc49b82f9fafe69de4b9d70fa2c2b6446e60f0540270e5fe2b702335dd259","sha512":"259869c326e856793ef99213579ae6a10d25e3060dde6dca634d3d90066a466f32a8eb28a9390185427e7ab937b33759f59e03ec6f100a39e2053c50f1ab85fc","ssdeep":"1536:1MTMoJeJaMr29KWoSWRV6TJ1dJPqi8o6kPQ14U0iIui7Si+2iW+k6iCoicB41KSd:gM6eJaMr29KWoSWRV6TJ1dJPqi8o6kP3","tlshash":"9943096bb79af712d79b7bfd4069a0800fbeab3c2364b7171ac38e2bd1090544458dd9","first_seen":"2023-04-05T09:29:12Z","last_seen":"2026-03-27T04:18:59.24496Z","times_seen":88,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"xtipnl20245.xtpxadmnpnl.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xtipnl20245.xtpxadmnpnl.com/tnewp/login","date":"2025-09-23T09:16:51.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xtipnl20245.xtpxadmnpnl.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 35156\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Sep 2025 00:02:49 GMT\r\nexpires: Thu, 17 Sep 2026 00:02:49 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:30:01 GMT\r\ncontent-type: font/woff2\r\nage: 551642\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35156,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 35156, version 1.0","md5":"062c1f2aaf2d4de07ad2a2f21c17ffc0","sha1":"3fd1f07343bd33a53cd374f7f107dbdf9effae03","sha256":"d5bab8e28732fe3d10dcef4f77b9c248605bbb2a87d289a2539251ceafab536a","sha512":"7ab522d8bc41128be5a15f2cb91f851f6dc5e437afbb90e6191bbe63d9b94a35911f04701fb2b291362b2ae0f0cc639dec2d15e53928afc5769590a2937e81cf","ssdeep":"768:is48okTArkNSgZJAf5jkRcaUNt8wrNPCbJktQV+n+NUB/wo8IEH:5hNTtNSgZJMjkRBUMwrNPC9NV+n+o81H","tlshash":"22f2e172c3787192ae0985760d60cec8986bb2098f7658b0143fdd38ee45345a3f6e6c","first_seen":"2025-05-29T19:30:52.507782Z","last_seen":"2026-04-04T16:47:49.398884Z","times_seen":14763,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":108,"dns":0,"connect":0,"send":0,"wait":31,"receive":7,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}