{"report_id":"8fe170b0-afbe-4245-95b8-045a5cd01049","version":6,"status":"done","tags":[],"date":"2025-12-07T15:48:08Z","url":{"schema":"http","addr":"ffkipas.my.id","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"172.67.218.170","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"title":"Verify UID - FF KIPAS","dom":{"size":5541,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4447)","md5":"7fc5b75d9e56359a9d66f43a98f4e778","sha1":"f36f5449ee2eade343564cddb5192a27a25404e1","sha256":"06180c3e803368a97ea31f8740ab92b9dd863511a048496ea85d23b6daaf8cad","sha512":"b21b7a44d02faa60a2996556f0273f7ab871bcb94ad297d7f900d833a2bf388fe8a2efbee712af86eda80bb28a9fd12c31858c3c11f45f772df82a1a4e4d25a6","ssdeep":"96:zkalSGFm+bR3kMJo1gk8s6G84ISTP9J1e+GRJe:zkalSAno1FC679J8+wJe","tlshash":"60b10b6bf9d120400117819c66a7b7bdbfbe911187054d7a75ad33bc6f8edf308a1288","dom_hash":"domhash5128625ecf67ad91d375a42e49456f5b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ffkipas.my.id","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"172.67.218.170","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-11T15:48:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":26}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"079kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"015kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"luciuscratediffers.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"roagrofoogrobo.com","ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160562,"first_seen":"2025-01-06T06:51:52.849842Z","last_seen":"2025-12-05T04:55:13.484701Z","alert_count":0,"request_count":2,"received_data":328865,"sent_data":832,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tzegilo.com","ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-01-14","domain_rank":18163,"first_seen":"2022-01-14T15:27:15Z","last_seen":"2025-12-02T02:51:33.489816Z","alert_count":0,"request_count":1,"received_data":18682,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"quge5.com","ip":{"addr":"139.45.197.114","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-04-06","domain_rank":0,"first_seen":"2025-09-23T00:56:31.907088Z","last_seen":"2025-09-23T00:56:31.907088Z","alert_count":0,"request_count":2,"received_data":233462,"sent_data":818,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":2,"received_data":45042,"sent_data":861,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2025-11-30T23:18:44.782621Z","alert_count":0,"request_count":2,"received_data":815954,"sent_data":818,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":22021,"first_seen":"2014-03-01T07:08:08Z","last_seen":"2025-12-01T07:27:17.734693Z","alert_count":0,"request_count":1,"received_data":171326,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}]},{"fqdn":"3nbf4.com","ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2020-07-06","domain_rank":0,"first_seen":"2025-10-19T12:50:36.569541Z","last_seen":"2025-12-05T13:37:21.255972Z","alert_count":0,"request_count":18,"received_data":108596,"sent_data":8794,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"079kk.com","ip":{"addr":"139.45.197.107","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2025-11-22T07:27:30.98546Z","last_seen":"2025-12-06T15:55:36.575873Z","alert_count":2,"request_count":2,"received_data":3728,"sent_data":2154,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"greaseguts.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-05-12","domain_rank":3806911,"first_seen":"2025-06-14T04:33:29.452812Z","last_seen":"2025-09-16T05:22:06.752964Z","alert_count":3,"request_count":1,"received_data":47496,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-11-30T22:18:20.15509Z","alert_count":0,"request_count":2,"received_data":40688,"sent_data":1008,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-12-01T03:02:39.026329Z","alert_count":0,"request_count":1,"received_data":836,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2025-12-07T12:22:55.152969Z","alert_count":0,"request_count":1,"received_data":2268,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-12-01T00:54:16.933365Z","alert_count":0,"request_count":4,"received_data":268901,"sent_data":2000,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-30T22:13:37.547558Z","alert_count":0,"request_count":4,"received_data":163852,"sent_data":2192,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-12-01T03:50:51.24337Z","alert_count":45,"request_count":9,"received_data":19379,"sent_data":8282,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-02T19:40:58.517983Z","alert_count":0,"request_count":3,"received_data":1142,"sent_data":1384,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bvtpk.com","ip":{"addr":"172.67.154.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-03-16","domain_rank":37068,"first_seen":"2025-05-21T11:34:02.786268Z","last_seen":"2025-12-03T08:38:58.22554Z","alert_count":0,"request_count":1,"received_data":111486,"sent_data":406,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"eehassoosostoa.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":161412,"first_seen":"2025-01-06T21:58:07.13779Z","last_seen":"2025-12-05T20:10:18.054056Z","alert_count":0,"request_count":2,"received_data":335801,"sent_data":832,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fleraprt.com","ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-01-14","domain_rank":17838,"first_seen":"2022-01-14T22:55:14Z","last_seen":"2025-12-03T15:18:32.101158Z","alert_count":0,"request_count":2,"received_data":904,"sent_data":1163,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"glempirteechacm.com","ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160043,"first_seen":"2025-01-14T20:14:16Z","last_seen":"2025-11-24T13:42:33.4662Z","alert_count":0,"request_count":2,"received_data":335797,"sent_data":834,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"6opo.com","ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2018-07-06","domain_rank":0,"first_seen":"2025-12-05T13:38:16.183631Z","last_seen":"2025-12-05T13:38:41.909207Z","alert_count":0,"request_count":5,"received_data":12381,"sent_data":3584,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"responseremainrust.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-11-24","domain_rank":0,"first_seen":"2025-12-07T10:40:01.743908Z","last_seen":"2025-12-07T10:40:05.711776Z","alert_count":10,"request_count":10,"received_data":25670,"sent_data":15342,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"grookilteepsou.net","ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-01-08","domain_rank":157025,"first_seen":"2025-01-08T12:04:22.02802Z","last_seen":"2025-11-27T12:22:09.808798Z","alert_count":72,"request_count":18,"received_data":201404,"sent_data":8998,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bobapsoabauns.com","ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":16239,"first_seen":"2025-03-26T18:52:40.148632Z","last_seen":"2025-12-02T02:51:32.910684Z","alert_count":0,"request_count":2,"received_data":100227,"sent_data":911,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ffkipas.my.id","ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-13","domain_rank":130823,"first_seen":"2025-06-14T04:33:29.45787Z","last_seen":"2025-10-22T04:00:58.45845Z","alert_count":0,"request_count":18,"received_data":7022245,"sent_data":9436,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-30T22:18:20.693037Z","alert_count":0,"request_count":3,"received_data":357240,"sent_data":1486,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"122da.com","ip":{"addr":"139.45.196.63","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-09-06","domain_rank":0,"first_seen":"2025-11-21T01:21:52.727468Z","last_seen":"2025-12-05T11:49:22.701042Z","alert_count":0,"request_count":1,"received_data":828,"sent_data":591,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"067kk.com","ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2025-11-22T07:27:30.993019Z","last_seen":"2025-12-07T13:32:24.852763Z","alert_count":5,"request_count":5,"received_data":8066,"sent_data":5624,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-12-01T10:26:05.53703Z","alert_count":21,"request_count":7,"received_data":249583,"sent_data":3155,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-03T15:19:41.85936Z","alert_count":3,"request_count":1,"received_data":85956,"sent_data":411,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"015kk.com","ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2025-11-20T19:16:59.058278Z","last_seen":"2025-11-28T08:36:45.070764Z","alert_count":3,"request_count":3,"received_data":10157,"sent_data":2348,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"luciuscratediffers.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-31","domain_rank":0,"first_seen":"2025-08-13T04:50:33.061171Z","last_seen":"2025-11-11T16:56:48.054685Z","alert_count":2,"request_count":2,"received_data":127314,"sent_data":904,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-03T06:32:40.66545Z","alert_count":3,"request_count":1,"received_data":530,"sent_data":765,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"quge5.com/88/tag.min.js","fqdn":"quge5.com","domain":"quge5.com","tld":"com"},"ip":{"addr":"139.45.197.114","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"5284130c6e5b4953d6eedca8452a9f27","sha1":"468dc194649ed01b7b24241383bf5f83a53e905e","sha256":"a61dec0a29034657f4679fc50316ed58b70823b2d8863b96d6fb1200bee98134","sha512":"157722866484908994c7d999b029250494f6081455b5cf8d52f09b95d19df9b9a66cdc49c8a4a60a6571f7631640ed4f394eed386f348ba967b3d1080621c47f","ssdeep":"3072:23dAhRf69rk3oRBpmGpq0SiSHN7TcGtgoouq:23dAIIoRBpmOSiSt7oG3ouq","tlshash":"f6b32bd67266746a166e502444a7ec0db5be8c81008dcdb8f0a5bcb22d74f12d3e7fe9","size":115823,"data":"","first_seen":"2025-12-05T13:38:22.911134Z","last_seen":"2025-12-08T04:45:03.050693Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"172.67.154.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cf86b9e5b6654d3b3e5d959023d2ce9","sha1":"0fac1cb9b46fd22ec3b995d9f3513eefecf2cee5","sha256":"a48c406cb29de85a544dc2b517775395bc360a5078d2c7f02804abfd2180add3","sha512":"9c51e1c471d7afe6e707817d4e2ac7685e40a2b932ae1ac999f95f0883278f8ba6f5955ac8a41e0b0a3000137a004a2fb2906ae6807713c99901262279491ed0","ssdeep":"3072:a3dAhRf69rkboRBpmGpq0SiSHN7TcGtgj:a3dAI6oRBpmOSiSt7oGA","tlshash":"85b32ad67266746a166e80244597ec0db5be8c81008dcdb8f0e5bc722d74b22d3e7fe9","size":110304,"data":"","first_seen":"2025-12-05T13:51:43.743231Z","last_seen":"2025-12-08T12:23:35.340115Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"13fc07ea33ee9fefca0eeec8bd24b1f9","sha1":"46db5ad22f5604a2ce1af6cf7273ee02f8cd3376","sha256":"c5cc4bf1ab36dd0723b5baae92751402a19511c9fd9ea70038e89cc22b17e355","sha512":"3adef94e51ccdd9c70c57d144fac9789fb3121a0c15673746e5755f1f597f54779f7056838b214b75aa52fc02a2ef63d6e10783fc666e4e536d12df32dc856cc","ssdeep":"1536:Z8O1lePn8+HTNf2CuFWa2oiLk5UjC2/pz7q9Psg:pXCYz2oiLk58C2/Zvg","tlshash":"dd2309437cbeb9ba07e164c5883f8d8843aadd50b41fd8e6f00d59961477006a3abfb5","size":49615,"data":"","first_seen":"2025-11-29T06:05:08.14181Z","last_seen":"2025-12-10T13:35:12.858098Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"286cd1da02a775f8978b0cff8ec39e83","sha1":"64ac0881f44018d03324406702789f6225f11924","sha256":"d7551c582f9bee776dcdd5758ba2d8e1d27236668217e9f6ab5aa585af512ace","sha512":"de4d62ddc27cb08d7da8e1141f6efbe039fcadf2ce172ceaa2f8f950c06c35efc50fc2efd28b9e2d72db93b99b33facf46649acb4f6d0ed9dc4926d300f71da0","ssdeep":"1536:8nghuoThwzHkOcmt/kt566sb3kGT75+22z7IB6xbKm/TKo6x1:8nylTh8HkO5kG5+J4B6IGBE","tlshash":"2e53c9922f72ec5513f567d3e01fa212d3558950b8a6f4a0a51ee5e314210cacfebee3","size":66219,"data":"","first_seen":"2025-11-28T16:11:53.051435Z","last_seen":"2025-12-09T15:44:25.322077Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c8b48aaea8e353f6f49f2ea7e2e0387","sha1":"62e6f7a007d8b50150832c540f23a0b487e8925d","sha256":"9515363edd6ea7aab145f2a396ce08ad7c48e72a261d729b5d00be6837653e37","sha512":"f1a35128f6838a7d3aa922e559bf1e78d6d3c9eed4c5b07e088ef117956e7c6c2f413b970f7578d6759516670f5b07fc1754dbc2e94cb9f395fbc9f05481a469","ssdeep":"192:NvJULiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:NvaLiEWiFiHn1VuexjrHnAym","tlshash":"8222530409bada21c45ca02f207e2296f7240a57ad7abfd4bbc901045fdd95fb5b863f","size":10330,"data":"","first_seen":"2025-12-07T15:48:18.463471Z","last_seen":"2025-12-07T15:48:18.463471Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"286cd1da02a775f8978b0cff8ec39e83","sha1":"64ac0881f44018d03324406702789f6225f11924","sha256":"d7551c582f9bee776dcdd5758ba2d8e1d27236668217e9f6ab5aa585af512ace","sha512":"de4d62ddc27cb08d7da8e1141f6efbe039fcadf2ce172ceaa2f8f950c06c35efc50fc2efd28b9e2d72db93b99b33facf46649acb4f6d0ed9dc4926d300f71da0","ssdeep":"1536:8nghuoThwzHkOcmt/kt566sb3kGT75+22z7IB6xbKm/TKo6x1:8nylTh8HkO5kG5+J4B6IGBE","tlshash":"2e53c9922f72ec5513f567d3e01fa212d3558950b8a6f4a0a51ee5e314210cacfebee3","size":66219,"data":"","first_seen":"2025-11-28T16:11:53.051435Z","last_seen":"2025-12-09T15:44:25.322077Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-04-05T10:51:11.411658Z","times_seen":28885,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"13fc07ea33ee9fefca0eeec8bd24b1f9","sha1":"46db5ad22f5604a2ce1af6cf7273ee02f8cd3376","sha256":"c5cc4bf1ab36dd0723b5baae92751402a19511c9fd9ea70038e89cc22b17e355","sha512":"3adef94e51ccdd9c70c57d144fac9789fb3121a0c15673746e5755f1f597f54779f7056838b214b75aa52fc02a2ef63d6e10783fc666e4e536d12df32dc856cc","ssdeep":"1536:Z8O1lePn8+HTNf2CuFWa2oiLk5UjC2/pz7q9Psg:pXCYz2oiLk58C2/Zvg","tlshash":"dd2309437cbeb9ba07e164c5883f8d8843aadd50b41fd8e6f00d59961477006a3abfb5","size":49615,"data":"","first_seen":"2025-11-29T06:05:08.14181Z","last_seen":"2025-12-10T13:35:12.858098Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cce02aada5691435cd5178dfa8523749","sha1":"616b7926b02e1ae884cc1cdfe9ef74a4ddb48368","sha256":"d8a9e129c4164198a7f9574c0a605de5381c145b3f58ee1d5c4e1fa139dc4833","sha512":"c1f1efcc367c6771b2eb337dc267f4a744487fa9a691cdda23e1887f3c3a07c36572662ead3465c1311d236ababf6a3508bd4d4bf62b0a951a20547b8f851df6","ssdeep":"","tlshash":"c9514b3815795ae423148c211d4e09171ab6ed6d812fc006bde6ff2aea40b4dff1ba7c","size":3116,"data":"","first_seen":"2025-12-07T15:47:42.720633Z","last_seen":"2025-12-07T15:57:24.157515Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","size":17879,"data":"","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-05T10:10:49.615153Z","times_seen":6363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9895349","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f084c294003f6ab0861f97c56ea7f49","sha1":"d6f2e8597880b3b887559a9ba2a0c483a5a18ddc","sha256":"623ba969515db64159446cd27e4da257daac0c8d6d32f685a52fb863159356d3","sha512":"749d39e1eb122113c065d3298fb2065e7263cb8667794f0f9ecfb235c402b6dcf35add1e77fec003ea0c049f99cfda1a3762cec29b6c2a8ab12a960b3659cbac","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTSwGxq6/2DRaTIJSKjuEOVEABn:/IBCcpySwZ6/2DRaMsKCZbBn","tlshash":"e5f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","size":167001,"data":"","first_seen":"2025-11-28T16:11:53.055324Z","last_seen":"2025-12-11T12:23:25.693667Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9895350","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"7817cc2350b18efbae774f3595109b1e","sha1":"7fb17d4f7f1a3d7ad5a09f74d59a74d6745f1de1","sha256":"d2a5798ac99c3380e218d787f9f5ac823b8c12ce5187a4b54bb714eaa9b1b19a","sha512":"18855f0f2f5fde0d09d2de8e3a1e1da5487b3f5c392f79cfc914956256ddff6541fbe85887fc4e0fd9afc24f12031d10a70675c4f1554e3fe252f4dc683c9324","ssdeep":"768:miA8yco532XzPyngylPx7yAFyl87KZcTeedpnb35PZ7yoVkG+Szs9G5NsKsoTcy:s6IZ7yAu8ftoksK/cy","tlshash":"64d2b8513ebb689127d567c3d07fd06a93a6d60434aff5e3a50d658228620c6cbb3e23","size":29422,"data":"","first_seen":"2025-11-28T16:11:53.152821Z","last_seen":"2025-12-09T15:44:25.300973Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9895348","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"333e465ea2151c587b84a27fbca0b2bf","sha1":"b76463cd20cd646cd3e220f0727e3bfd493e3202","sha256":"044e63115693540c1ee131b2530396453f95047c83c788d31bf8117740eb1a78","sha512":"90dfcd686afc36f2d3fb9c349c3a07eec6c48deea5e37844eddc1eecc78e2c0a5fbe61c426865d3eb93913374c82a2d557b325214500f8b93b95ab303331d1c5","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTywGxq6/2DRaTIJSKjuEOVEABn:/IBCcpyywZ6/2DRaMsKCZbBn","tlshash":"34f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","size":167001,"data":"","first_seen":"2025-11-28T16:11:53.021697Z","last_seen":"2025-12-11T17:55:12.815302Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"quge5.com/88/tag.min.js","fqdn":"quge5.com","domain":"quge5.com","tld":"com"},"ip":{"addr":"139.45.197.114","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"5284130c6e5b4953d6eedca8452a9f27","sha1":"468dc194649ed01b7b24241383bf5f83a53e905e","sha256":"a61dec0a29034657f4679fc50316ed58b70823b2d8863b96d6fb1200bee98134","sha512":"157722866484908994c7d999b029250494f6081455b5cf8d52f09b95d19df9b9a66cdc49c8a4a60a6571f7631640ed4f394eed386f348ba967b3d1080621c47f","ssdeep":"3072:23dAhRf69rk3oRBpmGpq0SiSHN7TcGtgoouq:23dAIIoRBpmOSiSt7oG3ouq","tlshash":"f6b32bd67266746a166e502444a7ec0db5be8c81008dcdb8f0a5bcb22d74f12d3e7fe9","size":115823,"data":"","first_seen":"2025-12-05T13:38:22.911134Z","last_seen":"2025-12-08T04:45:03.050693Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c400b6caf9a483fdf30040a68180edf6","sha1":"353009fe7391c469ae904e6f51d8189c44db7ba9","sha256":"b8686d0f7a944b97f0149db999d624c4e4166665c7f13161f1320c4363bd3be7","sha512":"86ee66bcef7186a6867f34ec12c54b7f670f5a0ffc5885996f606b1531982baf80ada386b970a4ab6a70b5dca43dc1ef3d3be29a3a23fcd462468715675da754","ssdeep":"","tlshash":"ec110c27022549efcef516c62e2f65850cf49f514d49e4e803d1fc4294f4bc282aef28","size":916,"data":"","first_seen":"2025-12-07T15:47:42.718783Z","last_seen":"2025-12-07T15:57:24.156688Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"deca10ed55276c5343d45e7e65a7c2b3","sha1":"2722048a4b186fae945ebc86bbe919e4061a5bb3","sha256":"08966ace5a66642e5f4f432d853b3467ebf1457c6bb6eaa2cf565721ef4e5730","sha512":"aa3e5eb001cab0c2552a373f28dbfce59bc80d26d40ac053f15d5424e8d3252dd5a19f1f316b497d958cd587365751763333fa1fa6e4d0264449139ae4a201d0","ssdeep":"","tlshash":"1f51150428b8f73c43932166347f489580302d15af59fd84c2675ee43a63a21276f5ff","size":2447,"data":"","first_seen":"2025-12-07T15:47:42.71966Z","last_seen":"2025-12-07T15:57:24.160101Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ba57942a84401e1495876d13875936b","sha1":"b54d76573e8b910004c735562cc9c99c509796ba","sha256":"4817e8aca4b2496ed629f824a7ffa4d44b5900856eb16e5f4a5f61b63a858c0f","sha512":"cf9cc3936d8c8e080d2e2b86d39ff3929e3ca9e610aba6a5111b0b80c2e6f45de597e3f95a9c4e8dd554f88168f225cedae77f0fbae48e35988da889ef472785","ssdeep":"","tlshash":"3071d03a71b2243bc07769aba34b42567a312043b446c5063f7ccb491f635b5a963ade","size":3769,"data":"","first_seen":"2025-12-07T15:47:42.716901Z","last_seen":"2025-12-07T15:57:24.158402Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"10774578e86c6b4d4588352a3a1ca884","sha1":"a63894432d899c3c4637c56f7697ed886f3b0fcd","sha256":"77934db433654535dff5683f6d001e95d8520b72f041ac75de79d3e5dd49ab0c","sha512":"f6aeceeb2ee345bb56e90e67b8d3422703a70691af289296c9844f96d67935d8987aef0145bd8b59e2b24bf6a2b2c77c0ac5d5886f3fae0187956f4743c1d1d7","ssdeep":"","tlshash":"06c022b464e5943000140099707bc6e83834311864a26080c48db81c9e30fd30462c64","size":187,"data":"","first_seen":"2025-12-07T15:47:42.717758Z","last_seen":"2025-12-07T15:57:24.159293Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9895350","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"7817cc2350b18efbae774f3595109b1e","sha1":"7fb17d4f7f1a3d7ad5a09f74d59a74d6745f1de1","sha256":"d2a5798ac99c3380e218d787f9f5ac823b8c12ce5187a4b54bb714eaa9b1b19a","sha512":"18855f0f2f5fde0d09d2de8e3a1e1da5487b3f5c392f79cfc914956256ddff6541fbe85887fc4e0fd9afc24f12031d10a70675c4f1554e3fe252f4dc683c9324","ssdeep":"768:miA8yco532XzPyngylPx7yAFyl87KZcTeedpnb35PZ7yoVkG+Szs9G5NsKsoTcy:s6IZ7yAu8ftoksK/cy","tlshash":"64d2b8513ebb689127d567c3d07fd06a93a6d60434aff5e3a50d658228620c6cbb3e23","size":29422,"data":"","first_seen":"2025-11-28T16:11:53.152821Z","last_seen":"2025-12-09T15:44:25.300973Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9895348","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"333e465ea2151c587b84a27fbca0b2bf","sha1":"b76463cd20cd646cd3e220f0727e3bfd493e3202","sha256":"044e63115693540c1ee131b2530396453f95047c83c788d31bf8117740eb1a78","sha512":"90dfcd686afc36f2d3fb9c349c3a07eec6c48deea5e37844eddc1eecc78e2c0a5fbe61c426865d3eb93913374c82a2d557b325214500f8b93b95ab303331d1c5","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTywGxq6/2DRaTIJSKjuEOVEABn:/IBCcpyywZ6/2DRaMsKCZbBn","tlshash":"34f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","size":167001,"data":"","first_seen":"2025-11-28T16:11:53.021697Z","last_seen":"2025-12-11T17:55:12.815302Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"luciuscratediffers.com/edb436ac16df38178d554d87def407b2/invoke.js","fqdn":"luciuscratediffers.com","domain":"luciuscratediffers.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff01303cfbadd30c4aae81f634dc1ab4","sha1":"5cabd7afd017eafd42283b17c6fca9af54cec86e","sha256":"9258006f32c56a2acdcaa32620a736e72b19d4d376fc32e9e886c73ac8979096","sha512":"bbb08048cb2873130fbf464424f8b59894c79aebfdfb9eb3551866c7490d910f5b37444d8b20646abf2045751971a84e102129bd1d99cdf0556e0660ecdd0a4c","ssdeep":"768:pL+PQP8Og7EDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPwXkI43KX:pc7EDR6fCoM4R/Zyw44XkIP","tlshash":"1b13d79a7f91b5ac0376b47b143f922ef6399d0260c8c9acd103e8952f9ca4dc13db59","size":43737,"data":"","first_seen":"2025-12-07T15:48:18.451963Z","last_seen":"2025-12-07T15:48:18.451963Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9895347","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f60962cdac6d77f7d98f8a605c739918","sha1":"68779dd39241541026a780fc3136cd5f774ae4c3","sha256":"9a4c508eb623d94196169fbc159686ff7d1415cd0c8a41d33d889cf8a9ca7bb1","sha512":"5ffce5194ebde567f952b1d3757942757f6880002fd0bb70534f0731c896cfd584a0256a69f739351be670ed505cbbe48803cbbf512b71ad0d0e612506d8176d","ssdeep":"3072:dAJaOTmnhzMm3hmdkJ75lL6glltCzWdykmX9qNdHjiH8WkIYICrdbmC7f06eBoAf:dAJaOTmnhzMm3hmdkJ75lLPllcMykmQ2","tlshash":"23f3e888b192b1512e735534352fd20ea9afab60544e4980d0dbe1b27f3706ed377ed8","size":163529,"data":"","first_seen":"2025-11-28T16:11:53.131036Z","last_seen":"2025-12-11T17:55:12.810469Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","size":17879,"data":"","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-05T10:10:49.615153Z","times_seen":6363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9895349","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f084c294003f6ab0861f97c56ea7f49","sha1":"d6f2e8597880b3b887559a9ba2a0c483a5a18ddc","sha256":"623ba969515db64159446cd27e4da257daac0c8d6d32f685a52fb863159356d3","sha512":"749d39e1eb122113c065d3298fb2065e7263cb8667794f0f9ecfb235c402b6dcf35add1e77fec003ea0c049f99cfda1a3762cec29b6c2a8ab12a960b3659cbac","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTSwGxq6/2DRaTIJSKjuEOVEABn:/IBCcpySwZ6/2DRaMsKCZbBn","tlshash":"e5f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","size":167001,"data":"","first_seen":"2025-11-28T16:11:53.055324Z","last_seen":"2025-12-11T12:23:25.693667Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9895347","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f60962cdac6d77f7d98f8a605c739918","sha1":"68779dd39241541026a780fc3136cd5f774ae4c3","sha256":"9a4c508eb623d94196169fbc159686ff7d1415cd0c8a41d33d889cf8a9ca7bb1","sha512":"5ffce5194ebde567f952b1d3757942757f6880002fd0bb70534f0731c896cfd584a0256a69f739351be670ed505cbbe48803cbbf512b71ad0d0e612506d8176d","ssdeep":"3072:dAJaOTmnhzMm3hmdkJ75lL6glltCzWdykmX9qNdHjiH8WkIYICrdbmC7f06eBoAf:dAJaOTmnhzMm3hmdkJ75lLPllcMykmQ2","tlshash":"23f3e888b192b1512e735534352fd20ea9afab60544e4980d0dbe1b27f3706ed377ed8","size":163529,"data":"","first_seen":"2025-11-28T16:11:53.131036Z","last_seen":"2025-12-11T17:55:12.810469Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"luciuscratediffers.com/a2/c6/c7/a2c6c77dde0f47e335c307a84b4f8205.js","fqdn":"luciuscratediffers.com","domain":"luciuscratediffers.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e2ddb37f3ff992db7e4a48d31d93f64","sha1":"cc5f6fccb7069462ad76ab39d7f250ec6abfe922","sha256":"7899e11d67d053d9a74da358af12c2e1dc7ee1883de877b2f8e289c3e6d58526","sha512":"fdc39431ba08d73dc014a3c64f7dc9c1a7a26e8dce54e187dcbcd23267e6ee426683c87ad241bc3e8488164692e338eb223abe37b9ffc2eaecabbf17aa0f6e89","ssdeep":"1536:h3Zs5j4xaqmOxiaZ0ob3meMv6Iqyi1+9deW:h3Acx//xiaofv6zO/","tlshash":"8e83c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","size":81881,"data":"","first_seen":"2025-12-07T15:47:42.701523Z","last_seen":"2025-12-07T15:57:24.101063Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/js/verifyuid.js?v=1.8","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aeb4fcdcf9981f64ef4fd20a258e2666","sha1":"33fd579558cf2e4af341d9f3ca153cb5d60ad10e","sha256":"a1ad35e8f88845236a7eef8c85a7aea7d9aa70718ea85ffa4778d365f6e5e9b3","sha512":"22a9b755485916058943aa5b6be669b776adf69cd6bebdbefdc3734fa0687b1d534978a3c7a9bae8a57c4cc2a4459e210436db20174fe1ea11308933785a7464","ssdeep":"192:3Qtpe35jG1sYOTSnhhahrVdZYnpPyhhRtu:LpS1tvhhahrt+yhhRtu","tlshash":"c5122e96292c013a47b7627edad3514afb37081b69234312bd7d81080fb2954e76affd","size":9549,"data":"","first_seen":"2025-12-07T15:47:42.70497Z","last_seen":"2025-12-07T15:57:24.119548Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/pic2.png","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/pic2.png HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/assets/css/verifyuid.css\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 15:37:15 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 391788\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 45\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4QAuh318nYFwwCNDjarorCxqVDIUgMwoZzEY%2FrZK6%2FcSkxvkTftVCIhVSIG5CEioPy298SxfOfDJWLudErVfryNg7j8jeeTO77CC\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529f80f92b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":391788,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1704x786, components 3","md5":"e6af965b7d4179527c41a90df3311755","sha1":"d91324bd3df2bb572c5399e5f2801fe2012db146","sha256":"cb9f1654a586ef7ad64489bf02b6afad59ca2b8b2b02ceaf5fd1e8bf13a56785","sha512":"c02c88dd02c420b4b4751c53477a31dd9bdc54b48ca49ae8f54d3abddec1c394b34a73ff48a75386c6d37e4e56995763fbc959144807f263c5ce3d450c35d511","ssdeep":"6144:wsi4MYj4EGbUxnjCkbscCcjVYSeSFjmq6vjpnV3hzjHhcBrnhKE:O998OXAjeSFK5vjpndFrK11","tlshash":"f584f127c809c362a55c03e8fd436d6c1a1b5b6de6da6beb10224fcfbf992050dc916d","first_seen":"2025-12-07T15:47:42.69537Z","last_seen":"2025-12-07T15:57:24.105721Z","times_seen":5,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 150124\r\ncf-ray: 9aa529f80bd15687-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"6421d693-24a6c\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1344435\r\nexpires: Fri, 27 Nov 2026 15:47:51 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=24sVAx0XjHxNF2Vpu9cBn4uYpAbVm8n%2FvJCBHEPqyl5V8aYVo2N8fgP7z2ZZqciv1jgMlUh9A%2BWwCB%2FCyT7oOmKw9D9%2FyN5dEK6%2FEaVLQat8k9wq5pf59s%2BG525Ja%2BsbUjPCTLf0\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":150124,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 150124, version 772.256","md5":"c64278386c2bbb5e293e11b94ca2f6d1","sha1":"6b99aa650bd12a36caa14e0127435d8f4cd3ba73","sha256":"7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880","sha512":"0ccdc1515510d902c0b4a48b863c48bad86e1f766b1f9c890a64e28d91ee7c6d488241c531fc094d15b29c211da71e092587a987e24ee8e67ef8ea99c284e821","ssdeep":"3072:7sCbk7w0ZXdkN6iMjif3Lr7x7wAtf+D7gDk1feXDLnurWHqrNIuv5n0:7sCbkFZXdC7MaLr9w2mIY1feXXurWyNW","tlshash":"28e3123cf2c6d486735f5aeadb79636894fd0a2e74ecc67d26b982112048f828174d1d","first_seen":"2023-04-09T20:30:06Z","last_seen":"2026-04-05T10:40:14.443906Z","times_seen":30545,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6opo.com/wrr?z=9895346\u0026p_rid=88d14b94-1f8f-461f-9799-83ed904508e0\u0026rb=CrbJQoe0MGFrYcop4mlH-Y86Adta2xP6o0neB4yFkLM15FOwnfkopCkCTLjstw22XxRHbrrNu6f2VrcRC67CwzKx6xA1L1c7V3QehxWbbbORzwUR3C2YKSTpBjTPVKE9c62TRY_8MsftWAeKwVXoROJjqk-61y-V17Sp3Vura7REIETikl64kwG9Z7Ui8aV7k_dRPKuxSoAjnqRr5IPNu7aQ-VJvLNCxzkpopRFj_q9dY_AUUxMzMInbz5DZp_ii99FdGlG51xfSmD6qF-gvdMuJ3bwywqf0qwYm1w2p_2hyH9-o\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9","fqdn":"6opo.com","domain":"6opo.com","tld":"com"},"ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"6opo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 23:08:12 GMT","end":"Thu, 01 Jan 2026 23:08:11 GMT"},"fingerprint":{"sha1":"12:6F:03:3B:FC:49:A3:E1:60:52:64:59:B1:4F:E7:2D:91:98:E1:BB","sha256":"0C:C0:88:D7:18:66:94:1D:10:EB:04:76:F9:82:7D:86:D9:84:E2:65:9D:D8:12:8D:C2:DC:16:34:BD:40:24:9D"}}},"request":{"raw":"OPTIONS /wrr?z=9895346\u0026p_rid=88d14b94-1f8f-461f-9799-83ed904508e0\u0026rb=CrbJQoe0MGFrYcop4mlH-Y86Adta2xP6o0neB4yFkLM15FOwnfkopCkCTLjstw22XxRHbrrNu6f2VrcRC67CwzKx6xA1L1c7V3QehxWbbbORzwUR3C2YKSTpBjTPVKE9c62TRY_8MsftWAeKwVXoROJjqk-61y-V17Sp3Vura7REIETikl64kwG9Z7Ui8aV7k_dRPKuxSoAjnqRr5IPNu7aQ-VJvLNCxzkpopRFj_q9dY_AUUxMzMInbz5DZp_ii99FdGlG51xfSmD6qF-gvdMuJ3bwywqf0qwYm1w2p_2hyH9-o\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9 HTTP/1.1\r\nHost: 6opo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ren.gif?sid=H4sIAAAAAAAC_1RSz28bRRiddSsO5YCgwBH5SPnh7Nprx6aHilCCooYkpEGRQBxmd2adwbM7y8yu1_EpIhKqOBnEAbiwfk6aAgXBHwCqHISEKiGxJyLRXJA4cUGVekbrWgp80nw_5s3hfe_NB-P0lDSQ0pON19VQSEkXmjW7-uy2iJjKTHVtq-rYNftydVtELfdydVAm3X_Jabg1-1L1Ne731ELddmzbsZ3qstA8UIOFGQoR3-44tY5dc-s1p-lioP8_m9SCoRZY_5Q8AcGKx_4M3obwp4jC765y00tU_MKrYSppojT67OjNqBepLEJ41gbaQhAdzV9DmYKQTytQ0dF8A6j-QbkBPFGQytP34EVHc5rw-ocPmXoSPILHHkXWn4LLKQSdwlf7EOw3AvgMa-uIwptrSmd09yFKS7Qg5x_ch8gKcv7ek4jCb5ekGFSvK5kmQkUGgyCHGEwhulPE6TGSoQWRHcNP3odgv5KFB6uIwoN1IxUEy2fbi2AKaiyk5REW0sBCGlsI2UnVtduu79BGK-gwf9F2qesy7tmddt22acdfROqXtEZI4hF8OYKv9xDrPfTERwWxzv0Bnd6B2clhmAWTFMR6Yw99liPjBJkhyChBJgiyhCDr54dMmrrJbzJpUs-Z1_q8NvKJSrpjeqiSLo8IqB5Bs_xAxO-ZffjJuckwMGyiykS9JJ9Qj-Xj-JQ8XkpnffL3ffT4SZUzz220qO-0WNBoO4tt1my6rL3IeODai14dRuQQpjJTZSgKcu3FKWJRkEvPPwOPHsPIY_jiKdDUAc1y0J0cw-ibIOiJmJpauFsTDEzliJPzSHatsTwlFyebW0t3Zha-8_vP4P5dMg_4Okesc7wrfiLoyhuTTZWRg02VGfL9epyIUAxpae_1hCb8ka-u8d1MabZy1Yy-fNkvgbK9vcVNskojJqKuIV8vCca4Xlba5-SHFbPNvY3U7CylOkrj1Y1XllfCWHNjhIqmoKIgF_75EL4oyMUfv5h93eZzf8GP92DiM55GEXixBSkIJD-7p14O85_ZO-vH5ga6ugKa7CMKc_R1jr7MQeUIJr0wSWJ998ovn5XxOTxZmXhSVw48qeXHM50K8tatKzDipNqse41Wu93iQekaa9QbrNO0ecelnZbbcZtITCGa41v_BgAA__-p6xj-YgQAAA==","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz28bRRiddSsO5YCgwBH5SPnh7Nprx6aHilCCooYkpEGRQBxmd2adwbM7y8yu1_EpIhKqOBnEAbiwfk6aAgXBHwCqHISEKiGxJyLRXJA4cUGVekbrWgp80nw_5s3hfe_NB-P0lDSQ0pON19VQSEkXmjW7-uy2iJjKTHVtq-rYNftydVtELfdydVAm3X_Jabg1-1L1Ne731ELddmzbsZ3qstA8UIOFGQoR3-44tY5dc-s1p-lioP8_m9SCoRZY_5Q8AcGKx_4M3obwp4jC765y00tU_MKrYSppojT67OjNqBepLEJ41gbaQhAdzV9DmYKQTytQ0dF8A6j-QbkBPFGQytP34EVHc5rw-ocPmXoSPILHHkXWn4LLKQSdwlf7EOw3AvgMa-uIwptrSmd09yFKS7Qg5x_ch8gKcv7ek4jCb5ekGFSvK5kmQkUGgyCHGEwhulPE6TGSoQWRHcNP3odgv5KFB6uIwoN1IxUEy2fbi2AKaiyk5REW0sBCGlsI2UnVtduu79BGK-gwf9F2qesy7tmddt22acdfROqXtEZI4hF8OYKv9xDrPfTERwWxzv0Bnd6B2clhmAWTFMR6Yw99liPjBJkhyChBJgiyhCDr54dMmrrJbzJpUs-Z1_q8NvKJSrpjeqiSLo8IqB5Bs_xAxO-ZffjJuckwMGyiykS9JJ9Qj-Xj-JQ8XkpnffL3ffT4SZUzz220qO-0WNBoO4tt1my6rL3IeODai14dRuQQpjJTZSgKcu3FKWJRkEvPPwOPHsPIY_jiKdDUAc1y0J0cw-ibIOiJmJpauFsTDEzliJPzSHatsTwlFyebW0t3Zha-8_vP4P5dMg_4Okesc7wrfiLoyhuTTZWRg02VGfL9epyIUAxpae_1hCb8ka-u8d1MabZy1Yy-fNkvgbK9vcVNskojJqKuIV8vCca4Xlba5-SHFbPNvY3U7CylOkrj1Y1XllfCWHNjhIqmoKIgF_75EL4oyMUfv5h93eZzf8GP92DiM55GEXixBSkIJD-7p14O85_ZO-vH5ga6ugKa7CMKc_R1jr7MQeUIJr0wSWJ998ovn5XxOTxZmXhSVw48qeXHM50K8tatKzDipNqse41Wu93iQekaa9QbrNO0ecelnZbbcZtITCGa41v_BgAA__-p6xj-YgQAAA== HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3066ee5b9648f2f6ec4f8be14d06f54b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":271,"dns":1,"connect":95,"send":0,"wait":94,"receive":1,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 75865\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:25 GMT\r\netag: \"68b48981-12859\"\r\nexpires: Tue, 09 Dec 2025 15:47:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75865,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:50:24], progressive, precision 8, 320x240, components 3","md5":"690ac1a706457911a7cce051678a1aa1","sha1":"4883b6be15aedcb4f227ff96f470f06fce68ec23","sha256":"26425b8fffaa9a2084accf391313c0e8739affab7321037b0a159a434691cc10","sha512":"a085e66651c6c4caa18b0812d692137e6275d3e75eb6067931e984230a82a25a34fac0187a291c193f8f1e0e7a300c5610377500bcdc64c003ea791725641920","ssdeep":"1536:T9BsHbdwiQ9BsHbdwi2CKarAz12ABWNAYUuy1NOqKhE0fX19xQST:JydaydbKX8A0AYUu2wqgE0P1s8","tlshash":"0573020a9702ac21fed191770ae2e7b3b562e77d9753744afd9c2c153b60199884a3c2","first_seen":"2025-09-02T18:13:44.363283Z","last_seen":"2026-04-05T06:24:14.884003Z","times_seen":1292,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":31,"dns":1,"connect":19,"send":0,"wait":38,"receive":28,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 351\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":351,"data":"{\"timeOrigin\":1616,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"2a30e9c3-55e0-4695-a45c-7c298f8c5421\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"before_prerequest\",\"previousEvents\":[{\"ts\":1765122466722,\"event\":\"init_micro_tag\",\"event_data\":{\"timeOrigin\":1601}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 438\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":438,"data":"{\"timeOrigin\":923,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"3f90af1c-43c2-4edf-a373-ba7648ca514d\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"after_prerequest\",\"previousEvents\":[{\"ts\":1765122471735,\"event\":\"init_micro_tag\",\"event_data\":{\"timeOrigin\":915}},{\"ts\":1765122471741,\"event\":\"before_prerequest\",\"event_data\":{\"timeOrigin\":922}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"067kk.com/400/9895347?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true","fqdn":"067kk.com","domain":"067kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:53.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"067kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:44:13 GMT","end":"Tue, 17 Feb 2026 10:44:12 GMT"},"fingerprint":{"sha1":"45:EE:26:70:10:D7:95:CA:56:73:B1:50:1E:20:7C:F2:03:2E:BA:9B","sha256":"C2:E3:12:F6:02:1E:57:20:4F:4D:EA:6F:1B:B2:7F:8F:B9:CF:27:B9:B0:A1:3E:5F:CA:5A:7E:E6:CB:D6:69:D3"}}},"request":{"raw":"POST /400/9895347?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true HTTP/1.1\r\nHost: 067kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 3325\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3325,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkEVkYLASoQTktDClBGTBkCRExXAwAfFA4eFkpPUhRLDk4+HQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQXEdQQB0yU1xHUxkQHAxXWAhFW1MSHw9JSARCT1lJbEYeRkNZWUBQABUbW1pCSQddCk8NCR8UHhYfSk9SFEsJVUNQXkdQWglPDQkfFA4eW1JFThoHGxtbW0JJHFUeTw0JHxQKEFtSRU4aDA9YDUhUW14WBg4VAwMaWAAUSk9SFEsLTRVIVFteFg0FaFZRXFheSURXDE82Dl1DUF5HUFsdDkdMEQxKSFsAHAZcDBcbW1pCSRFcMQJVU2xfFAAcEFdYCUVbTggEMQAXTR0yW1xdUQ4MW1JFThoKFlUOGDEPF0QaBRUDAxpYEhwGEQ1KS0MJTUgJCh9RHgxTShEMSkhbBhk9VgUKG1tbQkkRWwICRWZUVxcRDUpPUxRLCV8NSFRbXhYNHl4bCQZWRhoEAUACWVUbCxkeSUgEQk9HV0cUQFRVSgUMSgpbA1NGTBseVRoLWEteaR4BDQ0WFlcbWwNURkwFF0dMVwQIThpYFhBKT0BUBQ9UEQMeDlAYTB9BGwkUNwEKCVdOGhsJSUNQXUdQQBQCFQMDGlgTDkpPUwpRSRVDHQZJSAVeXwMVEUETE1tSRFAAWVUbFgMGSUgFXl8DFRFBAkZDWFlATxBbA1FGTAIKFlRdGxtEUBlGQ1hZQEsIERtbW15ZRhhMHl8bCQdKVk1EVxFPS0MIU1JeR1BHDxoVAwIEQlRVSgERZw0cTQQJGg4WFlRdGxtZRQ8FW1JXL1cTEFUNC0FeXARORWBQXVIVEwpIOzYYWEkXUVFOPBtaWFkMGUsATl9ZGgNYCVpNF1FDTiwXVwUCGAsDB0pUSFhEQn4AC1wHBRZEQwdaQwcbHxQUFFtSRE4aGR0bW0gHBQZRHANWVR5GHgJUHhwHTwwLAwgZPiJJXQAZUktdVxZJCQwTT04AHE4EGFQCAWQnVl5XR1MIChgEWBJcD1RPCA8ZDgAOBx5ncAhfFBAcGhsDVEQJXQdHGAIXQwsfDVBAZjNfEAYBB0oHGFVMGgoNX0IHCEBcQQwTFykhTkAUSxFQDUhUWl4WGwRTGwlYDwgVRFcGSg9bA0MCGh8CR1RCGF9VXRMUGBtbD0FHEF1OSEJJAlhMVxVRR0IKF0NHWgReAhBJABlABgsaBwkYT1ZEEwIAHRwGGkVbVwZIVFteFhoXFQMRYy4nW0RXDFpLQwhNSAAKAhZUT2BQXQVIRlVKBRYaU0kVQw8YCh4WVF4AFRFeGUZDXE1OGg0UG1tHX0dQRhoZFQMeB1ZGGgAqDVoDWwNRRkwFBRZUXBsbRFJYXh8JGRFdRVtWEgkeHlAOTCFeV0ZOWhxBXipUDEtVGwkDCg8XWkxXUVhfRR9IWwsdPVcLE2YIBAoOChZUQAYVEUETCiYDEBtLNhVcDw0aA1AOXF4FFRFVFQgWGioGXRkNUUNQXF9eFhgIWV1cRFheW0pZQF8IFFwRCwoYUA5eQRVXXxRARhwGWDdrS1UbDwYdSUgWCwMabGAaHwpbRFcBVwUWSz4NDwYHQExXFUpBURhGVUoFBFRLQxtDRkwIHkBMV0xEHxQQFwlKT1MUSwlXFUhUW14WHgNFWhEMSkhbGBkDTA8WSww1Cg4GUQ0ZWEsRDAFGEBsqA1YNC1YIDkxRFFUCHlIVEV8JOw0aHAZdBw0bWwwPBwFRQk9eSmxVEhYWBRwXVTZBDz4FHDQcURkIRRsJUBsICg1ZQFEaJloJGAEGG0EDTw1fUloJAVVKHBFnDB1eBEhUDRNYHQgbG1pFJQMcCx4NGlMNSxQPQkkbRzEaUltsXRMQW1ITA1QaHBVDAx00BVEMMlxQR2lMVE83GhBnBxxOBBhMURRVAh5SFRFfCTsdDQYJTAYJZhILCAoAXUxXUVhfRR9IWwEGPVsBC1YMAxsGLVseCEVYEQwcBRUbEB8USxdcEkhUSUACWloADgQBSVVbRFcBVAAcVxU1Bw9QDkwYWVJdWQ0KW0RXA14PEFUICxoOLV0KTw0bERpYEAsJEwRRCiZKDh8cCBdrBwkVAxEUVkYYDAMHSh0QSgQYMQIWFlRPFRURVRsJCQkcBVY2EF1DUExJXhYNGERNXFslDR03REACS1sVQwkbGAZbAzJeXWwEWF5bSllAWwUQWgo1Bw9QDkxPGxtQWQkQW1JXQBRLFFwVAgEPUA5MB0RNUlFYSFsaKhdRDVsDQ0hCSR1VMQRTGwkUWEhbCREGUR0QVg8LAjQbUB1PDWJuSw==\",\"async\":\"TBtXQwgXW1IOQFoIDRtbW0JJGl0AGUQbCQdWRhEBEQZdByZQBxgPBhcWVFoGFRFCFRAYBFdYD1gEFUMCBw8WUQAyXl9BVxcBW1JFThoLGE1DUBVJG0cxD1ZNEQxKSFsLHQNKDhBXBkhUW14WDQVWS1RfFAMmHBwPXUtDCU1ICgIBVwYMRV5aWB07DQEYBxpTSRVDBgsdF1hMVwdEHxQSDRccBkACEgQVQwkCAhdaGjJeXREMWBEXAxsNTwdbFUMLCA0bWAcMQ1xsXx5GQ0pXThodC1gHDAcILUcBGEVaVmkTAFtSV0AUSxhdFw8cHxtHCx9oUFcUQEZbRFcBWQQJWAgNADQbUExXFRsfFBkRChwaD2cAHWZQSFRJUBhMDkJKR1kXOxAMKlAaU1sbTUgNBxtXBTJeXREMWEZVShYNSx1bA0NIQkkfURoFWF0RDFgOChwUBRpFW0s+HwcPUA5MTxsbXFclDR1KT0AaRVtYBQ4HHxtbAAxbZlpSCUZDMygf\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://ffkipas.my.id/verifyuid\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":0,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://ffkipas.my.id/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:53 GMT\r\ncontent-type: application/json\r\nx-trace-id: cb192ef0b8ea8e612d2a8d4eeee8f7a8\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\nvary: Origin\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:47:53 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2096,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d4d7ec483f76df60b968998dac6c8f55","sha1":"8d3059089fd92d5cfb3123496ab842535cfedfe0","sha256":"d14eb5861cc10083707a65e6885f7c2e0b8616d24544e9ba6c587b9dbdbcaa28","sha512":"a6f06d5d37139e3cc6cab0db5e5871df60aad7c102455c57f2b51fbbceac664ba785ce632ad0afbf87d66e83476d6e95503347260a0872e1a9674a6447813986","ssdeep":"","tlshash":"3041e0088d18057a82ee5ab6dc0b6d475bb9012f3a4d752ee7494d5770ebce503eb20b","first_seen":"2025-12-07T15:48:18.412914Z","last_seen":"2025-12-07T15:48:18.412914Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 4014643\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1FrZe09m3QzSbHnURlZWdNRTLSnpVxMSrIprBuQhcs03Lw26FZjoeIL%2Bl%2BGFRBwF3z787SqaSB5qScj4lmxkDbCXQJXho%2FNvH0BZyNOJ5wA%3D\"}]}\r\ncf-ray: 9aa52a0e58841525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-05T09:34:37.031429Z","times_seen":1661,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:56.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 02 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402921\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":84,"dns":2,"connect":28,"send":0,"wait":31,"receive":5,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"079kk.com/impression/t1Ydkm7XlIe0yS9jrUSLCBXC31eiPw-JWqQjfI_wab6R96Nc6GV8KL09YdShv17Ve_Trhvd4SImfEyyP67oqboxTxASTI2_zvE43P9R7OWxsP4L7pHanSbe93BT9ejuSt23NY4oHPrcAW0jXQk7MQ6yHmme0LVPipwLhuwJrdigSCNo_rZ33eLbhY5USYkMuDS-mOg2_E-3gJNKiX3kBy7RCX--DpNROVnY9pf_hJfL_x6ifFeXzN-7gPjxEeAEXvlrn7wIOHa2FdUQp-Hvm9ZjPht1cnoMK8tS-r2sYy6N6tO80nY7s6_nrWURjns254Ohx-2bYoqfaPRx1kC3wG6uzgRPcVs4VQnClMOt4RFdxKU60QAWqt3o1xQgEarWJcF7SniD6C286lOK3fI0EKnq2YNnDxjJAm8_FX59Vr7QI6BDZc4Gjr9xC4qbiTJbgmCSqZ8zM0T5sQ4Khfo8C8EkYjvBTg-ObW0UEgR5illWlQiLNPjAKgv79F6PZ_ISWwy6GjEMXpauCurvLzkp5sLRJF_3hwUTr4cHwkB_Q0zsolgSBd67nnBJCIdgRcMwC0kSRpq0TvU-h1uJZk3K4xHitIfGupZZNaL-hO478Kkcxtta6Fhd0lf0dl_qvKIVI1rUGxMukBGI20d3pDsZHzJEdVxuCs3mfoou0pZci-WVdgDinBqtqKvaf-i8yyZbozBjeUSrt_56SewwNE5gDyk1cJugXfxnpnulUUKNHP_LOQBmfqLDSYcSopJU=?_z=9895349\u0026sw_version=v1.768.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"079kk.com","domain":"079kk.com","tld":"com"},"ip":{"addr":"139.45.197.107","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"079kk.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:45:57 GMT","end":"Tue, 17 Feb 2026 10:45:56 GMT"},"fingerprint":{"sha1":"77:77:BC:89:E2:F1:50:3D:B4:5F:19:E7:FD:75:A1:57:61:7C:09:6E","sha256":"62:40:4A:13:68:51:84:65:3A:13:7E:8C:24:1C:C9:60:BF:D7:1C:61:79:C4:6C:CE:50:85:0B:48:C3:4A:AC:CB"}}},"request":{"raw":"GET /impression/t1Ydkm7XlIe0yS9jrUSLCBXC31eiPw-JWqQjfI_wab6R96Nc6GV8KL09YdShv17Ve_Trhvd4SImfEyyP67oqboxTxASTI2_zvE43P9R7OWxsP4L7pHanSbe93BT9ejuSt23NY4oHPrcAW0jXQk7MQ6yHmme0LVPipwLhuwJrdigSCNo_rZ33eLbhY5USYkMuDS-mOg2_E-3gJNKiX3kBy7RCX--DpNROVnY9pf_hJfL_x6ifFeXzN-7gPjxEeAEXvlrn7wIOHa2FdUQp-Hvm9ZjPht1cnoMK8tS-r2sYy6N6tO80nY7s6_nrWURjns254Ohx-2bYoqfaPRx1kC3wG6uzgRPcVs4VQnClMOt4RFdxKU60QAWqt3o1xQgEarWJcF7SniD6C286lOK3fI0EKnq2YNnDxjJAm8_FX59Vr7QI6BDZc4Gjr9xC4qbiTJbgmCSqZ8zM0T5sQ4Khfo8C8EkYjvBTg-ObW0UEgR5illWlQiLNPjAKgv79F6PZ_ISWwy6GjEMXpauCurvLzkp5sLRJF_3hwUTr4cHwkB_Q0zsolgSBd67nnBJCIdgRcMwC0kSRpq0TvU-h1uJZk3K4xHitIfGupZZNaL-hO478Kkcxtta6Fhd0lf0dl_qvKIVI1rUGxMukBGI20d3pDsZHzJEdVxuCs3mfoou0pZci-WVdgDinBqtqKvaf-i8yyZbozBjeUSrt_56SewwNE5gDyk1cJugXfxnpnulUUKNHP_LOQBmfqLDSYcSopJU=?_z=9895349\u0026sw_version=v1.768.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 079kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: 3a09069ae56c37b3aaaf1389358df3ad\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T10:50:12.249015Z","times_seen":96475,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"079kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"GET /act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-c1cf\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49615,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (49615), with no line terminators","md5":"13fc07ea33ee9fefca0eeec8bd24b1f9","sha1":"46db5ad22f5604a2ce1af6cf7273ee02f8cd3376","sha256":"c5cc4bf1ab36dd0723b5baae92751402a19511c9fd9ea70038e89cc22b17e355","sha512":"3adef94e51ccdd9c70c57d144fac9789fb3121a0c15673746e5755f1f597f54779f7056838b214b75aa52fc02a2ef63d6e10783fc666e4e536d12df32dc856cc","ssdeep":"1536:Z8O1lePn8+HTNf2CuFWa2oiLk5UjC2/pz7q9Psg:pXCYz2oiLk58C2/Zvg","tlshash":"dd2309437cbeb9ba07e164c5883f8d8843aadd50b41fd8e6f00d59961477006a3abfb5","first_seen":"2025-11-29T06:05:08.14181Z","last_seen":"2025-12-10T13:35:12.858098Z","times_seen":46,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9895347","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roagrofoogrobo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 08:57:27 GMT","end":"Fri, 06 Feb 2026 09:55:06 GMT"},"fingerprint":{"sha1":"0A:8C:F1:28:CD:BA:14:45:64:B9:A3:43:FB:64:81:F4:08:1A:19:C3","sha256":"8C:BE:3C:A6:CC:F2:5E:23:17:64:C2:23:1E:87:E6:51:7A:79:B7:A6:16:BB:15:A6:F7:C9:37:10:F3:67:D8:3C"}}},"request":{"raw":"GET /400/9895347 HTTP/1.1\r\nHost: roagrofoogrobo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rEcKdcVnEu0W8sXVKmqiZIlqrhicp3ry41BxmQi2i%2Bxtt6Ns%2BTVGgoIZf9eNum%2FJMfukMdBl27qqXAgIB3VCJ%2FwSaZLmqUCZb53%2BPjePnpXhOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9aa529f918ae1ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":163529,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f60962cdac6d77f7d98f8a605c739918","sha1":"68779dd39241541026a780fc3136cd5f774ae4c3","sha256":"9a4c508eb623d94196169fbc159686ff7d1415cd0c8a41d33d889cf8a9ca7bb1","sha512":"5ffce5194ebde567f952b1d3757942757f6880002fd0bb70534f0731c896cfd584a0256a69f739351be670ed505cbbe48803cbbf512b71ad0d0e612506d8176d","ssdeep":"3072:dAJaOTmnhzMm3hmdkJ75lL6glltCzWdykmX9qNdHjiH8WkIYICrdbmC7f06eBoAf:dAJaOTmnhzMm3hmdkJ75lLPllcMykmQ2","tlshash":"23f3e888b192b1512e735534352fd20ea9afab60544e4980d0dbe1b27f3706ed377ed8","first_seen":"2025-11-28T16:11:53.131036Z","last_seen":"2025-12-11T17:55:12.810469Z","times_seen":35,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 5585566\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WrFnqRWDKytafBDAJg390R2N7ucNppLLtv4ZMN%2BUhqk8kdxKt0fJqGLkcYvXXRawyeAX0tPrhkzAWYfrjat53A11h1gguEq9hUiYptzK9N0%3D\"}]}\r\ncf-ray: 9aa52a0e48551525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-05T09:34:37.03686Z","times_seen":3131,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=637","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:56.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=637 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:56 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/ffkipas.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/ffkipas.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 21:31:18 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 1096160\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 40\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o3qCVv7Ngb3kJMHl%2FD6NPoxSa6s%2FXk9HEhQ7kvbi6FfyHh2mImhr07WB9LkqIGbjPKWnI8GfyoIWKQwwqfrsBuGlH6lpU%2Frp86p0\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529d4ccfbb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1096160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"dba6e9bc77cc762848d4d4103212e729","sha1":"9d3cd9e60f9b8f6787b1e1fd42df6d47a1163f46","sha256":"79171bdbda86f5eadbb43d317d1908f96918265f2211f0c9acea642781c1ce5c","sha512":"ec26fbf2713c6a76f09d5b2392104daf544bea9607886c4c85a52460268fe9cee15c0ad1a44f1f907528dc5f0fef22e7797db2c62b80ef7f6496492eebbd1852","ssdeep":"24576:MylLLfKdZDOT6Q9U1rn7foVk/Zfqbc3VyDM6PHnJC:Phed1U6FDOk/Mbc3Vyw6PpC","tlshash":"fc2523b0c7b3a70ac317e6b6596c5c165e7427c100c64d4b41e32c82d7e9f51c9ababe","first_seen":"2025-10-22T04:01:00.042699Z","last_seen":"2025-12-07T15:57:24.091485Z","times_seen":8,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":222,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 38537c7b7bb4711c9b0265b270feb51f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-05T10:51:43.056466Z","times_seen":13260,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":56,"dns":1,"connect":17,"send":0,"wait":20,"receive":18,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/a1/b9/23/a1b923bbe5846975f178468a56c44507/1756662048.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/a1/b9/23/a1b923bbe5846975f178468a56c44507/1756662048.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40880\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:40:48 GMT\r\netag: \"68b48920-9fb0\"\r\nexpires: Tue, 09 Dec 2025 15:47:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40880,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:30:24], progressive, precision 8, 320x240, components 3","md5":"0ad45ff4319349ed2dcd5676103824ef","sha1":"63e168f607a393499e2494cf135403cf8bf55939","sha256":"ce5dbe9393b069f813258f03db62338e64f03dc550fde2e549ce1f435b335192","sha512":"b41e0a88c3e70d29a6cad28878cba25d7b5c631842c8b337475a66a49fc8d38a0581913e364089f3395a61f71dff54c6784a015baf8f0ba30a58020e732a9719","ssdeep":"768:Q0ixim0iM7Yy2nBu1/5h6bTM/k+w4zTXAvVUO6pFq5:Q0+0V7wBu1/5AQg4zTXAe7e5","tlshash":"4303bf55fb62cc62e8e06a3c10f1e717b2319658ab730b953d4e728b3790b564c8d747","first_seen":"2025-09-02T17:23:30.688077Z","last_seen":"2026-04-05T03:32:37.112948Z","times_seen":1230,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/zone?pub=0\u0026zone_id=9716024\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026var_4=\u0026dsig=\u0026tg=1\u0026sw=3.1.642\u0026trace_id=2a30e9c3-55e0-4695-a45c-7c298f8c5421\u0026action=prerequest\u0026drf=","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /zone?pub=0\u0026zone_id=9716024\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026var_4=\u0026dsig=\u0026tg=1\u0026sw=3.1.642\u0026trace_id=2a30e9c3-55e0-4695-a45c-7c298f8c5421\u0026action=prerequest\u0026drf= HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-length: 0\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 721\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":721,"data":"{\"code\":\"error_json\",\"sw_version\":\"3.1.642\",\"error_message\":\"micro_tag_push_unsupported:, message: error-obj: {}, error-msg: no-message, error-name: Error, error-code: no-code, error-ctx: {\\\"installer_type\\\":\\\"micro\\\",\\\"zone_id\\\":9716024}\",\"error_location\":\"https://ffkipas.my.id/verifyuid\",\"error_stack\":\"\\\"e\u003c/t[K.Yr]@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:28904\\\\nasync*@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35891\\\\n@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35988\\\\n@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35991\\\\n\\\"\",\"timeOrigin\":925}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7558d032cd70c50680ca8fd6dedd2f37","sha1":"f74ff001d3b7dcf9f2c5b34eeae462b958bec14e","sha256":"412b1ebe739259ce622c49d786892411c328744d1815139122446afba819e29e","sha512":"16752f298cd89c2561a4a26ae58cb65a70e932b6e9512bbdbed3aa2a1927b4b0cc6d7ff2d87db5a8f646e61ec961ef3f813be254307dad73945de6609fb82322","ssdeep":"","tlshash":"aea0121080a84580004486054261af4019bc81271e090059782cbe2046099012040006","first_seen":"2025-12-07T15:48:18.419955Z","last_seen":"2025-12-07T15:48:18.419955Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/zone?pub=0\u0026zone_id=9895350\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.642\u0026drf=https%3A%2F%2Fffkipas.my.id%2F","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /zone?pub=0\u0026zone_id=9895350\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.642\u0026drf=https%3A%2F%2Fffkipas.my.id%2F HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 508\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":508,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d991ab0eec412770f41f046470a03677","sha1":"a462d2aa79d8a21a6b6b4fdf0693691d0fad36b2","sha256":"d131d26c754282343d0f6b1b5847c23254cff4cfa93ac29964233ad24010ce51","sha512":"17a8d000fcaf913526d9ffd9d22c560db12b80344d3f8b5b3ce8472deec5cc4e84b4b6a4bd337b9a7ad0261bb05bc913693d0742fc88730a3b50b157f2267e67","ssdeep":"","tlshash":"61f050241eb1bfb28c6549c9945eba1125fc603167645649e5dc5a1104e3fad301616f","first_seen":"2025-12-07T15:47:42.669376Z","last_seen":"2025-12-07T15:48:18.421275Z","times_seen":2,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 860\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":860,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"3abbfd8c-e7b4-4ebb-b740-02eb97f2a641\",\"oaid\":\"e0f7df4a60c1448197b970eb3c0d9e4d\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"universal\",\"event_type\":\"page_loaded\",\"timing\":{\"connectEnd\":3,\"connectStart\":3,\"domComplete\":1813,\"domContentLoadedEventEnd\":1331,\"domContentLoadedEventStart\":1329,\"domInteractive\":1324,\"domLoading\":711,\"domainLookupEnd\":3,\"domainLookupStart\":3,\"fetchStart\":3,\"loadEventEnd\":1813,\"loadEventStart\":1813,\"requestStart\":44,\"responseEnd\":655,\"responseStart\":655,\"secureConnectionStart\":3},\"timeOrigin\":1982,\"previousEvents\":[{\"ts\":1765122472796,\"event\":\"hit_page\",\"event_data\":{\"installer_type\":\"universal\",\"timeOrigin\":1976}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"64bfa7ac4fa8e385efceb362c8eaecb3","sha1":"a0bc151feac46352fd43842992dfed16ccffc613","sha256":"ed0b875f602639feaaccdbe24b2352908a97225b3fe2bed686d3f1e4d2fc5a43","sha512":"eaa4de2dca4f7de066f0888fcfd71e36f978976819bff31d2b4822f53e306b88855c10478725094899e6877746a3da78aea2e33bb9b8f17513cf67635148e91a","ssdeep":"","tlshash":"60a0247cc04c0fd4044d0c0505f05d1005fc0053ddc73070fd0c3f104014010475c153","first_seen":"2025-12-07T15:48:18.423218Z","last_seen":"2025-12-07T15:48:18.423218Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/ffkipas.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/ffkipas.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 21:31:18 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 1096160\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 45\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b%2BMTR7Eprz509u1eGwip2Gp1NXKOTr4jhveoLoA%2BFDzQlrMt4sJk4sAZTQC8HKgwKfPVjNsBrNXYP4056y4ydnqsqoqelscApJRk\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529f78f8fb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1096160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"dba6e9bc77cc762848d4d4103212e729","sha1":"9d3cd9e60f9b8f6787b1e1fd42df6d47a1163f46","sha256":"79171bdbda86f5eadbb43d317d1908f96918265f2211f0c9acea642781c1ce5c","sha512":"ec26fbf2713c6a76f09d5b2392104daf544bea9607886c4c85a52460268fe9cee15c0ad1a44f1f907528dc5f0fef22e7797db2c62b80ef7f6496492eebbd1852","ssdeep":"24576:MylLLfKdZDOT6Q9U1rn7foVk/Zfqbc3VyDM6PHnJC:Phed1U6FDOk/Mbc3Vyw6PpC","tlshash":"fc2523b0c7b3a70ac317e6b6596c5c165e7427c100c64d4b41e32c82d7e9f51c9ababe","first_seen":"2025-10-22T04:01:00.042699Z","last_seen":"2025-12-07T15:57:24.091485Z","times_seen":8,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 07 Dec 2025 15:47:55 GMT\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":619,"timings":{"blocked":282,"dns":1,"connect":7,"send":0,"wait":18,"receive":0,"ssl":289},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/545b04f9bce5a70f9754bb099df3f0e9.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 09:06:49 GMT","end":"Fri, 13 Feb 2026 10:05:15 GMT"},"fingerprint":{"sha1":"1E:80:62:5B:0A:AE:45:C7:23:30:B5:BA:23:77:27:CF:C7:7E:2B:E5","sha256":"BD:DA:C2:A9:EA:C4:6B:B2:C8:71:38:93:D3:DF:34:10:57:C4:48:46:8C:A2:5E:BE:D1:C5:60:FD:35:71:AA:BE"}}},"request":{"raw":"GET /www/images/545b04f9bce5a70f9754bb099df3f0e9.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 81979\r\nlast-modified: Tue, 04 Mar 2025 18:50:37 GMT\r\npriority: u=4,i=?0\r\netag: \"67c74b7d-1403b\"\r\nexpires: Sun, 07 Dec 2025 22:25:27 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 62548\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=McNSRUaq1mlsRgeGuKl3E%2BjR8UzuqKOQOvQqRg9DV3DskmQrUc4s2Vphv1wepx%2B8U6ziwNv1KsqraH6r2SusAWdjMaykw1pPCjCAe6RzGQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9aa52a0f1a9156bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81979,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"545b04f9bce5a70f9754bb099df3f0e9","sha1":"ae727e3526409cc6a2ff8be3f9ef15ec804d390c","sha256":"cc6720855ee907afb29b0f8ab90c8e412016e7976515d6577d5cf61dd913be0b","sha512":"a584c6fe0b8e8c28d3b81aef64ec6f5253c5c3f9dd1314c15edff706828a28f932cf88aa14ec6f2feebc7ffe749205a565221dc5f175baf0518c1bd295175e3a","ssdeep":"1536:SkpJ5PMTiFOAJunb9/UYFEC+rV+fO4kn8DmaKzmTnVeM70mn/c67PZ7kGgnx/yEi:SS0YwhmVLvn8qWTVeMAmnk6Dzg9Pi","tlshash":"ed831276bdf6c65cf4b004a21f5534fabca92ed76ca07c0c1855223e3b664e05ba2cc0","first_seen":"2025-03-06T09:01:51.64623Z","last_seen":"2026-01-08T04:28:30.433876Z","times_seen":379,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"015kk.com/500/9895348?excludes=\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"015kk.com","domain":"015kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:48:02.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"015kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:47:58 GMT","end":"Tue, 17 Feb 2026 10:47:57 GMT"},"fingerprint":{"sha1":"64:B3:6C:45:06:06:36:53:32:FC:35:20:9D:C9:CC:5F:FA:81:2A:95","sha256":"5F:72:37:E0:2C:04:E0:CA:5B:25:E1:DE:39:86:7C:2D:24:AB:6A:A9:F0:9A:12:31:CE:E9:E8:5B:81:62:C4:E6"}}},"request":{"raw":"GET /500/9895348?excludes=\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 015kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:48:02 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 2fadd7b45dfd7b5ad3d1d0df5122e029\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:48:02 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5563,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"3c5627d07f5197cabc93fcfdff76fc13","sha1":"81f166841e3475b2248053fbfca90e67a8b49b46","sha256":"ae421e472211e3924584b6baa664d606fbca77506a5dcb7eb26e779f9be9a49c","sha512":"a64c195ecf5a01b91d3d9c0bca730c38f75d815ec3eb91aaeff067235508f7a09a2fe177ba14abde9bdeb0cc1ac0ecc293179f5a6121f975efcb38546bef311d","ssdeep":"96:J/iUDsjLpLq7XeWPzNZ7E8WQN3weA0rs7c/uRdhpPC7h+TReJNThdh2hJbM:J6L3g7DzH7E87weABpPmWgD+JY","tlshash":"1ab1ba9f3805c913cac4af0c27b11c7698df842916f76a5c938bc57a42cf1b828bb381","first_seen":"2025-12-07T15:48:18.425627Z","last_seen":"2025-12-07T15:48:18.425627Z","times_seen":1,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"015kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18752\r\ncf-ray: 9aa529f77b6f5687-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6421d693-4940\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1596928\r\nexpires: Fri, 27 Nov 2026 15:47:51 GMT\r\naccept-ranges: bytes\r\npriority: u=2,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=3kUqDWPgUwbYF%2Ft1KlmQHC7ckFNK8pqOnI2cAQnDdKDRIlVzQBqJh54GIZiBIeCOx1dC9cK%2BHXaeLdUu1dXhEXaWBm6yvmLFCz2w9bhR5pIxxCaZ4jzND%2F7%2BE15xOFkFvfaFvunF\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-04-05T10:54:35.410991Z","times_seen":42022,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ffkipas.my.id\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=d7ad84bf-8df3-4301-a315-d3a1b4cf6979:2:1; expires=Wed, 05 Dec 2035 15:47:52 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"8146593bd00fba2f04dcd3ffc95e4d82","sha1":"7f5c51099a142a3fdb976fac77672c38db8a15e5","sha256":"49c9fdf5986850aca4dba29f0d237d842fb01df42e79c00151c0a34842c3c3f2","sha512":"5c6b5fff88d66090c7c187de5c5c8b9544c129e28022e5096c50a99e20e58182b566031d66b6cdcb6ef95d1bf214a2a06afa67716df7f2ef9bef70c9d1467a6f","ssdeep":"","tlshash":"d19004c4ffd405d7c505550571441ddd15553055c45f05715d5cc41c4d4fd310141c00","first_seen":"2025-12-07T15:48:18.427255Z","last_seen":"2025-12-07T15:48:18.427255Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":83,"dns":1,"connect":20,"send":0,"wait":22,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"172.67.154.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bvtpk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 20:07:09 GMT","end":"Thu, 05 Feb 2026 21:05:30 GMT"},"fingerprint":{"sha1":"D2:20:C9:EE:4B:2D:3A:82:43:E2:14:9E:C3:25:30:01:9F:8F:BB:C3","sha256":"D2:57:0B:6C:75:32:2D:6D:C0:F7:1B:32:FC:56:BA:06:7F:64:4B:FC:95:E2:29:A1:4F:59:5C:DD:D3:8D:37:7B"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: bvtpk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: 0ee29af512e2bfcdf11bde36ad3f994a\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 813\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 07 Dec 2025 15:34:12 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M2CCjpO8zwLJ8GGYYBXbEpbXidKHYb0QvmNkuySBa2px3uXKSAnLtbuIBUdqurDDUsWPqajZEig4bIm159FH4TNpAgKEzbc%3D\"}]}\r\ncf-ray: 9aa529d91d33568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110304,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5cf86b9e5b6654d3b3e5d959023d2ce9","sha1":"0fac1cb9b46fd22ec3b995d9f3513eefecf2cee5","sha256":"a48c406cb29de85a544dc2b517775395bc360a5078d2c7f02804abfd2180add3","sha512":"9c51e1c471d7afe6e707817d4e2ac7685e40a2b932ae1ac999f95f0883278f8ba6f5955ac8a41e0b0a3000137a004a2fb2906ae6807713c99901262279491ed0","ssdeep":"3072:a3dAhRf69rkboRBpmGpq0SiSHN7TcGtgj:a3dAI6oRBpmOSiSt7oGA","tlshash":"85b32ad67266746a166e80244597ec0db5be8c81008dcdb8f0e5bc722d74b22d3e7fe9","first_seen":"2025-12-05T13:51:43.743231Z","last_seen":"2025-12-08T12:23:35.340115Z","times_seen":93,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":19,"dns":3,"connect":1,"send":0,"wait":6,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 250\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":250,"data":"{\"timeOrigin\":1601,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"2a30e9c3-55e0-4695-a45c-7c298f8c5421\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"init_micro_tag\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/ffkipas.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:47.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/ffkipas.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 21:31:18 GMT\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\ncontent-length: 1096160\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 41\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y59m9yLjhU41VVbfdOhL2YGIvmr0CM28dJeoDlC1eoQtFu6McSNiTSkV43i%2B6rrz86MdlzO08wm5XixE01BTTv09a6EEw6bDH6t2\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529db8d48b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1096160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"dba6e9bc77cc762848d4d4103212e729","sha1":"9d3cd9e60f9b8f6787b1e1fd42df6d47a1163f46","sha256":"79171bdbda86f5eadbb43d317d1908f96918265f2211f0c9acea642781c1ce5c","sha512":"ec26fbf2713c6a76f09d5b2392104daf544bea9607886c4c85a52460268fe9cee15c0ad1a44f1f907528dc5f0fef22e7797db2c62b80ef7f6496492eebbd1852","ssdeep":"24576:MylLLfKdZDOT6Q9U1rn7foVk/Zfqbc3VyDM6PHnJC:Phed1U6FDOk/Mbc3Vyw6PpC","tlshash":"fc2523b0c7b3a70ac317e6b6596c5c165e7427c100c64d4b41e32c82d7e9f51c9ababe","first_seen":"2025-10-22T04:01:00.042699Z","last_seen":"2025-12-07T15:57:24.091485Z","times_seen":8,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/zone?pub=0\u0026zone_id=9895350\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.642\u0026drf=","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:47.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /zone?pub=0\u0026zone_id=9895350\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.642\u0026drf= HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 508\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":508,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"49ae6f299657fbb54780cb05124ba1cd","sha1":"260c5712e654da1fc8f9fbe3abef1fceba8ddc4a","sha256":"b5fd08aa3ffe6f8320e58094aab2a1cdccae2dc67efff72688ea822d95a07d6d","sha512":"c0acf17cc6acb82f0ddfee71cde0c855c125d0a109ae7a6eb068f708edc3a99d170bb6926fb8195e8c04de173b13720ea16ed6b2567315803f8d805a07fc83d3","ssdeep":"","tlshash":"36f095241ee0bf72cc954dc9a45efa1125fc603567545a49e9dc5e1104d3fed301516f","first_seen":"2025-12-07T15:48:18.428792Z","last_seen":"2025-12-07T15:48:18.428792Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/css/verifyuid.css","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/css/verifyuid.css HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\nserver: cloudflare\r\nlast-modified: Wed, 14 May 2025 02:36:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncontent-type: text/css\r\nage: 33\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aKW4T8Vd%2FNLBF14VDZAljKN6d9VMwnQyI63%2BE9bJMjEQWK%2BafgNP2SARoiA2O5TvCGT7JbWArh5OHMmW%2BdHdyD%2FztItNc1byHDNa\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\ncf-ray: 9aa529f77f8cb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7063,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"928fc215c50329196d6df725956a5e36","sha1":"24cd36624872391c1dd388f0bc9cf37867b26e70","sha256":"89c1b622c03eadb39fa9cbe0d9071e61887c8f2a8c12aee6d45276167066fc9e","sha512":"ae162b9ee883f9b1e4176c1818013100cdf3d052bf497fe3b1e1b16804b6bc809fb7664cde67a18e1e36ce589496243645aff17c6abda3ff72a65661dd55566c","ssdeep":"96:wpFgtH1w/iuH/H6xvc6OhrpzpFYS1ITQNCpjk3FCQPpl81NBq:ftV+iA6O5pzES1IUNiAUQPpl81NBq","tlshash":"ffe1f019da022107723babb86bf38359e65510639f0646bd7ecd22508fbd1ac9271fdc","first_seen":"2025-12-07T15:47:42.708095Z","last_seen":"2025-12-07T15:57:24.094623Z","times_seen":4,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"067kk.com/impression/3lMlNcX1AHapOchvDdVoAsOzD7D_WXPJ2TsrzcbM1NYBiGKRjLcsNX_FOLeHAroWkQCFKTbawMY-viXkTkZT9BRR-xCUlwbGt4vRTxYkd_j37oBeeSDJOD-QB4Ebb-xYEZ-uk9iB9EtdLXBc3k261MSFBh2vJZfAbbhgS7KzuoJ7vkWK83O9jCL3JKeL-yIyFHQLVPxmaTVkdY2CIgFsvTFtjOFXr6V-vdLYjYCy7EIkaaY0qHwWReIczuq4p3mA9IlgJuqir1PrzPTsA9SGDeLZOCSyZupIGxqfmrYsBeUJBtS2y-V4-QDBBt7Hf9Bat-pTxDC4eJW7VFWYxsDJRnnd0pfDVMtSJJLb-Wx9Q24Q5S755f65nLuXOESIHklZzM09oK0B0NsmyyPk7iYrZNPpSzIlFliPjZgzYfErkxnzqmoABv6zb2NFA_NAleDVzYKQT5B9f8m3nJM9o-X-ch2WoEbd1glUMW1ZlMRzyunYam3v0_fCKm4eudTag_7wLIVM5_RY7x5jj8U6beuyVij_YgL_CvqQhLAda10eBLe9jUZJLvlo9Nn_FPIgT5XEahAd0CyFeCdLhanE8q5a46Ixqrp40iZZkWdnc4lVW_xOY4RVnBe9E41ZoLUNErNi2_kDVT9ATkbETXioNQ74256yuCkYIX9q9hDgW1zeINYyZmiO3lCNyq6fqWjMMgqboxgDpkfZD9hid3UxKpwE7W10VnTGTtIzMy820Nnyt5WrAmyNoYLbh2agQr-WndVqG891OjNLXrRf4Kg4bWEm6eGLUReRmobTuu3bRMmGM3KLgWNaMQonbEjWVcntPERxMcGAVLsMjarBMey_naALiw==?_z=9895347\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"067kk.com","domain":"067kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"067kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:44:13 GMT","end":"Tue, 17 Feb 2026 10:44:12 GMT"},"fingerprint":{"sha1":"45:EE:26:70:10:D7:95:CA:56:73:B1:50:1E:20:7C:F2:03:2E:BA:9B","sha256":"C2:E3:12:F6:02:1E:57:20:4F:4D:EA:6F:1B:B2:7F:8F:B9:CF:27:B9:B0:A1:3E:5F:CA:5A:7E:E6:CB:D6:69:D3"}}},"request":{"raw":"GET /impression/3lMlNcX1AHapOchvDdVoAsOzD7D_WXPJ2TsrzcbM1NYBiGKRjLcsNX_FOLeHAroWkQCFKTbawMY-viXkTkZT9BRR-xCUlwbGt4vRTxYkd_j37oBeeSDJOD-QB4Ebb-xYEZ-uk9iB9EtdLXBc3k261MSFBh2vJZfAbbhgS7KzuoJ7vkWK83O9jCL3JKeL-yIyFHQLVPxmaTVkdY2CIgFsvTFtjOFXr6V-vdLYjYCy7EIkaaY0qHwWReIczuq4p3mA9IlgJuqir1PrzPTsA9SGDeLZOCSyZupIGxqfmrYsBeUJBtS2y-V4-QDBBt7Hf9Bat-pTxDC4eJW7VFWYxsDJRnnd0pfDVMtSJJLb-Wx9Q24Q5S755f65nLuXOESIHklZzM09oK0B0NsmyyPk7iYrZNPpSzIlFliPjZgzYfErkxnzqmoABv6zb2NFA_NAleDVzYKQT5B9f8m3nJM9o-X-ch2WoEbd1glUMW1ZlMRzyunYam3v0_fCKm4eudTag_7wLIVM5_RY7x5jj8U6beuyVij_YgL_CvqQhLAda10eBLe9jUZJLvlo9Nn_FPIgT5XEahAd0CyFeCdLhanE8q5a46Ixqrp40iZZkWdnc4lVW_xOY4RVnBe9E41ZoLUNErNi2_kDVT9ATkbETXioNQ74256yuCkYIX9q9hDgW1zeINYyZmiO3lCNyq6fqWjMMgqboxgDpkfZD9hid3UxKpwE7W10VnTGTtIzMy820Nnyt5WrAmyNoYLbh2agQr-WndVqG891OjNLXrRf4Kg4bWEm6eGLUReRmobTuu3bRMmGM3KLgWNaMQonbEjWVcntPERxMcGAVLsMjarBMey_naALiw==?_z=9895347\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 067kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:54 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: 34150cf14934b8b081fe2d0a6375aa03\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T10:50:12.249015Z","times_seen":96475,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/3bT/27mJf/universal.min.js?v=3.1.642","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:47.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /3bT/27mJf/universal.min.js?v=3.1.642 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-102ab\"\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66219,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"286cd1da02a775f8978b0cff8ec39e83","sha1":"64ac0881f44018d03324406702789f6225f11924","sha256":"d7551c582f9bee776dcdd5758ba2d8e1d27236668217e9f6ab5aa585af512ace","sha512":"de4d62ddc27cb08d7da8e1141f6efbe039fcadf2ce172ceaa2f8f950c06c35efc50fc2efd28b9e2d72db93b99b33facf46649acb4f6d0ed9dc4926d300f71da0","ssdeep":"1536:8nghuoThwzHkOcmt/kt566sb3kGT75+22z7IB6xbKm/TKo6x1:8nylTh8HkO5kG5+J4B6IGBE","tlshash":"2e53c9922f72ec5513f567d3e01fa212d3558950b8a6f4a0a51ee5e314210cacfebee3","first_seen":"2025-11-28T16:11:53.051435Z","last_seen":"2025-12-09T15:44:25.322077Z","times_seen":50,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":88,"dns":1,"connect":26,"send":0,"wait":33,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/zone?pub=0\u0026zone_id=9716024\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026var_4=\u0026dsig=\u0026tg=1\u0026sw=3.1.642\u0026trace_id=3f90af1c-43c2-4edf-a373-ba7648ca514d\u0026action=prerequest\u0026drf=https://ffkipas.my.id/","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /zone?pub=0\u0026zone_id=9716024\u0026is_mobile=false\u0026domain=ffkipas.my.id\u0026var=\u0026ymid=\u0026var_3=\u0026var_4=\u0026dsig=\u0026tg=1\u0026sw=3.1.642\u0026trace_id=3f90af1c-43c2-4edf-a373-ba7648ca514d\u0026action=prerequest\u0026drf=https://ffkipas.my.id/ HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-length: 0\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/3bT/27mJf/universal.min.js?v=3.1.642","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /3bT/27mJf/universal.min.js?v=3.1.642 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-102ab\"\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66219,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"286cd1da02a775f8978b0cff8ec39e83","sha1":"64ac0881f44018d03324406702789f6225f11924","sha256":"d7551c582f9bee776dcdd5758ba2d8e1d27236668217e9f6ab5aa585af512ace","sha512":"de4d62ddc27cb08d7da8e1141f6efbe039fcadf2ce172ceaa2f8f950c06c35efc50fc2efd28b9e2d72db93b99b33facf46649acb4f6d0ed9dc4926d300f71da0","ssdeep":"1536:8nghuoThwzHkOcmt/kt566sb3kGT75+22z7IB6xbKm/TKo6x1:8nylTh8HkO5kG5+J4B6IGBE","tlshash":"2e53c9922f72ec5513f567d3e01fa212d3558950b8a6f4a0a51ee5e314210cacfebee3","first_seen":"2025-11-28T16:11:53.051435Z","last_seen":"2025-12-09T15:44:25.322077Z","times_seen":50,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 57237\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 11 May 2025 14:02:30 GMT\r\netag: \"6820adf6-df95\"\r\nexpires: Tue, 09 Dec 2025 15:47:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"423a240fbfb182d7805dad3bb9e822bb","sha1":"6a853689b2cc95a6c36b98e6938e598bf2a28d52","sha256":"da19475c70c6669a83473eb52dec1feb61e629e374fdd426dd02024080d0b1a6","sha512":"98e063f429420821aa55688891aa4426d16d9e7ffa44f92f8d9d7f3e3870007872a66a718185428f197db14d070b7254e92a2cc7734cc54c39034c808daa7c8f","ssdeep":"1536:BP5oFAaPeX990yL036TelNvY6lEFLXmLw2JR:FWqaPeXz0yLDe7luXyH","tlshash":"ab430224ff03e61784be24af91eae88f1f6421bfb5b092807770221445b7c6b4282463","first_seen":"2025-05-16T16:44:08.672031Z","last_seen":"2026-04-05T10:55:23.353596Z","times_seen":3537,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":34,"dns":1,"connect":19,"send":0,"wait":62,"receive":14,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 971\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":971,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"3abbfd8c-e7b4-4ebb-b740-02eb97f2a641\",\"oaid\":\"e0f7df4a60c1448197b970eb3c0d9e4d\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"standalone\",\"event_type\":\"push_unsupported\",\"timeOrigin\":1983,\"previousEvents\":[{\"ts\":1765122472796,\"event\":\"hit_page\",\"event_data\":{\"installer_type\":\"universal\",\"timeOrigin\":1976}},{\"ts\":1765122472797,\"event\":\"page_loaded\",\"event_data\":{\"timing\":{\"connectEnd\":3,\"connectStart\":3,\"domComplete\":1813,\"domContentLoadedEventEnd\":1331,\"domContentLoadedEventStart\":1329,\"domInteractive\":1324,\"domLoading\":711,\"domainLookupEnd\":3,\"domainLookupStart\":3,\"fetchStart\":3,\"loadEventEnd\":1813,\"loadEventStart\":1813,\"requestStart\":44,\"responseEnd\":655,\"responseStart\":655,\"secureConnectionStart\":3},\"installer_type\":\"universal\",\"timeOrigin\":1977}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"64bfa7ac4fa8e385efceb362c8eaecb3","sha1":"a0bc151feac46352fd43842992dfed16ccffc613","sha256":"ed0b875f602639feaaccdbe24b2352908a97225b3fe2bed686d3f1e4d2fc5a43","sha512":"eaa4de2dca4f7de066f0888fcfd71e36f978976819bff31d2b4822f53e306b88855c10478725094899e6877746a3da78aea2e33bb9b8f17513cf67635148e91a","ssdeep":"","tlshash":"60a0247cc04c0fd4044d0c0505f05d1005fc0053ddc73070fd0c3f104014010475c153","first_seen":"2025-12-07T15:48:18.423218Z","last_seen":"2025-12-07T15:48:18.423218Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=495","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=495 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:55 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/pic3.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/pic3.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 15:37:36 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 732051\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 39\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uoW%2BpAHSAGZOhMygpCS%2BCT4ErjJwdRaCN7Z7T3XLnlekMeYIiESuOV%2B16kxSLbgneAjCpWJ%2B%2BntKSl9yBIOeiA709aG0mJibuvYo\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529d4fd08b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":732051,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1704x786, components 3","md5":"baadf96d37131a8c0fdba27f7f41aa04","sha1":"e41c76dd85c94caa69db5571db5c8d15becdb3d6","sha256":"68ba976fa5c007912164c9509122583001cf5113a7492eacba385a767be3ee48","sha512":"fe6b522c7ccea7b23fef4beeb1b77f60a3afb6f517b85e91ccc0e987d324d1e68c3b7496a2d2a8bb31ac85def572c84ca61f1fff46c789cdab69b455120ed570","ssdeep":"12288:0Cpsk0ZzcLipd71CDmWefzndsICpe371+glFZxCfUZD0sOqiO7tD67k0Biku72L:jzhUJ1DnfznKreL1+glLpZDKqjhGk01X","tlshash":"48f423e6ad2680bbcd8c29b1d4ebad4d15817f7d28ec5e540311ad4cf3caa967c58c8c","first_seen":"2025-12-07T15:47:42.672581Z","last_seen":"2025-12-07T15:57:24.098484Z","times_seen":5,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":16,"receive":159,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ntv.json?key=edb436ac16df38178d554d87def407b2\u0026vstc=2\u0026rb=","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ntv.json?key=edb436ac16df38178d554d87def407b2\u0026vstc=2\u0026rb= HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: application/json\r\nContent-Length: 5994\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\nu_pl26537203=1; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\nnlecedb436ac16df38178d554d87def407b2=[5941311]; expires=Sun, 07 Dec 2025 15:47:57 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 11\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 22a399698a6c4a2668c454b7f43f46a5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7797,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1a9ad22485f45c540ac939a60c613966","sha1":"163fe78bfe09a716a3c1a7a73d374f9e1ed95943","sha256":"df3432457f236b2aa3146b7cac26864733e4d7e7ea2e1ccee85e2339bf1cbc0e","sha512":"7d920fbe0d5b98690e1211e79d8e5f70f69f07c2e8a06d25706982599f6f94d9ded0987d7ea7705cbaa262a56a6e00667a4b9d8d539fa77b80bd3646e3930091","ssdeep":"192:zMc1129N5BRt0hVXCNKnFFWeQf2H83KlY1:zrK9Nt2CInFUv2H86y1","tlshash":"b0f1afd224c8289f1a096a66a66fc69c4da4c4ebdc9a7f9348f5b55c8fbc121720f014","first_seen":"2025-12-07T15:48:18.432996Z","last_seen":"2025-12-07T15:48:18.432996Z","times_seen":1,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":303,"dns":25,"connect":91,"send":0,"wait":104,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:56 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rp1BxtDNFFPpWm5sP6xl0jAkGF%2F8PKN%2Fnhjx2zZcDWZMcz2MtLMMKtz3c7kn%2FGHJl5RLWolMDxECvC9u%2FJXIbm9umkXGaYp0Hm8oSDpYqIA%3D\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9aa52a109e461525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-05T09:34:36.948255Z","times_seen":1584,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":477,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 07:09:58 GMT","end":"Sat, 21 Feb 2026 08:09:55 GMT"},"fingerprint":{"sha1":"B5:C9:29:A1:B9:60:7F:A7:9E:9E:63:3E:DF:4E:05:34:4B:27:D3:86","sha256":"2D:FA:43:BC:F1:83:E4:D9:E0:ED:1A:D1:C5:0E:F5:E0:77:29:F1:F1:23:2F:E3:30:7B:72:49:1E:82:5C:DB:C1"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::iad1::zrxjn-1763519216515-428a84849afa\r\nlast-modified: Wed, 19 Nov 2025 02:26:57 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 1344710\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1o%2Bm%2BahbE4bSFlypse3gNWdDKiUjVoxys6SiKQnflW8Gv95C1sQQmcV3wf498L9eleITSMLraob1ryorIgaEIvQ5V6mwt7VEMh6wGT9OB4A%3D\"}]}\r\ncf-ray: 9aa529d50a3a5690-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-04-05T10:51:11.411658Z","times_seen":28885,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6opo.com/88/171903","fqdn":"6opo.com","domain":"6opo.com","tld":"com"},"ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"6opo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 23:08:12 GMT","end":"Thu, 01 Jan 2026 23:08:11 GMT"},"fingerprint":{"sha1":"12:6F:03:3B:FC:49:A3:E1:60:52:64:59:B1:4F:E7:2D:91:98:E1:BB","sha256":"0C:C0:88:D7:18:66:94:1D:10:EB:04:76:F9:82:7D:86:D9:84:E2:65:9D:D8:12:8D:C2:DC:16:34:BD:40:24:9D"}}},"request":{"raw":"GET /88/171903 HTTP/1.1\r\nHost: 6opo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4095,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9055b1858b04e69b13b9599eb6ceef5c","sha1":"b2d4bdf13c2659e75caeccc9b091a7bc66ac551d","sha256":"16b645b02e0f879aa484ac1c72dcffd8ee21ea4731204361c9c89dba65762be1","sha512":"a991d8956b98acfb6183d64ffa31a8bf0733cfda9f1cc0048ff49d02a56ff484c61f7b0c8e6731741d8a11ff86defb59029279c004c0faa201db131582b3458c","ssdeep":"","tlshash":"d781715ee5c81d3fd40212dedc3a5e2307bc156b7a806c8ae9d81d0e31e75e522b970b","first_seen":"2025-12-07T15:48:18.435337Z","last_seen":"2025-12-07T15:48:18.435337Z","times_seen":1,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":87,"dns":1,"connect":26,"send":0,"wait":33,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/ffkipas.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:53.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/ffkipas.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u; dom3ic8zudi28v8lr6fgphwffqoz0j6c=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=responseremainrust.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:53 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 21:31:18 GMT\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\ncontent-length: 1096160\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 47\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rMHQC%2FYLRgTHZbDcyfdRG%2B1NeqiGYVARGBBeVCMZohjuQGu7O2CC%2F1O4p6WbgYYpEGXKBQ8HvMw9E%2BQHNh%2FrXj1FciLVvTxvBKro\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa52a022febb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1096160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"dba6e9bc77cc762848d4d4103212e729","sha1":"9d3cd9e60f9b8f6787b1e1fd42df6d47a1163f46","sha256":"79171bdbda86f5eadbb43d317d1908f96918265f2211f0c9acea642781c1ce5c","sha512":"ec26fbf2713c6a76f09d5b2392104daf544bea9607886c4c85a52460268fe9cee15c0ad1a44f1f907528dc5f0fef22e7797db2c62b80ef7f6496492eebbd1852","ssdeep":"24576:MylLLfKdZDOT6Q9U1rn7foVk/Zfqbc3VyDM6PHnJC:Phed1U6FDOk/Mbc3Vyw6PpC","tlshash":"fc2523b0c7b3a70ac317e6b6596c5c165e7427c100c64d4b41e32c82d7e9f51c9ababe","first_seen":"2025-10-22T04:01:00.042699Z","last_seen":"2025-12-07T15:57:24.091485Z","times_seen":8,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/verifyuid","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-07T15:47:50.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /verifyuid HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.29\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u; path=/\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=9,cfOrigin;dur=595, cfExtPri\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\npriority: u=1,i=?0\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mXL9KdJ6ywQDDRfJp20fkagBmnUe4nXLISiY15nt17ISGq1ryt48ODubTeRGQ4jBdK6STqtibZcO07mQrW08DgA0xblbCzIMn1QT\"}]}\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529f2ef5eb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10133,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (3110)","md5":"bfa8c2128e69d81a7258762c48d79a5a","sha1":"c1b1158372d9a0d8abc91fc93bd4011706666690","sha256":"a01b938dc513967fe23dbf4d16927eb94f27fd915dbf69768d396787e56bdc8f","sha512":"a003b670359317f87d73a34181b5bc7408eb3654ba1d938a6faeeaf733da695491807498d34c48b01b024269a4caa5f814c48ab27522a7ff5c59bb2bb5bb580c","ssdeep":"96:J90QEEHAlQOCTAvK4JYhLPOpF4OeXp4lI7l5afXbejJK1V6L6RUhqqtu:J90QE0Pky4JYhrOpO5aCQje0zqtu","tlshash":"f822c53058f0617b118244a47da19b1b6f96ea5bca0b81403afd8fa49fc3fc9de1316c","first_seen":"2025-12-07T15:48:18.436177Z","last_seen":"2025-12-07T15:48:18.436177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":611,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":611,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/KIPASGTS/KIPASGTS/refs/heads/main/whyus.jpg","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /KIPASGTS/KIPASGTS/refs/heads/main/whyus.jpg HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: image/jpeg\r\netag: W/\"9803346687c08dd9da359a6f5ffc3eee3f12f079342497863c295aca9e16c1e8\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: 7A1D:7B2B9:1A1A0BD:1DFE667:69359E10\r\naccept-ranges: bytes\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410026-HEL\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1765122467.741963,VS0,VE2\r\nvary: Authorization,Accept-Encoding\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 6c595db31cca6286da6424ff8355ca2ca39c344d\r\nexpires: Sun, 07 Dec 2025 15:52:46 GMT\r\nsource-age: 41\r\ncontent-length: 170450\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}],"data":{"size":170450,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x720, components 3","md5":"884b4a48cfa5addec92f8d3ef5a6a74f","sha1":"adddad0dc790e1bc03bb968048e2dafee4a821f2","sha256":"e4e7ff12c22ba9e2b7337d8424042b0e637f54cefae23b6d768b0bc1dfc90bf3","sha512":"76039a17d9d7a3d4b9068867c469716e1b07788dc5a1d9b8f40ade5aead456c066e72815c5f6591c5816bfa758cdd72bc2decd0138a20334229e34886f7a55d4","ssdeep":"3072:H8DnuvNTxOyYG/xYNjObWHeVjloKGnkihtvgy3QFHKPNSmd9DjNrb:cTSxqG/xYNj2R8kih0olt1rb","tlshash":"eff312994d036636d7604335fca51696bd20fce891adfaa3f906a31064ff3f489b61c8","first_seen":"2025-12-07T15:47:42.703386Z","last_seen":"2025-12-07T15:57:24.090193Z","times_seen":4,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":64,"dns":1,"connect":26,"send":0,"wait":29,"receive":62,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9895348","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eehassoosostoa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 09:24:43 GMT","end":"Fri, 06 Feb 2026 10:22:31 GMT"},"fingerprint":{"sha1":"98:94:FB:A6:41:7E:DF:2C:68:41:99:97:85:E6:9A:8D:5F:48:FB:22","sha256":"4F:CA:D3:4E:B5:CA:C8:49:ED:C6:AC:D6:B0:B9:8D:8E:A2:62:99:56:14:6E:A5:0F:E4:AF:21:C5:E4:F4:F7:D3"}}},"request":{"raw":"GET /401/9895348 HTTP/1.1\r\nHost: eehassoosostoa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tIpUOnDJWIE9tTX88%2FU5edDvbniKPXD5Y9wfOcvmUSaoPjGIV3OHKbtZpq6EUtcUUyO301nB93z3Wz7ZMwzsOzYb%2F3pGQjv5h7UnkODaG8A%3D\"}]}\r\ncf-ray: 9aa529daba7eb4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":167001,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"333e465ea2151c587b84a27fbca0b2bf","sha1":"b76463cd20cd646cd3e220f0727e3bfd493e3202","sha256":"044e63115693540c1ee131b2530396453f95047c83c788d31bf8117740eb1a78","sha512":"90dfcd686afc36f2d3fb9c349c3a07eec6c48deea5e37844eddc1eecc78e2c0a5fbe61c426865d3eb93913374c82a2d557b325214500f8b93b95ab303331d1c5","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTywGxq6/2DRaTIJSKjuEOVEABn:/IBCcpyywZ6/2DRaMsKCZbBn","tlshash":"34f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","first_seen":"2025-11-28T16:11:53.021697Z","last_seen":"2025-12-11T17:55:12.815302Z","times_seen":40,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":74,"dns":1,"connect":7,"send":0,"wait":43,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 857\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":857,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"78dc8626-cb3d-4e43-8d26-37233a7409ae\",\"oaid\":\"e955225269bf4acfb3e508a49cbcd1d6\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"universal\",\"event_type\":\"page_loaded\",\"timing\":{\"connectEnd\":58,\"connectStart\":35,\"domComplete\":1718,\"domContentLoadedEventEnd\":1609,\"domContentLoadedEventStart\":1604,\"domInteractive\":1596,\"domLoading\":806,\"domainLookupEnd\":35,\"domainLookupStart\":34,\"fetchStart\":33,\"loadEventEnd\":1718,\"loadEventStart\":1718,\"requestStart\":58,\"responseEnd\":906,\"responseStart\":704,\"secureConnectionStart\":38},\"timeOrigin\":2979,\"previousEvents\":[{\"ts\":1765122468094,\"event\":\"hit_page\",\"event_data\":{\"installer_type\":\"universal\",\"timeOrigin\":2973}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"60940087b4c8953adce6634e0018605b","sha1":"7d1224d6171c135c1964595b5632c8d5f9bf2852","sha256":"f41ed1e2e8d61444dc043d06fcb2dd4770b73e535d80bdb871d4a1b87f777371","sha512":"91add1ebac6a608caa9cbc4bf2edbbefdeae337c73493380f304229d8524524638128fd82599feedeac681da33c4b28ee7cace1f7f1209906508e06d2d6e464a","ssdeep":"","tlshash":"b4a0245030c4050041d535031d5ccd04477c05f30f55405ccccdfc11533100447413c3","first_seen":"2025-12-07T15:48:18.438699Z","last_seen":"2025-12-07T15:48:18.438699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"greaseguts.com/c6be9e6eaf153363be4c49000d842baa/invoke.js","fqdn":"greaseguts.com","domain":"greaseguts.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"greaseguts.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 08 Nov 2025 21:24:58 GMT","end":"Fri, 06 Feb 2026 21:24:57 GMT"},"fingerprint":{"sha1":"71:BF:C1:1F:C4:61:B3:EB:5B:FC:20:2E:00:5C:C7:2E:44:85:A8:C0","sha256":"5F:7A:D3:D7:F7:C7:19:AD:3F:49:D2:05:45:77:8C:9B:5A:2D:60:07:A6:1C:AF:5D:F3:16:E7:80:4A:E7:0F:37"}}},"request":{"raw":"GET /c6be9e6eaf153363be4c49000d842baa/invoke.js HTTP/1.1\r\nHost: greaseguts.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18350\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: greaseguts.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 73778fd835853557393cb4a630014ebc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":46656,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46656), with no line terminators","md5":"8cf38916d0c26a3e1647babadf2e4528","sha1":"6ff10da0a018b1c35d8a07cc81427984d332f1f7","sha256":"68441e0ccdfc08a61a41bff8890fd91a36ea8d2910023c6ce0d8acfb98d09845","sha512":"fb46498902497318d90ac0434b68ab40614e5011ca013452dd577e4f33dda98be0b302185922fac4f878d87d9c337e5dc52097336824aab0156a2810b2476da5","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qqyXy:CkurY7JfhAl9q5","tlshash":"ce23c9887f90f75457966073723f800bb0156d60668cd8acd1a7d8f87eacb29f5327a8","first_seen":"2025-12-07T15:48:18.440548Z","last_seen":"2025-12-07T15:48:18.440548Z","times_seen":1,"resource_available":false,"data":null}},"time_used":750,"timings":{"blocked":281,"dns":1,"connect":91,"send":0,"wait":96,"receive":91,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"greaseguts.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"067kk.com/impression/rDoDmYQ2pSOijWk8JbfixNavwET6pFoAj_N-S8ylifd04AXaZoFwm-JYKVu39H2oJrRnyWOHOIIcwOCfoWqRZ53DKZeQuGEIv8jAKswaz6T4b_9OtXpI8BT1hnlRNA8opx3gPcOnl6DG7Km5AE_1CHrSM6etMFLi2affuEyPLyy0OJa_xhMCp47lN2KOGrWeVenEBSexL9-PcMspqYDQmn-e3CzHsVhI0aKtcnYV9zg7hE3AalU9mtvyiRvPEOAj0jXqvosXX8ViJQjTeWhoetRaN63yWcE0NtlB30kBd109Ofr4HhdaiMuBVw2UirFyfNUhNzwr35SgnENPWfa8Ka_DtWNUxwJLFdGhYHn12q9Beq2Yp3uL7SWIpS7wh9lIMgmWluGOhL7T8-2GsJS1P7beu3sSdmlLZx3IB6Ir4O70JolyQAp3n6n_uAszA4W_q82nmSWXwBItezv0NHCeQ8tw2BKo4R9s6wWS-HiHQ0P9HVmJUIIiwt4NyXVZABJbIkDVRFd6SEJvLSMFhcFIGiNQ8ivYe5nZF1tCgl_y8I4bNZNngFSjdMPwvYGfRqdE0LdcWdMvsbpN-rYQNtXLK_SBxQLp2ZbLIsdGiWBMFKKB2CABDPBxFiyxztMenmjBHKKJLWAiUqLjdE0lKZbbPAER-GGtDO8zAfp8Fxyvxv2fqU7EWb7H4Jh_4PDZrCHe-RTSYLJM6bVy5mc3cb7--8aV8KkxwWE7hwYX4w_WXQzdYoxMdyBOcYlogW1ba2ygStRknun5lcz7sA8mSKWHsq03JY-cnT2CkwfhtprQYly7crLU2jFiCVEOCmNPXFM13Dbvrs6Ab-QCzcthvPYONw==?_z=9895347\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"067kk.com","domain":"067kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"067kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:44:13 GMT","end":"Tue, 17 Feb 2026 10:44:12 GMT"},"fingerprint":{"sha1":"45:EE:26:70:10:D7:95:CA:56:73:B1:50:1E:20:7C:F2:03:2E:BA:9B","sha256":"C2:E3:12:F6:02:1E:57:20:4F:4D:EA:6F:1B:B2:7F:8F:B9:CF:27:B9:B0:A1:3E:5F:CA:5A:7E:E6:CB:D6:69:D3"}}},"request":{"raw":"GET /impression/rDoDmYQ2pSOijWk8JbfixNavwET6pFoAj_N-S8ylifd04AXaZoFwm-JYKVu39H2oJrRnyWOHOIIcwOCfoWqRZ53DKZeQuGEIv8jAKswaz6T4b_9OtXpI8BT1hnlRNA8opx3gPcOnl6DG7Km5AE_1CHrSM6etMFLi2affuEyPLyy0OJa_xhMCp47lN2KOGrWeVenEBSexL9-PcMspqYDQmn-e3CzHsVhI0aKtcnYV9zg7hE3AalU9mtvyiRvPEOAj0jXqvosXX8ViJQjTeWhoetRaN63yWcE0NtlB30kBd109Ofr4HhdaiMuBVw2UirFyfNUhNzwr35SgnENPWfa8Ka_DtWNUxwJLFdGhYHn12q9Beq2Yp3uL7SWIpS7wh9lIMgmWluGOhL7T8-2GsJS1P7beu3sSdmlLZx3IB6Ir4O70JolyQAp3n6n_uAszA4W_q82nmSWXwBItezv0NHCeQ8tw2BKo4R9s6wWS-HiHQ0P9HVmJUIIiwt4NyXVZABJbIkDVRFd6SEJvLSMFhcFIGiNQ8ivYe5nZF1tCgl_y8I4bNZNngFSjdMPwvYGfRqdE0LdcWdMvsbpN-rYQNtXLK_SBxQLp2ZbLIsdGiWBMFKKB2CABDPBxFiyxztMenmjBHKKJLWAiUqLjdE0lKZbbPAER-GGtDO8zAfp8Fxyvxv2fqU7EWb7H4Jh_4PDZrCHe-RTSYLJM6bVy5mc3cb7--8aV8KkxwWE7hwYX4w_WXQzdYoxMdyBOcYlogW1ba2ygStRknun5lcz7sA8mSKWHsq03JY-cnT2CkwfhtprQYly7crLU2jFiCVEOCmNPXFM13Dbvrs6Ab-QCzcthvPYONw==?_z=9895347\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 067kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: 2052a5deeb2bca438c659b72743a1ec9\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-05T10:50:12.249015Z","times_seen":96475,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"015kk.com/500/9895348?excludes=\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"015kk.com","domain":"015kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:48:02.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"015kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:47:58 GMT","end":"Tue, 17 Feb 2026 10:47:57 GMT"},"fingerprint":{"sha1":"64:B3:6C:45:06:06:36:53:32:FC:35:20:9D:C9:CC:5F:FA:81:2A:95","sha256":"5F:72:37:E0:2C:04:E0:CA:5B:25:E1:DE:39:86:7C:2D:24:AB:6A:A9:F0:9A:12:31:CE:E9:E8:5B:81:62:C4:E6"}}},"request":{"raw":"OPTIONS /500/9895348?excludes=\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 015kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:48:02 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"015kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/sw-check-permissions.js?zoneId=9716024\u0026tg=1","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /sw-check-permissions.js?zoneId=9716024\u0026tg=1 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u; dom3ic8zudi28v8lr6fgphwffqoz0j6c=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=responseremainrust.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\nserver: cloudflare\r\nlast-modified: Fri, 05 Dec 2025 10:31:21 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncontent-type: text/javascript\r\nage: 33\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YA2vAV1d%2BTdeEeoSKDspetzJe522VW9oZi%2Bwlf9G%2FwFGWmQgN9zEPklIMhunFuKvWPiI1oGX9fmoWH1%2F%2FXdgTu%2BSTg6LJ3H6ssbY\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\ncf-ray: 9aa529fe4fc7b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":564,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"dbd3b354415b02fa59e522449fb4c034","sha1":"3d9d7d2b18c0dc48068af2b00259a778e1160edd","sha256":"cf694432454d60f0ef71b281ed06e83e1dc9f9b265bb0c4ac69b3c1605bd5090","sha512":"a18d1ce736d2af9f3e39a7b5d4af6d071287259c684e33f665db388bb6e3b4b811760c32705346decba28196e38aa87c55ea970cfd027964e39ec6c568f2ba98","ssdeep":"","tlshash":"70f046da8da2592902e3314d081f5902b42b83072b0db99479ac43749f08b2ea6d7588","first_seen":"2025-12-07T15:47:42.702367Z","last_seen":"2026-01-16T15:48:16.01807Z","times_seen":5,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ren.gif?sid=H4sIAAAAAAAC_4RTz4scRRSumQQP8SAa9Shz8GD8Mds93fOjzUFcYyQkJjGJ5BCCVHdVz5ZT09VWdU_Pzim4EIKnUTyoF3u-md1NdBX9A5Rl1osEBPvkglkEr14kkLP07MDqyYKu99739eH73nt1e5IeEAcp3b_8thoJKelKs27VXrguIqYyU7t4rWZbdet07bqIWu7p2rC89OBV23Hr1qnaWzzoqZWGZVuWbdm1s0LzUA1XFixEvOPZdc-qu4263XQx1P-tTVqFoVWwwQF5CoIVT_wZ3oAI5oj6353hppeo-OU3-6mkidIYsO13o16ksgj9ozTUFYTR9vJvKFMQ8lkVKtpeOoAazEoH8EVBqs8-gB9tL2XCH2weKvUleASfPY5sMAeXcwg6R6A2INivBAgYLl5C1N-6qHRG1w9ZWrIFOf7oIURWkOMPnkbU_3ZVimHtqpJpIlRkMAxziOEcojtHnM6RjCoQ2R6C5EMI9gtZeXQBUX92yUgFwfKFexHOQU0FafmJCtKwgjSuoM_2a67VcQObOq3QY0HbcqnrMu5bXqdhWdQL2kiDUtYYSTxGIMcI9O2tmK0lvcEs0SmfpVFgJvbdQ8j1FuBWCbrexN5J34tlo9V02g3Lmdj7z0eSB5z5rtOigd1iodOx2x3WbLqs02Y8dK2237h3o-m5tmPbNxHrW-iJjwtSOfY7dLoLs5bDsCpMUpDKO7cwYDkyTpAZgowSZIIgSwiyQb7JpGmYfItJk_r2MjaW0cmnKulO6KZKujwioHoMzfKZiD8wGwiSY9NRaNhUlRf1k3xKfZZP4gPyZDmjyqd_PUSP79f-zwqMyCFMddH-kSjI-VfmiEVBTr30HHy6ByP3EIhnQFMbNMtB13KMom_CsCdiaur99bpgYCpHnBxHsl6ZyANycnrl2uruYldu_rYLHtwny4NA54h1jvfFTwRdeWd6RWVkdkVlhnx_KU5EX4xouUdXE5rwx746z9czpdm5M2Z87_WgJMp05xo3yQUaMRF1Dfl6VTDG9VmlA05-OGeuc_9yatZWUx2l8YXLb5w91481N0aoaA4qCnLi748QiIKc_PHLxRtpvvgHgvgWTHyk0ygCP65CCgLJj3Dq5zD_qv2jfGLuoKuroMkGon6Ogc4xkDmoHMOkJ6ZJrO-_9vPn5fkCvqxOfamrM19q-UnZp_lhs4zYrzUbvtPqdFo8LKfGnIbDvKbFPZd6Lddzm0hMIZqTu_8EAAD__6LsrMTLBAAA","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTz4scRRSumQQP8SAa9Shz8GD8Mds93fOjzUFcYyQkJjGJ5BCCVHdVz5ZT09VWdU_Pzim4EIKnUTyoF3u-md1NdBX9A5Rl1osEBPvkglkEr14kkLP07MDqyYKu99739eH73nt1e5IeEAcp3b_8thoJKelKs27VXrguIqYyU7t4rWZbdet07bqIWu7p2rC89OBV23Hr1qnaWzzoqZWGZVuWbdm1s0LzUA1XFixEvOPZdc-qu4263XQx1P-tTVqFoVWwwQF5CoIVT_wZ3oAI5oj6353hppeo-OU3-6mkidIYsO13o16ksgj9ozTUFYTR9vJvKFMQ8lkVKtpeOoAazEoH8EVBqs8-gB9tL2XCH2weKvUleASfPY5sMAeXcwg6R6A2INivBAgYLl5C1N-6qHRG1w9ZWrIFOf7oIURWkOMPnkbU_3ZVimHtqpJpIlRkMAxziOEcojtHnM6RjCoQ2R6C5EMI9gtZeXQBUX92yUgFwfKFexHOQU0FafmJCtKwgjSuoM_2a67VcQObOq3QY0HbcqnrMu5bXqdhWdQL2kiDUtYYSTxGIMcI9O2tmK0lvcEs0SmfpVFgJvbdQ8j1FuBWCbrexN5J34tlo9V02g3Lmdj7z0eSB5z5rtOigd1iodOx2x3WbLqs02Y8dK2237h3o-m5tmPbNxHrW-iJjwtSOfY7dLoLs5bDsCpMUpDKO7cwYDkyTpAZgowSZIIgSwiyQb7JpGmYfItJk_r2MjaW0cmnKulO6KZKujwioHoMzfKZiD8wGwiSY9NRaNhUlRf1k3xKfZZP4gPyZDmjyqd_PUSP79f-zwqMyCFMddH-kSjI-VfmiEVBTr30HHy6ByP3EIhnQFMbNMtB13KMom_CsCdiaur99bpgYCpHnBxHsl6ZyANycnrl2uruYldu_rYLHtwny4NA54h1jvfFTwRdeWd6RWVkdkVlhnx_KU5EX4xouUdXE5rwx746z9czpdm5M2Z87_WgJMp05xo3yQUaMRF1Dfl6VTDG9VmlA05-OGeuc_9yatZWUx2l8YXLb5w91481N0aoaA4qCnLi748QiIKc_PHLxRtpvvgHgvgWTHyk0ygCP65CCgLJj3Dq5zD_qv2jfGLuoKuroMkGon6Ogc4xkDmoHMOkJ6ZJrO-_9vPn5fkCvqxOfamrM19q-UnZp_lhs4zYrzUbvtPqdFo8LKfGnIbDvKbFPZd6Lddzm0hMIZqTu_8EAAD__6LsrMTLBAAA HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e6cef7f36c06660bdc2ae0013afcdb03\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":177,"timings":{"blocked":80,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YkCJ4l0mSj9BQqX%2Fa6UZ6AfFnfdZemag%2Bub1oAjUlezFbItqWBF3Q0GNY8syMBokEtDSSgYSt4CLbQdYolVZcoYMMKZd5SpUmOYK8Qh3QjQ%3D\"}]}\r\nage: 3851505\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9aa52a0e48421525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-05T10:20:01.401822Z","times_seen":8764,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"GET /act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-c1cf\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49615,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (49615), with no line terminators","md5":"13fc07ea33ee9fefca0eeec8bd24b1f9","sha1":"46db5ad22f5604a2ce1af6cf7273ee02f8cd3376","sha256":"c5cc4bf1ab36dd0723b5baae92751402a19511c9fd9ea70038e89cc22b17e355","sha512":"3adef94e51ccdd9c70c57d144fac9789fb3121a0c15673746e5755f1f597f54779f7056838b214b75aa52fc02a2ef63d6e10783fc666e4e536d12df32dc856cc","ssdeep":"1536:Z8O1lePn8+HTNf2CuFWa2oiLk5UjC2/pz7q9Psg:pXCYz2oiLk58C2/Zvg","tlshash":"dd2309437cbeb9ba07e164c5883f8d8843aadd50b41fd8e6f00d59961477006a3abfb5","first_seen":"2025-11-29T06:05:08.14181Z","last_seen":"2025-12-10T13:35:12.858098Z","times_seen":46,"resource_available":true,"data":null}},"time_used":236,"timings":{"blocked":95,"dns":1,"connect":29,"send":0,"wait":35,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/js/verifyuid.js?v=1.8","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/js/verifyuid.js?v=1.8 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\nserver: cloudflare\r\nlast-modified: Thu, 09 Oct 2025 17:42:54 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncontent-type: text/javascript\r\nage: 33\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ba16Evwusp13JXeMW86NI%2FmWXT4ImVqNBZ5rYZdhfS%2BbD3A1PhNP00uStMfmnnLVu9nibRSb68elk5YJ%2B0rbQOXX6u%2FcFmZ3Tyg9\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\ncf-ray: 9aa529f78f8eb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9549,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (430), with CRLF line terminators","md5":"aeb4fcdcf9981f64ef4fd20a258e2666","sha1":"33fd579558cf2e4af341d9f3ca153cb5d60ad10e","sha256":"a1ad35e8f88845236a7eef8c85a7aea7d9aa70718ea85ffa4778d365f6e5e9b3","sha512":"22a9b755485916058943aa5b6be669b776adf69cd6bebdbefdc3734fa0687b1d534978a3c7a9bae8a57c4cc2a4459e210436db20174fe1ea11308933785a7464","ssdeep":"192:3Qtpe35jG1sYOTSnhhahrVdZYnpPyhhRtu:LpS1tvhhahrt+yhhRtu","tlshash":"c5122e96292c013a47b7627edad3514afb37081b69234312bd7d81080fb2954e76affd","first_seen":"2025-12-07T15:47:42.70497Z","last_seen":"2025-12-07T15:57:24.119548Z","times_seen":4,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zab2HW%2BHEmZf%2B8KtlYCyO7%2B5Z%2BweGFjkjneinSAYOO75ezDBbS8spFSrzpGBgPDrLSilUUtJZqvh3oT1LjbGIuCOq8lBYD8TNi6%2BmE7xDVk%3D\"}]}\r\ncf-ray: 9aa52a0c9b9b1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-05T09:34:37.052777Z","times_seen":1621,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":24,"dns":1,"connect":3,"send":0,"wait":463,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/cdn-cgi/rum?","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 440\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u; dom3ic8zudi28v8lr6fgphwffqoz0j6c=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=responseremainrust.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":440,"data":"{\"resources\":[],\"referrer\":\"https://ffkipas.my.id/\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":839,\"startTime\":1765122470820,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":1},\"pageloadId\":\"abaf4b53-e458-4799-bdc8-572ec6a9a675\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h3\",\"transferSize\":5343,\"decodedBodySize\":10133},\"siteToken\":\"9821d538e60847f4ba622d85dc6586d2\",\"st\":2}"}},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nstrict-transport-security: max-age=0; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C1km68FDa%2F%2FkSZKvcHtNEm%2BJruXn%2BibNOadeozQ2Fnxmhlevr%2Fmf21KS6grQrngYWiBLJeRHpiwqduSAdzOI859LSW%2Bt5%2FKYgzj1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9aa529fe3fc6b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRitnuS0HsR19ShzdFEn3dM9v9xDMK4JYWMSs5GA4qG6q3pSTk9XW9U9PRkvwYDscRQP6qnnTbJZ13XRP0AIExEkINgXDbgB8eptYfEonQzE_aC-H_Xq8N776tNRckZsJPR0_W05EEFA52oVs_zylgiZTHV5dbNsmRXzRnlLhHXnRrlfJNV73bKdinm9vMS9jpyrmpZpWqZVXhSK-7I_d45CRA9aVqVlVpxqxao56KunZ50Y0NQA652RqxAsf_Zv_30Ib4Kw-_1NrjuxjF59q5sENJYKPXb4btgJZRqie9n6yoAfHk5fQ-qckC9LkOHhVAFkb79QAFfkpPTiI7jh4ZQm3N7BBVM3AA_hsmeQ9ibgwQSCTuDJPQj2GwE8htU1hN27q1KldOcCpQWak9knjyHSnMw-uoaw-3AhEP3ybRkksZChRt_PIPoTiPYEUXKMeGBApMfw4k8g2K9k7skKwu7-mg4kBMvO1Qt_AqoNJMURBhLfQBIZ6LLTsmM2Hc-idt1vMa9hOtRxGHfNVrNqmrTlNZB4Ba0h4mgILxjCU7uI1C464rOcGDN_QiVH0NsZNDOg45wY7-yixzKknCDVBCklSAVBGhOkveyABbqqs7ss0IlrTWt1Wu1sLOP2iB7IuM1DAqqGUCzbF9FHeg9ePDMe-JqNZZGoG2dj6rJsFJ2R5wrrjC_-eYwOPy1z5jp2nXpWnfl202o0Wa3msGaDcd8xG24VWmQQunTuykDk5NZrE0QiJ9dfeQkuPYYOjuGJF0ATCzTNQLczDMLvfL8jIqor3Z2KYGAyQxTPIt4xRsEZeX68sblwdL7C9-7Ng3sn8_Hgr6WH1z6GpzJEKsOH4ieCdnBnvCFTsr8hU01-WIti0RUDWqz3dkxjPnP_Ft9JpWLLN_Xwmze8AijaB5tcxys0ZCJsa_LtgmCMq0WpPE5-XNZb3F1P9PZCosIkWll_c3G5GymutZDhBFTk5MrRfXgiJ1d_3zv_uvbSv_CiXejohEwDWhK4UQmBIAj45T11M-j_ze5lP9J30FYl0HgPYTdDT2XoBRloMIROrozjSJ3M__JVEV_DDUpjN1ClfTdQwec5-eCPny_M0uK07Nu86plms1G37KbPLdthnl9rOi1Wp6Ztc8Q6F7XRvf8CAAD__zlz5cpiBAAA","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRitnuS0HsR19ShzdFEn3dM9v9xDMK4JYWMSs5GA4qG6q3pSTk9XW9U9PRkvwYDscRQP6qnnTbJZ13XRP0AIExEkINgXDbgB8eptYfEonQzE_aC-H_Xq8N776tNRckZsJPR0_W05EEFA52oVs_zylgiZTHV5dbNsmRXzRnlLhHXnRrlfJNV73bKdinm9vMS9jpyrmpZpWqZVXhSK-7I_d45CRA9aVqVlVpxqxao56KunZ50Y0NQA652RqxAsf_Zv_30Ib4Kw-_1NrjuxjF59q5sENJYKPXb4btgJZRqie9n6yoAfHk5fQ-qckC9LkOHhVAFkb79QAFfkpPTiI7jh4ZQm3N7BBVM3AA_hsmeQ9ibgwQSCTuDJPQj2GwE8htU1hN27q1KldOcCpQWak9knjyHSnMw-uoaw-3AhEP3ybRkksZChRt_PIPoTiPYEUXKMeGBApMfw4k8g2K9k7skKwu7-mg4kBMvO1Qt_AqoNJMURBhLfQBIZ6LLTsmM2Hc-idt1vMa9hOtRxGHfNVrNqmrTlNZB4Ba0h4mgILxjCU7uI1C464rOcGDN_QiVH0NsZNDOg45wY7-yixzKknCDVBCklSAVBGhOkveyABbqqs7ss0IlrTWt1Wu1sLOP2iB7IuM1DAqqGUCzbF9FHeg9ePDMe-JqNZZGoG2dj6rJsFJ2R5wrrjC_-eYwOPy1z5jp2nXpWnfl202o0Wa3msGaDcd8xG24VWmQQunTuykDk5NZrE0QiJ9dfeQkuPYYOjuGJF0ATCzTNQLczDMLvfL8jIqor3Z2KYGAyQxTPIt4xRsEZeX68sblwdL7C9-7Ng3sn8_Hgr6WH1z6GpzJEKsOH4ieCdnBnvCFTsr8hU01-WIti0RUDWqz3dkxjPnP_Ft9JpWLLN_Xwmze8AijaB5tcxys0ZCJsa_LtgmCMq0WpPE5-XNZb3F1P9PZCosIkWll_c3G5GymutZDhBFTk5MrRfXgiJ1d_3zv_uvbSv_CiXejohEwDWhK4UQmBIAj45T11M-j_ze5lP9J30FYl0HgPYTdDT2XoBRloMIROrozjSJ3M__JVEV_DDUpjN1ClfTdQwec5-eCPny_M0uK07Nu86plms1G37KbPLdthnl9rOi1Wp6Ztc8Q6F7XRvf8CAAD__zlz5cpiBAAA HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+5d7c8fb8d522f7cd1c8789503bfc766a=5941311; expires=Mon, 08 Dec 2025 15:47:53 GMT; path=/; secure; SameSite=None\niprc_l:5941311=1; expires=Mon, 08 Dec 2025 15:47:53 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5686632fe9aac5eb8a7d40882d390eac\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":642,"timings":{"blocked":256,"dns":1,"connect":93,"send":0,"wait":98,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"079kk.com/401/9895349?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true","fqdn":"079kk.com","domain":"079kk.com","tld":"com"},"ip":{"addr":"139.45.197.107","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"079kk.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:45:57 GMT","end":"Tue, 17 Feb 2026 10:45:56 GMT"},"fingerprint":{"sha1":"77:77:BC:89:E2:F1:50:3D:B4:5F:19:E7:FD:75:A1:57:61:7C:09:6E","sha256":"62:40:4A:13:68:51:84:65:3A:13:7E:8C:24:1C:C9:60:BF:D7:1C:61:79:C4:6C:CE:50:85:0B:48:C3:4A:AC:CB"}}},"request":{"raw":"POST /401/9895349?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true HTTP/1.1\r\nHost: 079kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 24\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":24,"data":"{\"error\":\"adex timeout\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:54 GMT\r\ncontent-type: application/json\r\nx-trace-id: e5ef6d7cb7a096c85f37c1870a113ef5\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\nvary: Origin\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:47:54 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2097,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0d6ee8664a043b159d4634ba565ff1a5","sha1":"a32d4f76f94ecf168b5a403a070c77e878480fe3","sha256":"5a1ffd27e9fcf2ccc6f13ff5680647d3fbbfd56c873beb08e901d58da573a7ae","sha512":"ab4dba9b4a3c09ecd456db5ad85fd6ca98a75fc905ba98f24cc96f453336d0a175ebef043ade8c0876e6343ec85c2097ee9882deb46d138c672f6797ae234da1","ssdeep":"","tlshash":"bf41c2088d28057e81de5ab6dc0b6d475bbd411f3a4d752ee7494d57b0ebca403eb10b","first_seen":"2025-12-07T15:48:18.44428Z","last_seen":"2025-12-07T15:48:18.44428Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"079kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-07T15:47:45.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.29\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VHZ8oDphqaSu2j9MVQxxeBI739Hcrzt5RSlHFtlkIuB6oF40eEPYWK14gMl6OvjqiZHx7HNsnuo7USDaGhZVGh45QYbRO1dJjwscl7M%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=5,cfOrigin;dur=637\r\ncontent-encoding: br\r\ncf-ray: 9aa529cf5ac835a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16300,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (503)","md5":"d8ad788b13543f5990903564026a5654","sha1":"094db0d35f1fa48260abf33e9720dca1d4c51e00","sha256":"c091a55fdb4d0a6bf57eec1e21239dd081de04459e4fd4c76a98d6cf8c520fcd","sha512":"27a4b04b12aecc756847731da6ebf059915bd26441be5acc38ab8681c474f5ee481f7baa24eaa9a59eec666417a040ccd639429d8f965ae493429f9e026b5148","ssdeep":"384:vQnF97FyJ7zAT2tzagIzoJJKjDoZ9cSY4CIb2:4nF97O7zAT2tGgIzoJJ2UDRCIb2","tlshash":"3472752162f0206b10978966b343b32eafb9c697d107ca5973fc87861fc6c1d4e536a9","first_seen":"2025-12-07T15:47:42.68902Z","last_seen":"2025-12-07T15:57:24.104327Z","times_seen":5,"resource_available":false,"data":null}},"time_used":693,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":646,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"luciuscratediffers.com/a2/c6/c7/a2c6c77dde0f47e335c307a84b4f8205.js","fqdn":"luciuscratediffers.com","domain":"luciuscratediffers.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"luciuscratediffers.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 22:37:11 GMT","end":"Thu, 26 Feb 2026 22:37:10 GMT"},"fingerprint":{"sha1":"F7:B1:74:61:CB:AA:34:B5:31:C0:91:78:23:F9:E1:70:3B:16:64:15","sha256":"C9:6F:F5:3D:F5:19:DD:0E:88:A8:A5:E9:86:5E:B5:C5:E4:A1:0E:A9:9C:A5:30:63:6B:F0:A3:DF:15:D8:E9:0F"}}},"request":{"raw":"GET /a2/c6/c7/a2c6c77dde0f47e335c307a84b4f8205.js HTTP/1.1\r\nHost: luciuscratediffers.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31477\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: luciuscratediffers.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 62b5f47b88182d2694a8a33d479867a0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":81881,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3e2ddb37f3ff992db7e4a48d31d93f64","sha1":"cc5f6fccb7069462ad76ab39d7f250ec6abfe922","sha256":"7899e11d67d053d9a74da358af12c2e1dc7ee1883de877b2f8e289c3e6d58526","sha512":"fdc39431ba08d73dc014a3c64f7dc9c1a7a26e8dce54e187dcbcd23267e6ee426683c87ad241bc3e8488164692e338eb223abe37b9ffc2eaecabbf17aa0f6e89","ssdeep":"1536:h3Zs5j4xaqmOxiaZ0ob3meMv6Iqyi1+9deW:h3Acx//xiaofv6zO/","tlshash":"8e83c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","first_seen":"2025-12-07T15:47:42.701523Z","last_seen":"2025-12-07T15:57:24.101063Z","times_seen":3,"resource_available":true,"data":null}},"time_used":771,"timings":{"blocked":286,"dns":1,"connect":98,"send":0,"wait":101,"receive":92,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"luciuscratediffers.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ren.gif?sid=H4sIAAAAAAAC_4RTu48bRRweOxFFKBAEKJELCsLDt-tdP5YUiCMERQlJSIJSRBGa3Zn1DR7vLDO7Xp-riJOiiMogCqBh_dl3l8CB4A8AnXw0KBISW3ESuQJaGhQpNVqfpYOKn7S_x_dt8f0ec3uSHhAHKd2__LYaCSnpSrNu1V64LiKmMlO7eK1mW3XrdO26iFru6dqwdHrwqu24detU7S0e9NRKw7Ity7bs2lmheaiGKwsWIt7x7Lpn1d1G3W66GOr_1iatwtAq2OCAPAXBiif-DG9ABHNE_e_OcNNLVPzym_1U0kRpDNj2u1EvUlmE_lEa6grCaHv5N5QpCPmsChVtLzuAGszKDuCLglSffQA_2l7KhD_YPFTqS_AIPnsc2WAOLucQdI5AbUCwXwkQMFy8hKi_dVHpjK4fsrRkC3L80UOIrCDHHzyNqP_tqhTD2lUl00SoyGAY5hDDOUR3jjidIxlVILI9BMmHEOwXsvLoAqL-7JKRCoLli-5FOAc1FaTlJypIwwrSuII-26-5VscNbOq0Qo8Fbculrsu4b3mdhmVRL2gjDUpZYyTxGIEcI9C395-PJA84812nRQO7xUKnY7c7rNl0WafNeOhabb9x70bTc23Htm9uxWwt6Q1miU75LI0CM7HvHkKutwC3StD1JvZO-l4sG62m025YzsRGrG-hJz4uSOXY79DpLsxaDsOqMElBKu_cwoDlyDhBZggySpAJgiwhyAb5JpOmYfItJk3q28vYWEYnn6qkO6GbKunyiIDqMTTLZyL-wGwgSI5NR6FhU1U66if5lPosn8QH5MlyR5VP_3qIHt-v_d8MYEQOYaqL8Y9EQc6_MkcsCnLqpefg0z0YuYdAPAOa2qBZDrqWYxR9E4Y9EVNT76_XBQNTOeLkOJL1ykQekJPTK9dWdxe3cvO3OXhwnywNgc4R6xzvi58IuvLO9IrKyOyKygz5_lKciL4Y0fKOriY04Y99dZ6vZ0qzc2fM-N7rQUmU6c41bpILNGIi6hry9apgjOuzSgec_HDOXOf-5dSsraY6SuMLl984e64fa26MUNEcVBTkxN8fIRAFOfnjl4s30nzxDwTxLZj4SKdRBH5cgRQEkh_h1M9h_lX7R_nE3EFXV0GTDUT9HAOdYyBzUDmGSU9Mk1jff-3nz0v7Ar6sTn2pqzNfavnJYk6l24UR-7Vmw3danU6Lh-XWmNNwmNe0uOdSr-V6bhOJKURzcvefAAAA__9qovuTywQAAA==","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTu48bRRweOxFFKBAEKJELCsLDt-tdP5YUiCMERQlJSIJSRBGa3Zn1DR7vLDO7Xp-riJOiiMogCqBh_dl3l8CB4A8AnXw0KBISW3ESuQJaGhQpNVqfpYOKn7S_x_dt8f0ec3uSHhAHKd2__LYaCSnpSrNu1V64LiKmMlO7eK1mW3XrdO26iFru6dqwdHrwqu24detU7S0e9NRKw7Ity7bs2lmheaiGKwsWIt7x7Lpn1d1G3W66GOr_1iatwtAq2OCAPAXBiif-DG9ABHNE_e_OcNNLVPzym_1U0kRpDNj2u1EvUlmE_lEa6grCaHv5N5QpCPmsChVtLzuAGszKDuCLglSffQA_2l7KhD_YPFTqS_AIPnsc2WAOLucQdI5AbUCwXwkQMFy8hKi_dVHpjK4fsrRkC3L80UOIrCDHHzyNqP_tqhTD2lUl00SoyGAY5hDDOUR3jjidIxlVILI9BMmHEOwXsvLoAqL-7JKRCoLli-5FOAc1FaTlJypIwwrSuII-26-5VscNbOq0Qo8Fbculrsu4b3mdhmVRL2gjDUpZYyTxGIEcI9C395-PJA84812nRQO7xUKnY7c7rNl0WafNeOhabb9x70bTc23Htm9uxWwt6Q1miU75LI0CM7HvHkKutwC3StD1JvZO-l4sG62m025YzsRGrG-hJz4uSOXY79DpLsxaDsOqMElBKu_cwoDlyDhBZggySpAJgiwhyAb5JpOmYfItJk3q28vYWEYnn6qkO6GbKunyiIDqMTTLZyL-wGwgSI5NR6FhU1U66if5lPosn8QH5MlyR5VP_3qIHt-v_d8MYEQOYaqL8Y9EQc6_MkcsCnLqpefg0z0YuYdAPAOa2qBZDrqWYxR9E4Y9EVNT76_XBQNTOeLkOJL1ykQekJPTK9dWdxe3cvO3OXhwnywNgc4R6xzvi58IuvLO9IrKyOyKygz5_lKciL4Y0fKOriY04Y99dZ6vZ0qzc2fM-N7rQUmU6c41bpILNGIi6hry9apgjOuzSgec_HDOXOf-5dSsraY6SuMLl984e64fa26MUNEcVBTkxN8fIRAFOfnjl4s30nzxDwTxLZj4SKdRBH5cgRQEkh_h1M9h_lX7R_nE3EFXV0GTDUT9HAOdYyBzUDmGSU9Mk1jff-3nz0v7Ar6sTn2pqzNfavnJYk6l24UR-7Vmw3danU6Lh-XWmNNwmNe0uOdSr-V6bhOJKURzcvefAAAA__9qovuTywQAAA== HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6ace4a812e2d9ce62c49069cd0f57b54\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=781b6270-2ee0-4ee0-a19a-220928d69d54","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=781b6270-2ee0-4ee0-a19a-220928d69d54 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1425\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1425,"data":"L\u001bRR\u001f\u001c\u0026\u001c\u0014\u0005g\u001f\u001cK\u0012\u0003\u0001\u0005P\u000eL_\u0003\u000e\u0011\u001aX\u0016\u0010JO@T\u0005\u000fT\u0011\u0003\u001e\u000eP\u0018L\u001fA\u001b\t\u00147\u0001\n\tWN\u001a\u001b\tICP_Y^\u0016\u001a\u0017X\u001b\t\u0006VF\u000e\u001fWX\t[A\tMH\u0019\u0003P\u000e_]\u0005\r\u001f\u0014\r\r\u000eJOS\nQI\u0015C\u001d\u0007\u0003P\u000e_]\u0005\r\u001f\u0014\r\u001c[REN\u001a\u001e\u0000\u001b[ZBI\u001bLLW\u0007\u0015\u0011A\u001c\u0007[RDN\u001a\u001a\u0018QCP_[@\u0000BODQ\u0011\fKTK\\Y@K\u001e[\u0003PXV[^\u0016\u001d\f@\u001b\t\u0007H\\IDW\u0016K6\u001d\\\u0015\u000f\r\u001f\u0017PLW\u0007\u0015\u0011\\\t\u0011\u0018JO@u\u0006\u0003P\r\u0006\u000fDG\u001a^M\u001fnZX\u001e\u000b\u000e\u001bU,lIH\tOZUK%]\u0000[\u0003\u0002\u0013NLPBH\u0007\u0014\u0002XJ\rOZGK5Q\r\u0006X\u0016\u0001\u0006KTIYES\u0018/\u0010K\u0004\f\u0001\u0013]\u0005]Y\u0019\t\u0011\u001aX\n\tJOS\u0014K\t]CPL\u0002\u001c@\u000b\u001fYX_\u001b\n\u0000\u001fE\u0003\u000b]\u001e\u001cK[\u0003\u001d;;\u000f\u0007\u0003C\\AX\u001b\bT\u0018\u0011\u0004\u0015\u001f\u0010\\\u0016\u000f\u001cQ\u001bG\u003e$\fP]B\u001f\u0016\u0017\t\u0019OH\r\u001f\u0014\u0017\u0003\u000b\u001c\u0017FT\u0004Diz\r\u0013\n\r\r\u0007\fY\u0005TI\u0005\fC\u001d\u001bQ\u0019\bE\u0003ZE*-B\u0001\u001b\u0016]\u001b\u0017X\rG\u001e\u000f\u0014\u0019\u0018\u0004RNVD@\r\n8\u003cY\u001aE[L\b\u000eLQ\u001cA\u0002\u0001\u001b\u001bWD\u001cFCJ\u001d\u0016L\u0019\n\u0003NE\b\r\u0019]\u001e\fD\u0017^OT\r\u001dGWN\u001a\u0019\u0015\u001b[H\u0006\u001f\u0006D\u001dW\u0018\u0016UP\u0011\r\t\t\u0006LU\u0010WP\u0005E\u0018\u000e\u0000]\b\u0014BPW\u0014VF\u0017\u000fWX\bE[M\u001bHTI'`-O\u001b\u001b]TX^HDW\fY\u0019[\u0003C=\u0007\u0005A\u0006LA\u0015IG\u0014@TUJ\u0010\u0014Y\u0005[\u0003R]BI\u001aWLW\u0003\u0001\u001f\u0014\u001e\t[RXS\u0014K\u000bM\u0015HTFC\u0018L\u000e_f\\T\u0010FCXY@V\u001e[\u0003PFL\u001c\u0016\u0016T\u000bVU@SVF\u0016\u001b\u0016\u0012MKC\u001b-\u0003\u0000\u001e\n\u0014\u0016U\u0001f\u0005\u0002XH[\u0000\u001c\u0006\\\f\u0017\u001b[\f\u000f\u0007\u0001QBOTQlY\u0018\u000e\u0026\u0001\u001b\u0006]\u0011[\u0003L[BI\u0005]\u00002\\\\JE%\b\u001c\u0006\u0012\u0016PKC\u000bR_BI\u0011[\u0002\u0002EfWS\n\u0010\u0011JOP\fE[O\u0004\u0004\n\u0004\u0000\u0016TO\u0015\u0015\u0011Q\u001b\t\u001c\u0018\u0014\u0006KKC\tMH\u0000\u0007P\u000eL\bY\u0014feXH[\u0006\u0019\u0011\u001aS[\\\u000fG;8^Q\u0000O\u001b\u001bPY\u0016\u000b\u000b7\u0012\u0003U\u001c\r\u001b[H\u001d\u0019\u0015VLA\u0015IUZX^[JY@[\u0005\r\u001b[\u0011\u0013GPD\u0002\fC_\\D\u0017;\u001d\r\u0001\u0007[\u001d\u0016KCP\u0015I\u001bG1\fY]AY\u0013\u0000[R\u0013\u0003T\u001a\u001c\u0015C\u0003\u001d4\u0006F\u0007\tRWG\u0014@\u0002\u0018\u0004\u0006\u0007\u0014K\u0010J\u003e\t\u0006\u0019\u001dY\u0007\u0018Zf\u000b\u0000%\u000b\u000b7\u001b\u0007O\f\u000b\u001b[\f\u000f\u0007\u0001QBO^JlU\u0012\u0016\u0016\u0005\u001c\u0017UKC_\u0000\u0006\u001d\u000e^\u0016\u0007\u001eh\\WQ\u001fFC\u000e\u0014\u000eK\fU\u001b\b\u00191\f\u0017W\u0005\u0002\u0015\u0003GD\u000f\u0001UJ\u001c\u0011g\u001e\u001c[\u003e\u0001\u0007\u001fP\u000e\b\f[JV\u001aX\r\n7\u0002\u0007Z6\u0012P\u00155X[Dk\u0001\u001fhWVA\u001f\u0016[R\u0013\u0003T\u001a\u001c\u0015C\u0003\u001d4\u0016Q\u001d\u0006CVCi\t\u0005\u001f\t\u0007\u000b\u001aS\u001fX\r\u0019\u000bGP]\u001d2TQAY\u0017\r\f\u0005*\rH\f\u000bXCP\b\n\u001eG\u000b\u0010\u001b\u001b]S\tFCJGT\f^N\u000eV]]ZP\u0018L\u000e[PVX\u000e;\u0010\fWX\u001aX\u001d[X[XR\u0014\u0019W]Q\r\u001e\u0002\u0018V\u001dE\u0017W\t^T[\u0002^Y\n\u0013V_TT\bU\u0014VF\u0018\u000e\u0013\u000bT\u0000\u0018M\u00045\u0007\u000fP\u000eLO\u001b\u001bGD\u001b\u0002\u001f\u0001\u0016=K\u0006\fK\u0002\u000f1\u0002\u0016\u0016TO\u000e\u0001\n\u0003IPAJY@Y\r\u000f\\\u0013\u001e\u0007\u0018\u0017F1\u0004S\u001b\t\u0014XH[\u000b\u0014\u000fH\b\u0010^\u000f5\u0007\u000fP\u000eLO\u001b\u001bPC\t\u0010\u0016\u0005*\u000b\\6H\u001b[H\u001e\u001e\u0001\\\u0005\u0004Y\u001b\u001f\u0014\u0019\u0011\n\u001c\u001a\u000fg\u0000\u001dfSHTIP\u0018L\u000e[PP]%\r\u001dJO@^\n\u000e\u0000\u0017G\u0003\u0002\u0002Z\u0006\u0006\u0002C\\\u0014VF\u001a\u0007\u0006\u0016\u001aS[\u001bMH\u0003\u000e\u0006\\\u0001\t\u0015\u0003\u0011U\u001b\u0007\u0011\rX\bKD\rX\u0006HBI\u0000k\u001b\u0004S\u001b\t\u0014M\\H\nCP\u000fYT\u000b\u0004\u000f^FFQ\u000b]\u001aX\u0002\u000f\u001bIKZE[\nQ\u001d\u000fX\u000e[_P\u0018L\u0002VfZRX^[XMR\nPA\u000f\u0005\t]\t@\u0000\u000bY\u0007_QP\u001b\u0001\u001f^\u0017\u0001Z\b\u001a\fT\u000eWI^\u0016\u000f\tSPG_\u0015\n\u0018\u0004*\u000b\\\u001a[\u0003:7\u0013"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Sun, 07 Dec 2025 15:47:54 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 12\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ffkipas.my.id\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"adb4650bfc9d2a73d4dd69583b0ceb14","sha1":"1ce399d6e936232aaf2192cd7903a279c5015f22","sha256":"21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed","sha512":"3fbce22572bbed1aada0f7c6706f16a97e7c0ea132dfee1a7eb80f5e68da1cc63c891a5bc3ea8e87f0c97be3002212a0efbb2af9553acb45e0d447a685cd805b","ssdeep":"","tlshash":"436000000c3000000cc00c0000c00030ff300f00000f00c0000c00f003030c0c00c000","first_seen":"2023-04-05T07:30:31Z","last_seen":"2026-04-05T10:10:49.575966Z","times_seen":56016,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nWmbwlib7FVwC%2FXUuRswk8%2Fb%2FbBbRMLcaqQCRRIYF%2BIfUx7a9sKZToPs%2FT9Eo3gBg4hI25iKM9G6gphbteNnDUbxEZ7Mv5v4CU2j0vW9a9w%3D\"}]}\r\ncf-ray: 9aa52a0c9b961525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-05T10:20:01.382478Z","times_seen":5467,"resource_available":false,"data":null}},"time_used":690,"timings":{"blocked":24,"dns":1,"connect":1,"send":0,"wait":641,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BKdnsieTR0GNhJia1%2FAULb9k5ouF8JwWv%2BRuO%2F0FPqYy2EyViIHnMuwH5jErWzeLYkeWCPtULGL1th8zPdvrngahbJfVtXJ8TZ%2FdqNPlL6A%3D\"}]}\r\nage: 5565025\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9aa52a0e88eb1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-05T10:20:01.373728Z","times_seen":10422,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9895350","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /pfe/current/tag.min.js?z=9895350 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-72ee\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (29422), with no line terminators","md5":"7817cc2350b18efbae774f3595109b1e","sha1":"7fb17d4f7f1a3d7ad5a09f74d59a74d6745f1de1","sha256":"d2a5798ac99c3380e218d787f9f5ac823b8c12ce5187a4b54bb714eaa9b1b19a","sha512":"18855f0f2f5fde0d09d2de8e3a1e1da5487b3f5c392f79cfc914956256ddff6541fbe85887fc4e0fd9afc24f12031d10a70675c4f1554e3fe252f4dc683c9324","ssdeep":"768:miA8yco532XzPyngylPx7yAFyl87KZcTeedpnb35PZ7yoVkG+Szs9G5NsKsoTcy:s6IZ7yAu8ftoksK/cy","tlshash":"64d2b8513ebb689127d567c3d07fd06a93a6d60434aff5e3a50d658228620c6cbb3e23","first_seen":"2025-11-28T16:11:53.152821Z","last_seen":"2025-12-09T15:44:25.300973Z","times_seen":47,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ffkipas.my.id\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; expires=Wed, 05 Dec 2035 15:47:52 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"1e765b8edef6dfc26e6b6a257a460fd0","sha1":"05d47daa8dba57a477d04a7401be547871dc850f","sha256":"296421ece2e02721ec8029b39673561ca1b83bc95759b34d5051dbec1146aecf","sha512":"965795912887248b7b39d5ba582e760463db4ad97d5e9715ce64abdb216e7aaff5e7ac6926848f89c5bdd36eb5b9976d2c03d7eea944316348ef31b06b923264","ssdeep":"","tlshash":"b490045c51c35d500034055ccc0cd0545c045511c17f341cd75c40d54505440017c347","first_seen":"2025-12-07T15:48:18.448589Z","last_seen":"2025-12-07T15:48:18.448589Z","times_seen":1,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":97,"dns":0,"connect":20,"send":0,"wait":21,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tns1pv4cvrqtHmaOLOume6ZnMuIdgXBPCxiRmIwHFQ3VX96Scmq62qnp6Ml6CAdnjKB7UU8-bZLOu66J_gBAmIkhAsC8acAPi1dvC4lE6GYh-oD4_6tXh896rj0fJGakhoafrb8oBF4LO1it2-cUtHjGZ6vLqZtmxK_bN8haPGu7Ncr9IqveqU3Mr9o3yUuB35GzVdmzbsZ3yIldBKPuz5yh4_LDlVFp2xa1WnLqLvvrvrBMLmlpgvTNyDZzl__8zfBfcnyDqfnsr0B0j45ff6CaCGqnQY4dvR51IphG6l22oLITR4fQ1pM4J-bwEGR1OGUD29gsG8HhOSs8_hhcdTteE1zu42NQTCCJ47H9IexMEYgJOJ_DlHjj7hQA-w-oaou69ValSunOB0gLNyczTJ-BpTmYeX0fUfbQgeL98R4rEcBlp9MMMvD8Bb08QJ8cwAws8PYZvPgJnP5PZpyuIuvtrWkhwlp2z5-EEVFtIisMtJKGFJLbQZadl1266vkNrjbDF_Dnbpa7LAs9uNau2TVv-HBK_WGsIEw_hiyF8tYtY7aLDP8mJdeV3qOQIejuDZha0yYn11i56LEMaEKSaIKUEKSdIDUHayw6Y0FWd3WNCJ54zrdVprWVjadojeiBNO4gIqBpCsWyfxx_oPfjmyngQajaWRaKeycbUY9koPiPPFNJZn_31BJ3gtBwwz601qO80WFhrOnNNVq-7rDnHgtC157wqNM_AdelclQHPye1XJoh5Tm689AI8egwtjuHz50ATBzTNQLczDKJvwrDDY6or3Z0KZ2AyQ2xmYHaskTgjz443NheOzi185_48Av9k3gz-WHp0_UP4KkOsMrzPfyBoi7vjDZmS_Q2ZavLdWmx4lw9oYe8dQ01w5cHtYCeVii3f0sOvXvMLoGgfbgbarNCI8aitydcLnLFALUrlB-T7Zb0VeOuJ3l5IVJTEK-uvLy53YxVozWU0AeU5uXr0AD7PybVf986_bm3pb_jxLnR8QqYBLQm8uATBCURweU-9DPpfs3fZj_RdtFUJ1Owh6mboqQw9kYGKIXRydWxidTL_0xdFfAlPlMaeUKV9TyjxaU7e--3HC7E0Py3Xq16t0Ww2grBwjdWqNdaq20HLpa2G23LrMDrn9dH9fwIAAP__xRt1FGIEAAA=","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tns1pv4cvrqtHmaOLOume6ZnMuIdgXBPCxiRmIwHFQ3VX96Scmq62qnp6Ml6CAdnjKB7UU8-bZLOu66J_gBAmIkhAsC8acAPi1dvC4lE6GYh-oD4_6tXh896rj0fJGakhoafrb8oBF4LO1it2-cUtHjGZ6vLqZtmxK_bN8haPGu7Ncr9IqveqU3Mr9o3yUuB35GzVdmzbsZ3yIldBKPuz5yh4_LDlVFp2xa1WnLqLvvrvrBMLmlpgvTNyDZzl__8zfBfcnyDqfnsr0B0j45ff6CaCGqnQY4dvR51IphG6l22oLITR4fQ1pM4J-bwEGR1OGUD29gsG8HhOSs8_hhcdTteE1zu42NQTCCJ47H9IexMEYgJOJ_DlHjj7hQA-w-oaou69ValSunOB0gLNyczTJ-BpTmYeX0fUfbQgeL98R4rEcBlp9MMMvD8Bb08QJ8cwAws8PYZvPgJnP5PZpyuIuvtrWkhwlp2z5-EEVFtIisMtJKGFJLbQZadl1266vkNrjbDF_Dnbpa7LAs9uNau2TVv-HBK_WGsIEw_hiyF8tYtY7aLDP8mJdeV3qOQIejuDZha0yYn11i56LEMaEKSaIKUEKSdIDUHayw6Y0FWd3WNCJ54zrdVprWVjadojeiBNO4gIqBpCsWyfxx_oPfjmyngQajaWRaKeycbUY9koPiPPFNJZn_31BJ3gtBwwz601qO80WFhrOnNNVq-7rDnHgtC157wqNM_AdelclQHPye1XJoh5Tm689AI8egwtjuHz50ATBzTNQLczDKJvwrDDY6or3Z0KZ2AyQ2xmYHaskTgjz443NheOzi185_48Av9k3gz-WHp0_UP4KkOsMrzPfyBoi7vjDZmS_Q2ZavLdWmx4lw9oYe8dQ01w5cHtYCeVii3f0sOvXvMLoGgfbgbarNCI8aitydcLnLFALUrlB-T7Zb0VeOuJ3l5IVJTEK-uvLy53YxVozWU0AeU5uXr0AD7PybVf986_bm3pb_jxLnR8QqYBLQm8uATBCURweU-9DPpfs3fZj_RdtFUJ1Owh6mboqQw9kYGKIXRydWxidTL_0xdFfAlPlMaeUKV9TyjxaU7e--3HC7E0Py3Xq16t0Ww2grBwjdWqNdaq20HLpa2G23LrMDrn9dH9fwIAAP__xRt1FGIEAAA= HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 71964c8031807c015de45dede9cf1e83\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":274,"dns":1,"connect":92,"send":0,"wait":95,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:53.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzegilo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 06:43:47 GMT","end":"Mon, 09 Feb 2026 07:38:46 GMT"},"fingerprint":{"sha1":"D5:38:99:61:B8:EA:99:50:AE:A6:42:89:19:46:3D:27:F6:80:AE:53","sha256":"EB:AA:B8:24:FF:C4:D3:0A:D8:6E:81:A6:73:F2:98:E7:69:A1:0F:95:6F:52:21:C6:59:D5:A0:26:AD:55:F8:CC"}}},"request":{"raw":"GET /stattag.js HTTP/1.1\r\nHost: tzegilo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 15:47:53 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Thu, 11 Jul 2024 10:23:58 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlink: \u003chttps://flerap.com/\u003e; rel=preconnect; crossorigin, \u003chttps://fleraprt.com/\u003e; rel=preconnect; crossorigin\r\ncontent-encoding: br\r\nage: 1549\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"668fb2be-45d7\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zzb8%2BKetnKma1BR%2FDvu40KCEMZBwYTs%2FSSsTQD2WxPffgeA72tfNo8q14p%2FwnrnSsbI2K6Z20tP6zA0DUFh87dQ8N%2FxOGzva%2Fn7h\"}]}\r\ncf-ray: 9aa52a025dc535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17879,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (17229)","md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-05T10:10:49.615153Z","times_seen":6363,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/cdn-cgi/rum?","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 440\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/verifyuid\r\nCookie: PHPSESSID=grhmnb1lmkeqgu5vd8rsgsav3u; dom3ic8zudi28v8lr6fgphwffqoz0j6c=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=responseremainrust.com; sb_main_a2c6c77dde0f47e335c307a84b4f8205=1; sb_count_a2c6c77dde0f47e335c307a84b4f8205=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":440,"data":"{\"resources\":[],\"referrer\":\"https://ffkipas.my.id/\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":839,\"startTime\":1765122470820,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":1},\"pageloadId\":\"6df1233f-2d66-46f9-b9dd-88352eec94b1\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"h3\",\"transferSize\":5343,\"decodedBodySize\":10133},\"siteToken\":\"9821d538e60847f4ba622d85dc6586d2\",\"st\":2}"}},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nstrict-transport-security: max-age=0; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LkkulqNC8fuBwTxbgQ1mAbPFB9aqkUUkwxGzM%2Bvvl2zRP8ii605RXoaG7sI5k92tzTQiEQvw%2BjmszCmB1KozMuP9g7rLWaId37pt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 07 Dec 2025 15:47:54 GMT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9aa52a07e829b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1SST2gcVRzH3zTxYg-iVi-iLOKhpWYzszP7zx6qsVZLaxLSSA5F8M17bzbPnZ03vjezs9lTMCA5bsGDB8HZ7yYN1ioKXtWy8SAECo6ngA0F9S4oPctuAsHf4ff7DZ85fL_f3_tkmB4RFyk9XH5X9WUY0vlq2S6dX5MRV5kpLa6WHLtsXyqtyajmXSr1Jk13X3Ncr2xfKL0tWFvNV2zHth3bKV2VWgSqNz-lkPG9plNu2mWvUnaqHnr6_98mtWCoBd49Is9A8uKpP4JbkGyMqPPtFWHaiYpffauThjRRGl2-917UjlQWoXO6BtpCEO2d_A1lCkI-OwMV7Z04gOruTBzAlwU58_xD-NHeiUz43d1jpX4IEcHnZ5F1xxDhGJKOwdQWJP-VAIxjcQlR586i0hndOKZ0Qgsy-_gfyKwgsw_PIep8sxDKXummCtNEqsigF-SQvTFka4w43UfStyCzfbDkY0j-gMw_voGos7NkQgXJD19puKzGGK3MVQOvPucJ35_znQqfC-oN3xXMq1JOpxHJYAxqZpAaC6m0kAYW0thChx-WPLvhMYe6taDJWd32qOdx4dvNRsW2aZPVkbKJ9gGSeAAWDsD0JmK9iba8XRBr5nfo9D7Meg7DLZiEoMtzZIIgMwQZJcgkQZYQZN18l4emYvI7PDSp75zMysl085FKWkO6q5KWiAioHkDzfEfGH5ktsGRm1A8MH6lJo36Sj6jP82F8RJ6eZGt9-tdZtMVhiVZYjdXrnAs78OrCdavMteu04fle0KjYVRiZQ5ozoMZCXxbk-twYsSzIhYsvwaf7MOE-mHwONH0RNMtB13P0o6-DoC1jasqdjbLk4CpHnMwi2bCG4RF5drSyunB_euMPrrwMwQ5ef-KLH7u_fN8E0zlineND-TNBK9weraiM7KyozJDvluJEdmSfTu5_M6GJmL17XWxkSvNrV8zgyzfYBEzWe6vCJDdoxGXUMuSrBcm50FeVZoL8cM2sCX85NesLqY7S-Mbym1evdWItjJEqGoPKgjz5-UUwWZBz5y9P33b130dg8SZMfHD5z-0H6fvzL8AoAj-2EMqCvHPrEUJxyqifw4hTT744-OlvMq2h2UZLW6DJFqJOjq7O0Q1z0HAAk86MklgfXP7NnRb80Br5obZ2_FCHt4-zMvKwFLiiwmy7Ua85biMQjutxFlQbXpPXqO26AokpZHV4978AAAD__4kZkLuCBAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:56.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SST2gcVRzH3zTxYg-iVi-iLOKhpWYzszP7zx6qsVZLaxLSSA5F8M17bzbPnZ03vjezs9lTMCA5bsGDB8HZ7yYN1ioKXtWy8SAECo6ngA0F9S4oPctuAsHf4ff7DZ85fL_f3_tkmB4RFyk9XH5X9WUY0vlq2S6dX5MRV5kpLa6WHLtsXyqtyajmXSr1Jk13X3Ncr2xfKL0tWFvNV2zHth3bKV2VWgSqNz-lkPG9plNu2mWvUnaqHnr6_98mtWCoBd49Is9A8uKpP4JbkGyMqPPtFWHaiYpffauThjRRGl2-917UjlQWoXO6BtpCEO2d_A1lCkI-OwMV7Z04gOruTBzAlwU58_xD-NHeiUz43d1jpX4IEcHnZ5F1xxDhGJKOwdQWJP-VAIxjcQlR586i0hndOKZ0Qgsy-_gfyKwgsw_PIep8sxDKXummCtNEqsigF-SQvTFka4w43UfStyCzfbDkY0j-gMw_voGos7NkQgXJD19puKzGGK3MVQOvPucJ35_znQqfC-oN3xXMq1JOpxHJYAxqZpAaC6m0kAYW0thChx-WPLvhMYe6taDJWd32qOdx4dvNRsW2aZPVkbKJ9gGSeAAWDsD0JmK9iba8XRBr5nfo9D7Meg7DLZiEoMtzZIIgMwQZJcgkQZYQZN18l4emYvI7PDSp75zMysl085FKWkO6q5KWiAioHkDzfEfGH5ktsGRm1A8MH6lJo36Sj6jP82F8RJ6eZGt9-tdZtMVhiVZYjdXrnAs78OrCdavMteu04fle0KjYVRiZQ5ozoMZCXxbk-twYsSzIhYsvwaf7MOE-mHwONH0RNMtB13P0o6-DoC1jasqdjbLk4CpHnMwi2bCG4RF5drSyunB_euMPrrwMwQ5ef-KLH7u_fN8E0zlineND-TNBK9weraiM7KyozJDvluJEdmSfTu5_M6GJmL17XWxkSvNrV8zgyzfYBEzWe6vCJDdoxGXUMuSrBcm50FeVZoL8cM2sCX85NesLqY7S-Mbym1evdWItjJEqGoPKgjz5-UUwWZBz5y9P33b130dg8SZMfHD5z-0H6fvzL8AoAj-2EMqCvHPrEUJxyqifw4hTT744-OlvMq2h2UZLW6DJFqJOjq7O0Q1z0HAAk86MklgfXP7NnRb80Br5obZ2_FCHt4-zMvKwFLiiwmy7Ua85biMQjutxFlQbXpPXqO26AokpZHV4978AAAD__4kZkLuCBAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:56 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+835756d40732a5d9d069d22f3748a30c=6308898; expires=Mon, 08 Dec 2025 15:47:56 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Mon, 08 Dec 2025 15:47:56 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 5\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 43dbd81e6afc698aa2066f426e0cbe0e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css?v=1.0","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css?v=1.0 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18752\r\ncf-ray: 9aa529d51c880731-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6421d693-4940\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1596923\r\nexpires: Fri, 27 Nov 2026 15:47:46 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=HBzCyd14e6c9DJfunCLTQgKI1KuVEDR9JY8lmmzN5flpUr8zGpboPdfvkpB6THvkS8KMXDOhX1OkaCrI4seT75e1dhc4hWpmISThR9BOd0OtX%2FHt9%2FSyMByaiGanSTEVNG7tVA2U\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-04-05T10:54:35.410991Z","times_seen":42022,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":45,"dns":20,"connect":10,"send":0,"wait":24,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 432\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":432,"data":"{\"timeOrigin\":1617,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"2a30e9c3-55e0-4695-a45c-7c298f8c5421\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"after_prerequest\",\"previousEvents\":[{\"ts\":1765122466722,\"event\":\"init_micro_tag\",\"event_data\":{\"timeOrigin\":1601}},{\"ts\":1765122466737,\"event\":\"before_prerequest\",\"event_data\":{\"timeOrigin\":1616}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9895347","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roagrofoogrobo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 08:57:27 GMT","end":"Fri, 06 Feb 2026 09:55:06 GMT"},"fingerprint":{"sha1":"0A:8C:F1:28:CD:BA:14:45:64:B9:A3:43:FB:64:81:F4:08:1A:19:C3","sha256":"8C:BE:3C:A6:CC:F2:5E:23:17:64:C2:23:1E:87:E6:51:7A:79:B7:A6:16:BB:15:A6:F7:C9:37:10:F3:67:D8:3C"}}},"request":{"raw":"GET /400/9895347 HTTP/1.1\r\nHost: roagrofoogrobo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FwSp8oxxqkxSc1ohBiSlNtkKh1FgJQNEy3L76TpQuWklvqFfFX%2F%2B7pdmmab90bWH8oFJqe8EI9DzQ8yLfA%2FRNxtJRWdYxcSJvOqANMW8q8H4oA%3D%3D\"}]}\r\ncf-ray: 9aa529da68fa1ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":163529,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f60962cdac6d77f7d98f8a605c739918","sha1":"68779dd39241541026a780fc3136cd5f774ae4c3","sha256":"9a4c508eb623d94196169fbc159686ff7d1415cd0c8a41d33d889cf8a9ca7bb1","sha512":"5ffce5194ebde567f952b1d3757942757f6880002fd0bb70534f0731c896cfd584a0256a69f739351be670ed505cbbe48803cbbf512b71ad0d0e612506d8176d","ssdeep":"3072:dAJaOTmnhzMm3hmdkJ75lL6glltCzWdykmX9qNdHjiH8WkIYICrdbmC7f06eBoAf:dAJaOTmnhzMm3hmdkJ75lLPllcMykmQ2","tlshash":"23f3e888b192b1512e735534352fd20ea9afab60544e4980d0dbe1b27f3706ed377ed8","first_seen":"2025-11-28T16:11:53.131036Z","last_seen":"2025-12-11T17:55:12.810469Z","times_seen":35,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":33,"dns":4,"connect":1,"send":0,"wait":73,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9895349","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"glempirteechacm.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 12:45:49 GMT","end":"Fri, 06 Feb 2026 13:44:19 GMT"},"fingerprint":{"sha1":"67:E0:53:17:21:20:D0:BD:1B:BC:43:82:F7:94:B6:8C:F5:0D:AF:0D","sha256":"D6:94:5F:77:E7:2C:B8:33:7F:E2:CC:9A:BF:8D:18:5F:08:1C:3B:82:84:A5:67:C8:71:12:E7:24:1F:BC:09:E8"}}},"request":{"raw":"GET /401/9895349 HTTP/1.1\r\nHost: glempirteechacm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FWkaL3sKSInykFmr9w8pQ6VRJDyPvwcvsz9cBO8%2BRncKmqUx%2BbORBb9wlyN1ydOAWgjQsRxWp81hT1WnPQ2%2FK2fSn%2Fjln4ZV6E85eXcsfYge\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9aa529f91c3a56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":167001,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f084c294003f6ab0861f97c56ea7f49","sha1":"d6f2e8597880b3b887559a9ba2a0c483a5a18ddc","sha256":"623ba969515db64159446cd27e4da257daac0c8d6d32f685a52fb863159356d3","sha512":"749d39e1eb122113c065d3298fb2065e7263cb8667794f0f9ecfb235c402b6dcf35add1e77fec003ea0c049f99cfda1a3762cec29b6c2a8ab12a960b3659cbac","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTSwGxq6/2DRaTIJSKjuEOVEABn:/IBCcpySwZ6/2DRaMsKCZbBn","tlshash":"e5f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","first_seen":"2025-11-28T16:11:53.055324Z","last_seen":"2025-12-11T12:23:25.693667Z","times_seen":30,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/impr.gif?sid=H4sIAAAAAAAC_1RSzYscRRytngQP8SAa9ShzNH7Mds_0fJlDcI2RkHV33awsKB6qq6pny6npaqu6p2fntLggwdMoHtSLPW92s1Gj6B-ghFkRJCDYJxfMXgRPXiSQs8xkYPUH9fuoV4f33q8-GKcnpIaUHq-_rodSKbpUr7jlZ7dkxHVmy6ubZc-tuBfLWzJq-BfLg1ky_Ze8ml9xL5RfE6yrl6qu57qe65WvSCNCPViao5Dx7bZXabsVv1rx6j4G5v-zTR1Y6oD3T8gTkLx47M_wbUg2RdT77rKw3UTHL7zaSxVNtEGfH74ZdSOdReidtqFxEEaHi9fQtiDk0xJ0dLhQAN3fnylAIAtSevoeguhwQRNB_-Ah00BBRAj4o8j6Uwg1haRTML0HyX8jAONYXUPUu7mqTUZ3HqJ0hhbk7IP7kFlBzt57ElHv22UlB-XrWqWJ1JHFIMwhB1PIzhRxeoRk6EBmR2DJ-5D8V7L0YAVRb3_NKg3J87l6GU5BrYN0dqSDNHSQxg56_Ljsuy2febTWCNucNV2f-j4XgdtuVV2XtlkTKZvRGiGJR2BqBGZ2EZtddOVHBXHO_AGT3oHdzmG5A5sUxHljF32eIxMEmSXIKEEmCbKEIOvnB1zZqs1vcmXTwFvU6qLW8olOOmN6oJOOiAioGcHwfF_G79k9sOTMZBhaPtGzRIMkn9CA5-P4hDw-s8755O_76IrjsuCBX2tQ5jV4WGt5zRav133eanIR-m4zqMLKHNKW5q4MZUGuvThFLAty4flnENAjWHUEJp8CTT3QLAfdzjGMvgnDroyprfR2KpKD6xxxchbJjjNWJ-T8ZGNz-c58he_8_jMEu0sWAWZyxCbHu_Ingo66MdnQGdnf0Jkl36_FiezJIZ2t93pCE_HIV9fETqYNv3rZjr58mc2AWXt7U9hkhUZcRh1Lvl6WnAtzRRsmyA9X7ZYI1lO7vZyaKI1X1l-5crUXG2Gt1NEUVBbk3D8fgsmCnP_xi_nXrT_3F1i8Cxuf8rSaIIgdKEmgxOk9DXLY_8zBaT-2N9AxJdBkD1EvR9_k6KscVI1g03OTJDZ3L_3y2Sw-R6BKk0CZ0n6gjPp47lNB3rp1CVYel8OaqDLXbTUbXq0VCq_mcxbWW36bN6hbqwkktpD18a1_AwAA__9Vg4ggYgQAAA==","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSzYscRRytngQP8SAa9ShzNH7Mds_0fJlDcI2RkHV33awsKB6qq6pny6npaqu6p2fntLggwdMoHtSLPW92s1Gj6B-ghFkRJCDYJxfMXgRPXiSQs8xkYPUH9fuoV4f33q8-GKcnpIaUHq-_rodSKbpUr7jlZ7dkxHVmy6ubZc-tuBfLWzJq-BfLg1ky_Ze8ml9xL5RfE6yrl6qu57qe65WvSCNCPViao5Dx7bZXabsVv1rx6j4G5v-zTR1Y6oD3T8gTkLx47M_wbUg2RdT77rKw3UTHL7zaSxVNtEGfH74ZdSOdReidtqFxEEaHi9fQtiDk0xJ0dLhQAN3fnylAIAtSevoeguhwQRNB_-Ah00BBRAj4o8j6Uwg1haRTML0HyX8jAONYXUPUu7mqTUZ3HqJ0hhbk7IP7kFlBzt57ElHv22UlB-XrWqWJ1JHFIMwhB1PIzhRxeoRk6EBmR2DJ-5D8V7L0YAVRb3_NKg3J87l6GU5BrYN0dqSDNHSQxg56_Ljsuy2febTWCNucNV2f-j4XgdtuVV2XtlkTKZvRGiGJR2BqBGZ2EZtddOVHBXHO_AGT3oHdzmG5A5sUxHljF32eIxMEmSXIKEEmCbKEIOvnB1zZqs1vcmXTwFvU6qLW8olOOmN6oJOOiAioGcHwfF_G79k9sOTMZBhaPtGzRIMkn9CA5-P4hDw-s8755O_76IrjsuCBX2tQ5jV4WGt5zRav133eanIR-m4zqMLKHNKW5q4MZUGuvThFLAty4flnENAjWHUEJp8CTT3QLAfdzjGMvgnDroyprfR2KpKD6xxxchbJjjNWJ-T8ZGNz-c58he_8_jMEu0sWAWZyxCbHu_Ingo66MdnQGdnf0Jkl36_FiezJIZ2t93pCE_HIV9fETqYNv3rZjr58mc2AWXt7U9hkhUZcRh1Lvl6WnAtzRRsmyA9X7ZYI1lO7vZyaKI1X1l-5crUXG2Gt1NEUVBbk3D8fgsmCnP_xi_nXrT_3F1i8Cxuf8rSaIIgdKEmgxOk9DXLY_8zBaT-2N9AxJdBkD1EvR9_k6KscVI1g03OTJDZ3L_3y2Sw-R6BKk0CZ0n6gjPp47lNB3rp1CVYel8OaqDLXbTUbXq0VCq_mcxbWW36bN6hbqwkktpD18a1_AwAA__9Vg4ggYgQAAA== HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 72d97a47310a1b2d07296777cca5e122\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":95,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"015kk.com/401/9895348?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true","fqdn":"015kk.com","domain":"015kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:53.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"015kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:47:58 GMT","end":"Tue, 17 Feb 2026 10:47:57 GMT"},"fingerprint":{"sha1":"64:B3:6C:45:06:06:36:53:32:FC:35:20:9D:C9:CC:5F:FA:81:2A:95","sha256":"5F:72:37:E0:2C:04:E0:CA:5B:25:E1:DE:39:86:7C:2D:24:AB:6A:A9:F0:9A:12:31:CE:E9:E8:5B:81:62:C4:E6"}}},"request":{"raw":"POST /401/9895348?oo=1\u0026sw_version=v1.768.0-s\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026st=true HTTP/1.1\r\nHost: 015kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 3329\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3329,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkCVkYLASoQTktDC1hGTBkCRExXAwkfFA4eFkpPUhRLDk4+HQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQX0dQQB0yU1xHUxkQHAxXWAhFW1MSHw9JSAVCT1lJbEYeRkNZWUBQABUbW1pCSQddCk8NCB8UHhYfSk9SFEsJVUNQXkdQWglPDQkfFA4eW1JEThoHGxtbWkJJHFUeTw0JHxQKEFtSRE4aDA9YDUhUW14WBg4VAwMaWAAUSk9SFEsLTRVIVFteFg0FaFZRXFheSURXDE82Dl1DUF5HUFsdDkdMEQxKSFsAHAZcDBcbW1pCSRFcMQJVU2xfFAAcEFdYCUVbTggEMQAXTR0yW1xdUQ4MW1JFThoKFlUOGDEPF0QaBRUDAxpYEhwGEQ1KS0MJTUgJCh9RHgxTShEMS0hbBhk9VgUKG1taQkkRWwICRWZUVxcRDUpPUxRLCV8NSFRbXhYNHl4bCQZWRhoEAUACWVUbCxkeSUgFQk9HV0cUQFRVSgUMSgpbA1FGTBseVRoLWEteaR4BDQ0WFlcbWwNZRkwFF0dMVwQLThpYFhBKT0BUBQ9UEQMeDlAYTB9BGwkUNwEKCVdOGhsJSUNQXUdQQBQCFQMDGlgTDkpPUwpRSRVDHQZJSAVeXwMVEUETE1tSRFAAWVUbFgMGSUgFXl8DFRFBAkZDWFlATxBbA1FGTAIKFlRdGxtEUBlGQ1hZQEsIERtbW15ZRhhMHl8bCQdKVk1EVxFPS0MIU1JeR1BHDxoVAwIEQlRVSgERZw0cTQQJGg4WFlRdGxtZRQ8FW1JXL1cTEFUNC0FeXARORWBQXVIVEwpIOzYYWEkXUVFOPBtaWFkMGUsATl9ZGgNYCVpNF1FDTiwXVwUCGAsDB0pUSFhEQn4AC1wHBRZEQwdaQwcbHxQUFFtSRE4aGR0bW0gHBQZRHANWVR5GHgJUHhwHTwwLAwgZPiJJXQAZUktdVxZJCQwTT04AHE4EGFQCAWQnVl5XR1MIChgEWBJcD1RPCA8ZDgAOBx5ncAhfFBAcGhsDVEQJXQdHGAIXQwsfDVBAZjNfEAYBB0oHGFVMGgoNX0IHCEBcQQwTFykhTkAUSxFQDUhUWl4WGwRTGwlYDwgVRFcGSg9bA0MCGh8CR1RCGF9VXRMUGBtbD0FHEF1OSEJJAlhMVxVRR0IKF0NHWgReAhBJABlABgsaBwkYT1ZEEwIAHRwGGkVbVwZIVFteFhoXFQMRYy4nW0RXDFpLQwhNSAAKAhZUT2BQXQVIRlVKBRYaU0kVQw8YCh4WVF4AFRFeGUZDXE1OGg0UG1tHX0dQRhoZFQMeB1ZGGgAqDVoDWwNRRkwFBRZUXBsbRFJYXh8JGRFdRVtWEgkeHlAOTCFeV0ZOWhxBXipUDEtVGwkDCg8XWkxXUVhfRR9IWwsdPVcLE2YIBAoOChZUQAYVEUETCiYDEBtLNhVcDw0aA1AOXF4GFRFVFQgWGioGXRkNUUNQXF9eFhgIWV1cRFheW0pZQF8IFFwRCwoYUA5eQRVXXxRARhwGWDdrS1UbDwYdSUgWCwMabGAaHwpbRFcBVwUWSz4NDwYHQExXFUpBURhGVUoFBFRLQxtDRkwIHkBMV0xEHxQQFwlKT1MUSwlXFUhUW14WHgNFWhEMSkhbGBkDTA8WSww1Cg4GUQ0ZWEsRDAFGEBsqA1YNC1YIDkxRFFUCHlIVEV8JOw0aHAZdBw0bWwwPBwFRQk9eSmxVEhYWBRwXVTZBDz4FHDQcURkIRRsJUBsICg1ZQFEaJloJGAEGG0EDTw1fUloJAVVKHBFnDB1eBEhUDRNYHQgbG1pFJQMcCx4NGlMNSxQPQkkbRzEaUltsXRMQW1ITA1QaHBVDAx00BVEMMlxQR2lMVE83GhBnBxxOBBhMURRVAh5SFRFfCTsdDQYJTAYJZhILCAoAXUxXUVhfRR9IWwEGPVsBC1YMAxsGLVseCEVYEQwcBRUbEB8USxdcEkhUSUACWloADgQBSVVbRFcBVAAcVxU1Bw9QDkwYWVJdWQ0KW0RXA14PEFUICxoOLV0KTw0bERpYEAsJEwRRCiZKDh8cCBdrBwkVAxEUVkYYDAMHSh0QSgQYMQIWFlRPFRURVRsJCQkcBVY2EF1DUExJXhYNGERNXFslDR03REACS1sVQwkbGAZbAzJeXWwEWF5bSllAWwUQWgo1Bw9QDkxPGxtQWQkQW1JXQBRLFFwVAgEPUA5MB0RNUlFYSFsaKhdRDVsDQ0hCSR1VMQRTGwkUWEhbCREGUR0QVg8LAjQbUB1PDWJuSw==\",\"async\":\"TBtXQwgXW1IOQFoIDRtbWEJJGl0AGUQbCQdWRhEBEQZdByZQBxgPBhcWVFwGCx8UDgsNCRlAAlhIChxGTAMbUAoIWWZaUAgFFA1XWAhFW1sAHkxRCRYHHmhbUkJYXklEVwFQCAteCAQJSUgEQk9UUVJEHQ0XDyoWUQQcG1taQkkWXR0OX1hBURMKHjcBC1UMWwNRRkwHF0ILARUDA0tWRhEBGxZLS0NCHEZMCB5dCwNDZlpSWF5bHRsJVgYOV0NGTAoUUgcBXlhHUyUNHUpPQBpFW00TCwgNG1cxHlhMQVUfOxAMV1gaS1UbAA4YDgBABx5SS2xfHkZDSldOGgoYVBELBwwcawcJFQMRFFZGGh0GFlcEJlAFNV9JSBZMQRVaRkUOCxQ3HAZnW1sDQ0hCSRFYBw5cZlpSWF5bSllAWwYKTUNQTEleFgMIQ1FcUlheWwIGFlkOWxVDGDEeG1BMVxUbHxQVBSYBEUACS1sVQwsKDxtABwJZWF9pEwAKSk85ZRQ=\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://ffkipas.my.id/verifyuid\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":0,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://ffkipas.my.id/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:53 GMT\r\ncontent-type: application/json\r\nx-trace-id: d31e5a5704622748b593ea823cbc9ccc\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:47:53 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2095,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0a974986c0cc4f9e427ed3061b83c60e","sha1":"894d1256900d9d10919bc9f6e43b123963fd2872","sha256":"67285e1df3a80c3d2fc7bf71eb2ab089ba7e3d8407ac1122eb95ee1aa1fa69d2","sha512":"ff3d8a4b175a6daaee82d7a106869ab3fd91fa9fa125f832f7600d7465d125bbaf4146c01e8f4d413d0dda863452462e5da70cacfc39d8f5b3851b5425f5510f","ssdeep":"","tlshash":"1c41f1088d28457e81de5ab6dc0b6d475abd011f7a4d762de7894d1770ebce403eb20b","first_seen":"2025-12-07T15:48:18.450563Z","last_seen":"2025-12-07T15:48:18.450563Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"015kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:56.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:56 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/79c156bd8f362e0b3ca780d6b7deb7e5.jpg","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 09:06:49 GMT","end":"Fri, 13 Feb 2026 10:05:15 GMT"},"fingerprint":{"sha1":"1E:80:62:5B:0A:AE:45:C7:23:30:B5:BA:23:77:27:CF:C7:7E:2B:E5","sha256":"BD:DA:C2:A9:EA:C4:6B:B2:C8:71:38:93:D3:DF:34:10:57:C4:48:46:8C:A2:5E:BE:D1:C5:60:FD:35:71:AA:BE"}}},"request":{"raw":"GET /www/images/79c156bd8f362e0b3ca780d6b7deb7e5.jpg HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 15:47:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16710\r\nlast-modified: Thu, 27 Feb 2025 04:01:53 GMT\r\npriority: u=4,i=?0\r\netag: \"67bfe3b1-4146\"\r\nexpires: Sun, 07 Dec 2025 22:20:42 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 62834\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KulvZj%2FbqnLElzfPgzJit5fzQgLEkdjkuiQu1uV1FKZ0vboMBt94M2MEFzE3V6v4qVI7RuVrUMw7ts5kXc%2BeCS43oDgocsa4Fnvu3l2Jmg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9aa52a1a8b5456bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16710,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3","md5":"79c156bd8f362e0b3ca780d6b7deb7e5","sha1":"4fd52a53919fdafa1385bcced866235f58311562","sha256":"583e4ff5e88c8b8b900a6b0c88c07c932f2fb8383f606e204470ccc73564089b","sha512":"b349688441118cd36d880f1e07ff25bf28d7d0997ae691bb71d5d9793db66edff3bb8c63656cc9030dd31cd4e6061f73f1c2e72f34310cb0d6aa35a71f563821","ssdeep":"384:9wHqTuUp2fzO3ZOtwYaBQOM+IEgCpP5gkMQ00f:CAurO3Z2aeO8EgCpxgkMFe","tlshash":"9472df3b6b562379c6a202768721dffb3becf8b64c65a6b3840428ca273d6971e54150","first_seen":"2025-03-07T10:15:54.227516Z","last_seen":"2026-02-24T11:22:53.493434Z","times_seen":356,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"luciuscratediffers.com/edb436ac16df38178d554d87def407b2/invoke.js","fqdn":"luciuscratediffers.com","domain":"luciuscratediffers.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"luciuscratediffers.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 22:37:11 GMT","end":"Thu, 26 Feb 2026 22:37:10 GMT"},"fingerprint":{"sha1":"F7:B1:74:61:CB:AA:34:B5:31:C0:91:78:23:F9:E1:70:3B:16:64:15","sha256":"C9:6F:F5:3D:F5:19:DD:0E:88:A8:A5:E9:86:5E:B5:C5:E4:A1:0E:A9:9C:A5:30:63:6B:F0:A3:DF:15:D8:E9:0F"}}},"request":{"raw":"GET /edb436ac16df38178d554d87def407b2/invoke.js HTTP/1.1\r\nHost: luciuscratediffers.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 15849\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: luciuscratediffers.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ef3487475a11fb9ab638026bccb6c497\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43737,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43735), with no line terminators","md5":"ff01303cfbadd30c4aae81f634dc1ab4","sha1":"5cabd7afd017eafd42283b17c6fca9af54cec86e","sha256":"9258006f32c56a2acdcaa32620a736e72b19d4d376fc32e9e886c73ac8979096","sha512":"bbb08048cb2873130fbf464424f8b59894c79aebfdfb9eb3551866c7490d910f5b37444d8b20646abf2045751971a84e102129bd1d99cdf0556e0660ecdd0a4c","ssdeep":"768:pL+PQP8Og7EDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPwXkI43KX:pc7EDR6fCoM4R/Zyw44XkIP","tlshash":"1b13d79a7f91b5ac0376b47b143f922ef6399d0260c8c9acd103e8952f9ca4dc13db59","first_seen":"2025-12-07T15:48:18.451963Z","last_seen":"2025-12-07T15:48:18.451963Z","times_seen":1,"resource_available":true,"data":null}},"time_used":748,"timings":{"blocked":277,"dns":1,"connect":92,"send":0,"wait":96,"receive":92,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"luciuscratediffers.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 258\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":258,"data":"{\"timeOrigin\":915,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"3f90af1c-43c2-4edf-a373-ba7648ca514d\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"init_micro_tag\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRSumQQP8SAa9Shz8GD8Mds93fPLHMQ1RkJiEpNIDiFIdVX1bDk1XW1V9_TsnIKBEDyN4kG92PPNZDfRKPoHKGHWiwQE--SCWQSvXiSQs_TswOrJB_1-9Fc8vu_VqxvTdI94SOnu-bf1WCpF15p1p_bCZRlxndna2Us116k7x2uXZdTyj9dGpTPDV13PrzvHam8J1tdrDcd1HNdxayelEaEerS1RyPhu1613nbrfqLtNHyPz39qmVVhaBR_ukacgefHEn-EVSLZANPjuhLD9RMcvvzlIFU20wZBvvxv1I51FGBykoakgjLZXp6FtQchnVehoe6UAejgvFSCQBak--wBBtL2iiWB4a59poCAiBPxxZMMFhFpA0gWYvg7JfyUA4zh7DtFg66w2Gd3cR2mJFuTwo4eQWUEOP3ga0eDbdSVHtYtapYnUkcUozCFHC8jeAnG6QDKuQGY7YMmHkPwXsvboDKLB_JxVGpLnS_UyXIDaCtLykxWkYQVpXMGA79Z8p-Mzl3qtsMtZ2_Gp73MRON1Ow3Fol7WRspLWBEk8AVMTMHPjdsw3kv7Q784Tk4qtNGLW707du-l7sWq0ml674XhTd_f5SAkmeOB7LcrcFg-9jtvu8GbT5502F6HvtIPGnSvNru96rnt1a7_rsue87Dl1EZtr6MuPC1I59DtMeg92I4flVdikIJV3rmHIc2SCILMEGSXIJEGWEGTD_BZXtmHzLa5sGrir2FhFL5_ppDelt3TSExEBNRMYns9l_IG9DpYcmo1Dy2e6dDRI8hkNeD6N98iT5R1VPv3rIfpit_Z_6mBlDmmry_GPZUFOv7JALAty7KXnENAdWLUDJp8BTV3QLAfdyDGOvgnDvoyprQ8265KD6xxxchjJZmWq9sjR2YVL6_eWu3L1t3sQ7D5ZGZjJEZsc78ufCHrq5uyCzsj8gs4s-f5cnMiBHNNyjy4mNBGPfXVabGba8FMn7OTO66wEyvTuJWGTMzTiMupZ8vW65FyYk9owQX44ZS-L4HxqN9ZTE6XxmfNvnDw1iI2wVupoASoLcuTvj8BkQY7--OXyjTRf_AMsvgYbH_C0miCIq1CSQImD_zTIYf9VBwf51N5Ez1RBk-uIBjmGJsdQ5aBqApsemSWxuf_az5-X9gUCVZ0FylTngTLqk3JOi_1hWblbCz3RYI7TabdcrxMK1_M5C5sdv8tb1PE8gcQWsjm9_U8AAAD__8397nvLBAAA","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRSumQQP8SAa9Shz8GD8Mds93fPLHMQ1RkJiEpNIDiFIdVX1bDk1XW1V9_TsnIKBEDyN4kG92PPNZDfRKPoHKGHWiwQE--SCWQSvXiSQs_TswOrJB_1-9Fc8vu_VqxvTdI94SOnu-bf1WCpF15p1p_bCZRlxndna2Us116k7x2uXZdTyj9dGpTPDV13PrzvHam8J1tdrDcd1HNdxayelEaEerS1RyPhu1613nbrfqLtNHyPz39qmVVhaBR_ukacgefHEn-EVSLZANPjuhLD9RMcvvzlIFU20wZBvvxv1I51FGBykoakgjLZXp6FtQchnVehoe6UAejgvFSCQBak--wBBtL2iiWB4a59poCAiBPxxZMMFhFpA0gWYvg7JfyUA4zh7DtFg66w2Gd3cR2mJFuTwo4eQWUEOP3ga0eDbdSVHtYtapYnUkcUozCFHC8jeAnG6QDKuQGY7YMmHkPwXsvboDKLB_JxVGpLnS_UyXIDaCtLykxWkYQVpXMGA79Z8p-Mzl3qtsMtZ2_Gp73MRON1Ow3Fol7WRspLWBEk8AVMTMHPjdsw3kv7Q784Tk4qtNGLW707du-l7sWq0ml674XhTd_f5SAkmeOB7LcrcFg-9jtvu8GbT5502F6HvtIPGnSvNru96rnt1a7_rsue87Dl1EZtr6MuPC1I59DtMeg92I4flVdikIJV3rmHIc2SCILMEGSXIJEGWEGTD_BZXtmHzLa5sGrir2FhFL5_ppDelt3TSExEBNRMYns9l_IG9DpYcmo1Dy2e6dDRI8hkNeD6N98iT5R1VPv3rIfpit_Z_6mBlDmmry_GPZUFOv7JALAty7KXnENAdWLUDJp8BTV3QLAfdyDGOvgnDvoyprQ8265KD6xxxchjJZmWq9sjR2YVL6_eWu3L1t3sQ7D5ZGZjJEZsc78ufCHrq5uyCzsj8gs4s-f5cnMiBHNNyjy4mNBGPfXVabGba8FMn7OTO66wEyvTuJWGTMzTiMupZ8vW65FyYk9owQX44ZS-L4HxqN9ZTE6XxmfNvnDw1iI2wVupoASoLcuTvj8BkQY7--OXyjTRf_AMsvgYbH_C0miCIq1CSQImD_zTIYf9VBwf51N5Ez1RBk-uIBjmGJsdQ5aBqApsemSWxuf_az5-X9gUCVZ0FylTngTLqk3JOi_1hWblbCz3RYI7TabdcrxMK1_M5C5sdv8tb1PE8gcQWsjm9_U8AAAD__8397nvLBAAA HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e05b1da5daf058b4731b5eaea2419ade\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":274,"dns":2,"connect":92,"send":0,"wait":99,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:54 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=38CprVbDoxpgkCK9jLrXkulS%2Bn5HtzueJVYw3KV7iPLdChLablQh44DXGwPEwuWCQ2lewb9W9SLdFJUC4iExqTKTU0L0IaCrECS7PpnnuWD0XSzA\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9aa52a0b2f80b515-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-05T09:34:36.988452Z","times_seen":1695,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":26,"dns":1,"connect":1,"send":0,"wait":149,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=182","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=182 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":107,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 350\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":350,"data":"{\"code\":\"error_json\",\"sw_version\":\"3.1.642\",\"error_message\":\"subscrDb_get_all_subs:, message: error-obj: {}, error-msg: A mutation operation was attempted on a database that did not allow mutations., error-name: InvalidStateError, error-code: 11, error-ctx: {}\",\"error_location\":\"https://ffkipas.my.id/\",\"error_stack\":\"\\\"unknown\\\"\",\"timeOrigin\":1616}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"cbbee1a9bed3a11c9c0f6678dbe277a7","sha1":"c5c6d94ea5c5d13cd5b2f28fb3c28c46ac7bdf1f","sha256":"8e033413c3fd2c1ac0ee2e669cbb7ef19f85005f1df0c4a2bae02e1249374f6d","sha512":"78dcad47c0958dec34b2e77ee1b5e2accf68c2b2d72ae064ecfc8329fc28c8875ff6e20eba7c00f5fd3ecb5ed147bb69b3ccefe2c11a5ca8ce993f5022f5df75","ssdeep":"","tlshash":"4da01280885c44d444c4460659558a102dbd0093846040509c192c212038104b500083","first_seen":"2025-12-07T15:48:18.453257Z","last_seen":"2025-12-07T15:48:18.453257Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 379\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":379,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"78dc8626-cb3d-4e43-8d26-37233a7409ae\",\"oaid\":\"e955225269bf4acfb3e508a49cbcd1d6\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"universal\",\"event_type\":\"hit_page\",\"timeOrigin\":2977}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"60940087b4c8953adce6634e0018605b","sha1":"7d1224d6171c135c1964595b5632c8d5f9bf2852","sha256":"f41ed1e2e8d61444dc043d06fcb2dd4770b73e535d80bdb871d4a1b87f777371","sha512":"91add1ebac6a608caa9cbc4bf2edbbefdeae337c73493380f304229d8524524638128fd82599feedeac681da33c4b28ee7cace1f7f1209906508e06d2d6e464a","ssdeep":"","tlshash":"b4a0245030c4050041d535031d5ccd04477c05f30f55405ccccdfc11533100447413c3","first_seen":"2025-12-07T15:48:18.438699Z","last_seen":"2025-12-07T15:48:18.438699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6opo.com/wrr?z=9895346\u0026p_rid=998893da-1b6a-4972-bb50-70fc51b4f41b\u0026rb=7IvL2Zosed5tq_9z7IenEf2to0DRsmvlc_1TXzVl8GFBCYewIfpSJDQNTGbhcH1fEQOaF-RSaFnDTVSsfl_o9BwbCbTJTlxRqsFg65vjrdy8OYW7egs1_uyEFfvlFjjyyRYbbJw8Fd7_qZVqw6SiLTkX3V-m5E2HZOY3kEeLfWXeLqqHnUYxmF64vEcfCvFuF6g7WncE-DUc5Sr6XKpERxiSZkS2HkV_zUypkJbS7zyMz1LAswsrkHSDOu9kc2YQCYWlXCc5blj5rSGX3n7TnozKb5PWpDmJCJC0XjrGyonscMXn\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9","fqdn":"6opo.com","domain":"6opo.com","tld":"com"},"ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"6opo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 23:08:12 GMT","end":"Thu, 01 Jan 2026 23:08:11 GMT"},"fingerprint":{"sha1":"12:6F:03:3B:FC:49:A3:E1:60:52:64:59:B1:4F:E7:2D:91:98:E1:BB","sha256":"0C:C0:88:D7:18:66:94:1D:10:EB:04:76:F9:82:7D:86:D9:84:E2:65:9D:D8:12:8D:C2:DC:16:34:BD:40:24:9D"}}},"request":{"raw":"OPTIONS /wrr?z=9895346\u0026p_rid=998893da-1b6a-4972-bb50-70fc51b4f41b\u0026rb=7IvL2Zosed5tq_9z7IenEf2to0DRsmvlc_1TXzVl8GFBCYewIfpSJDQNTGbhcH1fEQOaF-RSaFnDTVSsfl_o9BwbCbTJTlxRqsFg65vjrdy8OYW7egs1_uyEFfvlFjjyyRYbbJw8Fd7_qZVqw6SiLTkX3V-m5E2HZOY3kEeLfWXeLqqHnUYxmF64vEcfCvFuF6g7WncE-DUc5Sr6XKpERxiSZkS2HkV_zUypkJbS7zyMz1LAswsrkHSDOu9kc2YQCYWlXCc5blj5rSGX3n7TnozKb5PWpDmJCJC0XjrGyonscMXn\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9 HTTP/1.1\r\nHost: 6opo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/pic1.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/pic1.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 15:37:03 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 670832\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 39\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lW0vWvfSjnMVzpKbP3EpuQ25J424arWI1IaQQrft4GmT%2BOP5BRIP7nISYvrSb5KbGxXeSfrQATq0vHRpQ45nCI4olpHGwmUoeKbg\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529d4ccfcb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":670832,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1704x786, components 3","md5":"f3cc342f6943ae2d0638aec82e85ee91","sha1":"b08ab2600fcc24356bce73139813a72a16c9de12","sha256":"cac9625c500893aa671b07a7996285b012720e8e228f25e0f51573d5562b52b1","sha512":"9dff9d96104be3db1623764ba7b1b79fd004d4108f031bbb95a560d1a797fad2432eb9568bb7d0aa83c11b9441ca56c7781f28ba1e50321956b73da1ed35613f","ssdeep":"12288:iQMkWb6AJ1Sj1wXs0M16P4E3Xvm4LgT4+NvdMEUkyZ1U0nQt:i/kW+AfV8+w+X5M46dvFyZo","tlshash":"cfe423535e2a50766e4d03e1d492e84e3be207f840df9c8812498d8df7d965b2deb8dc","first_seen":"2025-12-07T15:47:42.68396Z","last_seen":"2025-12-07T15:57:24.115691Z","times_seen":5,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":175,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 02 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402922\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 713\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":713,"data":"{\"code\":\"error_json\",\"sw_version\":\"3.1.642\",\"error_message\":\"micro_tag_push_unsupported:, message: error-obj: {}, error-msg: no-message, error-name: Error, error-code: no-code, error-ctx: {\\\"installer_type\\\":\\\"micro\\\",\\\"zone_id\\\":9716024}\",\"error_location\":\"https://ffkipas.my.id/\",\"error_stack\":\"\\\"e\u003c/t[K.Yr]@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:28904\\\\nasync*@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35891\\\\n@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35988\\\\n@https://3nbf4.com/act/files/micro.tag.min.js?z=9716024\u0026sw=/sw-check-permissions.js:1:35991\\\\n\\\"\",\"timeOrigin\":1620}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d93ddb52302d9213f66f31db206b0c2","sha1":"3752878e1d73d7f64b1294612e2ece468f99eb87","sha256":"2cbacc333a5d74793b4554931e6e26886f2923fcaa8a4d44489296c588f22459","sha512":"662c5bf9cb9875b6bf11ba9fb58285b805abad8296f4aa733c197ac16b143d4bc43cae02042e28039a73b8b3a3078a31fb194ea9d1ce1c2e7b77788efe045289","ssdeep":"","tlshash":"e3a01260405814a0c045820820b24f0126fd05138d5b105445293a2000102434098543","first_seen":"2025-12-07T15:48:18.454746Z","last_seen":"2025-12-07T15:48:18.454746Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9895348","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eehassoosostoa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 09:24:43 GMT","end":"Fri, 06 Feb 2026 10:22:31 GMT"},"fingerprint":{"sha1":"98:94:FB:A6:41:7E:DF:2C:68:41:99:97:85:E6:9A:8D:5F:48:FB:22","sha256":"4F:CA:D3:4E:B5:CA:C8:49:ED:C6:AC:D6:B0:B9:8D:8E:A2:62:99:56:14:6E:A5:0F:E4:AF:21:C5:E4:F4:F7:D3"}}},"request":{"raw":"GET /401/9895348 HTTP/1.1\r\nHost: eehassoosostoa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yqceE%2FwAYvC29IOP9Dsf2YrmW4xeXOO3KsZtGPXmd6vqAF4%2FnN6SGkG1ec7JoCpTxr1NbpDXfYekcfHHXYfdzn2UNG%2Fe%2BNRFvptD9vK61a%2B7RA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9aa529f91c332efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":167001,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"333e465ea2151c587b84a27fbca0b2bf","sha1":"b76463cd20cd646cd3e220f0727e3bfd493e3202","sha256":"044e63115693540c1ee131b2530396453f95047c83c788d31bf8117740eb1a78","sha512":"90dfcd686afc36f2d3fb9c349c3a07eec6c48deea5e37844eddc1eecc78e2c0a5fbe61c426865d3eb93913374c82a2d557b325214500f8b93b95ab303331d1c5","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTywGxq6/2DRaTIJSKjuEOVEABn:/IBCcpyywZ6/2DRaMsKCZbBn","tlshash":"34f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","first_seen":"2025-11-28T16:11:53.021697Z","last_seen":"2025-12-11T17:55:12.815302Z","times_seen":40,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 02 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402922\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 388\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":388,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"3abbfd8c-e7b4-4ebb-b740-02eb97f2a641\",\"oaid\":\"e0f7df4a60c1448197b970eb3c0d9e4d\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"universal\",\"event_type\":\"hit_page\",\"timeOrigin\":1982}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"64bfa7ac4fa8e385efceb362c8eaecb3","sha1":"a0bc151feac46352fd43842992dfed16ccffc613","sha256":"ed0b875f602639feaaccdbe24b2352908a97225b3fe2bed686d3f1e4d2fc5a43","sha512":"eaa4de2dca4f7de066f0888fcfd71e36f978976819bff31d2b4822f53e306b88855c10478725094899e6877746a3da78aea2e33bb9b8f17513cf67635148e91a","ssdeep":"","tlshash":"60a0247cc04c0fd4044d0c0505f05d1005fc0053ddc73070fd0c3f104014010475c153","first_seen":"2025-12-07T15:48:18.423218Z","last_seen":"2025-12-07T15:48:18.423218Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=a2c6c77dde0f47e335c307a84b4f8205\u0026uuid=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=a2c6c77dde0f47e335c307a84b4f8205\u0026uuid=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:54 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4559\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; expires=Sun, 14 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 08 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 08 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 08 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 08 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\nu_pl26535179=1; expires=Mon, 08 Dec 2025 15:47:54 GMT; path=/; secure; SameSite=None\nsleca2c6c77dde0f47e335c307a84b4f8205=[6308898]; expires=Sun, 07 Dec 2025 15:47:59 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 223\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0906547876e69cab4c0e85602d5b92f2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5870,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"60ebdc1ebfbad1f537eae52c99200b82","sha1":"d9a77ef1ed45d82dddf040347548e9ea776eced5","sha256":"403cb4e21ed8dcf49fdcdb9938ca138e95083e927488e5d1ab08bf53b4d9e21f","sha512":"c5bb0058b2dbbee32732eaf786ee17bd313c678207522a7cc38ec7706c18028b3047434937eaf136894af0d8601bb66823d388a1bd28893aa1eeabe6166f613c","ssdeep":"96:9uWjEcgNyJ2naGRMOvMo4FkaITFxTwoqlb+VwhFpRTIwWp3A:9jNgNw2naG1EXcZxcTYwDpRxW+","tlshash":"82c19ffe430a65416fd4cd5c066428f88eb0e54f68963aacd94dbfcf3b640740a0126f","first_seen":"2025-12-07T15:48:18.455625Z","last_seen":"2025-12-07T15:48:18.455625Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1SST2gkRRTGqzfx4h5EXb2IMoiHXdZMeqZ7_rmH1RijYWMSspEcFsHqqupJOT1dbVX39GROwYDkOAsePAj2fJNscF1Fwau6TDwIgQXbU8ANC-pdUPYsMwkE3-G91_z68H3fq08GyQlxkNDj1XdVTwYBna0U7cLlDRlylZrC8nqhZBfta4UNGVbda4XuuOnOayXHLdpXCm8L1lKzZbtk2yW7VFiQWviqOzuhkNG9RqnYsItuuViquOjq_3-bxIKhFnjnhDwDyfOn_vBvQbIRwva388K0YhW9-lY7CWisNDr84L2wFao0RPt89bUFPzw4-xvK5IR8dgEqPDhzANXZGzuAJ3Ny4fmH8MKDM5nwOvunSr0AIoTHLyLtjCCCESQdgakdSP4rARjH8grC9p1lpVO6dUrpmOZk-vE_kGlOph9eQtj-Zi6Q3cJNFSSxVKFB188guyPI5ghRcoi4Z0Gmh2Dxx5D8AZl9vISwvbdiAgXJj1-pO6zKGC3PVHy3NuMKz5vxSmU-49fqniOYW6GcTiKS_gjUTCExFhJpIfEtJJGFNj8uuHbdZSXqVP0GZzXbpa7LhWc36mXbpg1WQ8LG2vuIoz5Y0AfT24j0Nlrydk6sqd-hk_swmxkMt2Bigg7PkAqC1BCklCCVBGlMkHayfR6Yssnu8MAkXulsls-mkw1V3BzQfRU3RUhAdR-aZ3sy-sjsgMVTw55v-FCNG_XibEg9ng2iE_L0OFvr078uoiWOC7TMqqxW41zYvlsTjlNhjl2jdddz_XrZrsDIDNJcADUWejInN2ZGiGROrlx9CR49hAkOweRzoMmLoGkGupmhF37t-y0ZUVNsbxUlB1cZonga8ZY1CE7Is8O19bn7kxt_MP8yBDt6_Ykvfuz88n0DTGeIdIYP5c8EzWB3uKZSsremUkO-W4li2ZY9Or7_zZjGYvruDbGVKs0X503_yzfYGIzXe-vCxEs05DJsGvLVnORc6AWlmSA_LJoN4a0mZnMu0WESLa2-ubDYjrQwRqpwBCpz8uTnV8FkTi5dvj5525V_H4FF2zDR0fU_dx8k78--AKMIvMhCIHPyzq1HCMQ5o14GI849eeLop7_JpAZmF01tgcY7CNsZOjpDJ8hAgz5MMjWMI310_TdnUvACa-gF2trzAh3cPs3KyONCpew51Xq9Kvwq9x3ulB3eqNii4dJG1W24FcQml5XB3f8CAAD__3VxAGWCBAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SST2gkRRTGqzfx4h5EXb2IMoiHXdZMeqZ7_rmH1RijYWMSspEcFsHqqupJOT1dbVX39GROwYDkOAsePAj2fJNscF1Fwau6TDwIgQXbU8ANC-pdUPYsMwkE3-G91_z68H3fq08GyQlxkNDj1XdVTwYBna0U7cLlDRlylZrC8nqhZBfta4UNGVbda4XuuOnOayXHLdpXCm8L1lKzZbtk2yW7VFiQWviqOzuhkNG9RqnYsItuuViquOjq_3-bxIKhFnjnhDwDyfOn_vBvQbIRwva388K0YhW9-lY7CWisNDr84L2wFao0RPt89bUFPzw4-xvK5IR8dgEqPDhzANXZGzuAJ3Ny4fmH8MKDM5nwOvunSr0AIoTHLyLtjCCCESQdgakdSP4rARjH8grC9p1lpVO6dUrpmOZk-vE_kGlOph9eQtj-Zi6Q3cJNFSSxVKFB188guyPI5ghRcoi4Z0Gmh2Dxx5D8AZl9vISwvbdiAgXJj1-pO6zKGC3PVHy3NuMKz5vxSmU-49fqniOYW6GcTiKS_gjUTCExFhJpIfEtJJGFNj8uuHbdZSXqVP0GZzXbpa7LhWc36mXbpg1WQ8LG2vuIoz5Y0AfT24j0Nlrydk6sqd-hk_swmxkMt2Bigg7PkAqC1BCklCCVBGlMkHayfR6Yssnu8MAkXulsls-mkw1V3BzQfRU3RUhAdR-aZ3sy-sjsgMVTw55v-FCNG_XibEg9ng2iE_L0OFvr078uoiWOC7TMqqxW41zYvlsTjlNhjl2jdddz_XrZrsDIDNJcADUWejInN2ZGiGROrlx9CR49hAkOweRzoMmLoGkGupmhF37t-y0ZUVNsbxUlB1cZonga8ZY1CE7Is8O19bn7kxt_MP8yBDt6_Ykvfuz88n0DTGeIdIYP5c8EzWB3uKZSsremUkO-W4li2ZY9Or7_zZjGYvruDbGVKs0X503_yzfYGIzXe-vCxEs05DJsGvLVnORc6AWlmSA_LJoN4a0mZnMu0WESLa2-ubDYjrQwRqpwBCpz8uTnV8FkTi5dvj5525V_H4FF2zDR0fU_dx8k78--AKMIvMhCIHPyzq1HCMQ5o14GI849eeLop7_JpAZmF01tgcY7CNsZOjpDJ8hAgz5MMjWMI310_TdnUvACa-gF2trzAh3cPs3KyONCpew51Xq9Kvwq9x3ulB3eqNii4dJG1W24FcQml5XB3f8CAAD__3VxAGWCBAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0b5187e913a862d24e6ba706b0623702\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=781b6270-2ee0-4ee0-a19a-220928d69d54","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=781b6270-2ee0-4ee0-a19a-220928d69d54 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 449\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":449,"data":"L\u001b[_\u001e\u0000\u001c\u0006*\u000b^\u001b\u0018T\u0004HT[^\u0016\f\fC\u001b\tMX\r\n7\u0017\u0003LKC\tMH\r\u0003\u0013F\t\u0004Y^\u0011\fJH[\u000b\u001d\u0003J\u000e\u0010W\u00065\u001a\u0002\u001fQLW\u0007\u0015\u0011R\u0013\u0017\u001a\u0000\u0014\u0010_\u0000\u0017^\u003e\u001e\u0007\u0006\u0017\u0016T]\u001b\u001b_S\f\u0001\u0015JOREE[Z\r\u0003\u000b\u0005\u0006k\u0007\t\u0015\u0003\u0011\u0007\u001e\u0006@YC[^D@\t\u0007^C_\u0010\u0006\n@U\f\u0002\u0001W\u0006\u001a\\B\u0003Y\u000bH\u0000\u0002[\bI^\u0016\u000f\u000bQP__\u001b\u0010\u001c7\u001c\u0006\u001aS[\u001bMH\u001a\u0019\u0013R\b\u0004Tf@Y\u000f\u0016\u001a\r*\u000b\\KC\u001bXRW^A\u0000VO\u001b\u001bRR\f\u0001\u000b\u001c\u001c\u0011]\u001b\u0026P\u0005HTIP\u0018L\u000eVTCW\u0013\u0003\u00177\u001c\u0006\u001aS[\u001bMH\r\u001e\u0001@\u0001\u0000hPWiKFCJ\u0005\u0017K\u0001\u0012P\u000fHBI\u0011A\u001d\u0019XTl_\u001e;KJO@\u001aE[Z\r\u0003\r\u0000-]\nO\r\u001bUU\r]\u000fE\u0018\u000bH\u0007\u0011RT\u0010\u0001I^\u0016\r\u0002DM\u0011\fXFUJ\u0018\u0007L\u0001\u0016]CPL\b\u0013W\u0006\b\u001aS@\u001b\u000e\u0005\u001eJY@J6\fP\u0005HTIE\f_\u000f\u0001\u000b\u0004\u0006WV\u001c\rEO\f\f\u001c\tL\u000b_R\u0013\u0019\\_\u0007\u0000\u0001\u000e\u001eR@\f@V\u001aE[V\u00005\u0007\u000fP\u000eL]\u000f\t\u0001\u000fBR\u001d\u000bF\u0000\n]\u001c\rQ\f\f\r\u0013Q\b[UZQW\u0019QL\fL@\u0014K\u0018]\u0005\u0003\u001a\u0002\u001dZ\u000f\u0001hPWEX^\"5\b"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Sun, 07 Dec 2025 15:47:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ffkipas.my.id\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ffkipas.my.id\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"1e765b8edef6dfc26e6b6a257a460fd0","sha1":"05d47daa8dba57a477d04a7401be547871dc850f","sha256":"296421ece2e02721ec8029b39673561ca1b83bc95759b34d5051dbec1146aecf","sha512":"965795912887248b7b39d5ba582e760463db4ad97d5e9715ce64abdb216e7aaff5e7ac6926848f89c5bdd36eb5b9976d2c03d7eea944316348ef31b06b923264","ssdeep":"","tlshash":"b490045c51c35d500034055ccc0cd0545c045511c17f341cd75c40d54505440017c347","first_seen":"2025-12-07T15:48:18.448589Z","last_seen":"2025-12-07T15:48:18.448589Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/impr.gif?sid=H4sIAAAAAAAC_4RTv48bRRQeOxFFKBAEKJELCsIP3653_YsUiCMERQlJSIJSRBGanZn1DR7vLDO7Xp-riEhRRGUQBdCw_uzcJRAQ_AGgyEeDIiGxFSeRK6ClQZFSo_VZOqh40rwf3zfF9968uTFN94iHlO6ef1uPpVJ0rVl3ai9clhHXma2dvVRznbpzvHZZRi3_eG1UOjN81fX8unOs9pZgfb3WcFzHcR23dlIaEerR2pKFjO923XrXqfuNutv0MTL_rW1ahaVV8OEeeQqSF0_8GV6BZAtEg-9OCNtPdPzym4NU0UQbDPn2u1E_0lmEwUEamgrCaHt1G9oWhHxWhY62Vx1AD-dlBwhkQarPPkAQba9kIhje2lcaKIgIAX8c2XABoRaQdAGmr0PyXwnAOM6eQzTYOqtNRjf3WVqyBTn86CFkVpDDD55GNPh2XclR7aJWaSJ1ZDEKc8jRArK3QJwukIwrkNkOWPIhJP-FrD06g2gwP2eVhuT5snsZLkBtBWl5ZAVpWEEaVzDguzXf6fjMpV4r7HLWdnzq-1wETrfTcBzaZW2krJQ1QRJPwNQEzNzYfT5Sggke-F6LMrfFQ6_jtju82fR5p81F6DvtoHHnSrPru57rXt2K-UbSH84Tk4p5GjE7dW_vQ353CW6VoN-dunfT92LVaDW9dsPxpi5icw19-XFBKod-h0nvwW7ksLwKmxSk8s41DHmOTBBkliCjBJkkyBKCbJjf4so2bL7FlU0DdxUbq-jlM530pvSWTnoiIqBmAsPzuYw_sNfBkkOzcWj5TJeOBkk-owHPp_EeebJ8o8qnfz1EX-zW_m8GsDKHtNXl-MeyIKdfWSCWBTn20nMI6A6s2gGTz4CmLmiWg27kGEffhGFfxtTWB5t1ycF1jjg5jGSzMlV75OjswqX1e8tdufrbAoLdJysDMzlik-N9-RNBT92cXdAZmV_QmSXfn4sTOZBjWu7RxYQm4rGvTovNTBt-6oSd3HmdlUSZ3r0kbHKGRlxGPUu-XpecC3NSGybID6fsZRGcT-3GemqiND5z_o2TpwaxEdZKHS1AZUGO_P0RmCzI0R-_XP6R5ot_gMXXYOMDnVYTBHEFShIocYDTIIf9Vx0c5FN7Ez1TBU2uIxrkGJocQ5WDqglsemSWxOb-az9_XtoXCFR1FihTnQfKqE-WcyrdPVi5Wws90WCO02m3XK8TCtfzOQubHb_LW9TxPIHEFrI5vf1PAAAA__-WymtNywQAAA==","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTv48bRRQeOxFFKBAEKJELCsIP3653_YsUiCMERQlJSIJSRBGanZn1DR7vLDO7Xp-riEhRRGUQBdCw_uzcJRAQ_AGgyEeDIiGxFSeRK6ClQZFSo_VZOqh40rwf3zfF9968uTFN94iHlO6ef1uPpVJ0rVl3ai9clhHXma2dvVRznbpzvHZZRi3_eG1UOjN81fX8unOs9pZgfb3WcFzHcR23dlIaEerR2pKFjO923XrXqfuNutv0MTL_rW1ahaVV8OEeeQqSF0_8GV6BZAtEg-9OCNtPdPzym4NU0UQbDPn2u1E_0lmEwUEamgrCaHt1G9oWhHxWhY62Vx1AD-dlBwhkQarPPkAQba9kIhje2lcaKIgIAX8c2XABoRaQdAGmr0PyXwnAOM6eQzTYOqtNRjf3WVqyBTn86CFkVpDDD55GNPh2XclR7aJWaSJ1ZDEKc8jRArK3QJwukIwrkNkOWPIhJP-FrD06g2gwP2eVhuT5snsZLkBtBWl5ZAVpWEEaVzDguzXf6fjMpV4r7HLWdnzq-1wETrfTcBzaZW2krJQ1QRJPwNQEzNzYfT5Sggke-F6LMrfFQ6_jtju82fR5p81F6DvtoHHnSrPru57rXt2K-UbSH84Tk4p5GjE7dW_vQ353CW6VoN-dunfT92LVaDW9dsPxpi5icw19-XFBKod-h0nvwW7ksLwKmxSk8s41DHmOTBBkliCjBJkkyBKCbJjf4so2bL7FlU0DdxUbq-jlM530pvSWTnoiIqBmAsPzuYw_sNfBkkOzcWj5TJeOBkk-owHPp_EeebJ8o8qnfz1EX-zW_m8GsDKHtNXl-MeyIKdfWSCWBTn20nMI6A6s2gGTz4CmLmiWg27kGEffhGFfxtTWB5t1ycF1jjg5jGSzMlV75OjswqX1e8tdufrbAoLdJysDMzlik-N9-RNBT92cXdAZmV_QmSXfn4sTOZBjWu7RxYQm4rGvTovNTBt-6oSd3HmdlUSZ3r0kbHKGRlxGPUu-XpecC3NSGybID6fsZRGcT-3GemqiND5z_o2TpwaxEdZKHS1AZUGO_P0RmCzI0R-_XP6R5ot_gMXXYOMDnVYTBHEFShIocYDTIIf9Vx0c5FN7Ez1TBU2uIxrkGJocQ5WDqglsemSWxOb-az9_XtoXCFR1FihTnQfKqE-WcyrdPVi5Wws90WCO02m3XK8TCtfzOQubHb_LW9TxPIHEFrI5vf1PAAAA__-WymtNywQAAA== HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ea1c57dbb4b73acd1d2826322cf25944\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":652,"timings":{"blocked":272,"dns":2,"connect":92,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/sw-check-permissions.js?zoneId=9716024\u0026tg=1","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /sw-check-permissions.js?zoneId=9716024\u0026tg=1 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Fri, 05 Dec 2025 10:31:21 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncontent-type: text/javascript\r\nage: 27\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xxyeuiMA5SC3AsR4TN1kdDDXUev%2FPSEByQBOQkHDr%2BOgyAAkq0Kv7Vost22rYAeS%2BoiJyRW9pjUlTNLDFGNyERRL8Yq176BGJuzM\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\ncf-ray: 9aa529da0d38b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":564,"size_decoded":0,"mime_type":"text/javascript","magic":"Java source, ASCII text","md5":"dbd3b354415b02fa59e522449fb4c034","sha1":"3d9d7d2b18c0dc48068af2b00259a778e1160edd","sha256":"cf694432454d60f0ef71b281ed06e83e1dc9f9b265bb0c4ac69b3c1605bd5090","sha512":"a18d1ce736d2af9f3e39a7b5d4af6d071287259c684e33f665db388bb6e3b4b811760c32705346decba28196e38aa87c55ea970cfd027964e39ec6c568f2ba98","ssdeep":"","tlshash":"70f046da8da2592902e3314d081f5902b42b83072b0db99479ac43749f08b2ea6d7588","first_seen":"2025-12-07T15:47:42.702367Z","last_seen":"2026-01-16T15:48:16.01807Z","times_seen":5,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9895350","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"GET /pfe/current/tag.min.js?z=9895350 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 14:31:18 GMT\r\netag: W/\"6929b236-72ee\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (29422), with no line terminators","md5":"7817cc2350b18efbae774f3595109b1e","sha1":"7fb17d4f7f1a3d7ad5a09f74d59a74d6745f1de1","sha256":"d2a5798ac99c3380e218d787f9f5ac823b8c12ce5187a4b54bb714eaa9b1b19a","sha512":"18855f0f2f5fde0d09d2de8e3a1e1da5487b3f5c392f79cfc914956256ddff6541fbe85887fc4e0fd9afc24f12031d10a70675c4f1554e3fe252f4dc683c9324","ssdeep":"768:miA8yco532XzPyngylPx7yAFyl87KZcTeedpnb35PZ7yoVkG+Szs9G5NsKsoTcy:s6IZ7yAu8ftoksK/cy","tlshash":"64d2b8513ebb689127d567c3d07fd06a93a6d60434aff5e3a50d658228620c6cbb3e23","first_seen":"2025-11-28T16:11:53.152821Z","last_seen":"2025-12-09T15:44:25.300973Z","times_seen":47,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":99,"dns":1,"connect":30,"send":0,"wait":34,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"quge5.com/88/tag.min.js","fqdn":"quge5.com","domain":"quge5.com","tld":"com"},"ip":{"addr":"139.45.197.114","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"quge5.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 05:33:52 GMT","end":"Mon, 19 Jan 2026 05:33:51 GMT"},"fingerprint":{"sha1":"16:5B:0E:CF:8A:8E:B6:EB:7A:9F:6A:73:F0:CE:30:2B:5D:BA:B4:F9","sha256":"2B:7C:A1:7C:CB:78:44:3E:92:41:63:7D:48:69:90:58:90:0C:69:9C:7B:B1:7A:DF:56:4F:CA:67:D6:34:30:23"}}},"request":{"raw":"GET /88/tag.min.js HTTP/1.1\r\nHost: quge5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: cfed28b9a3a1854d0ae679d5e9960578\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115823,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65494)","md5":"5284130c6e5b4953d6eedca8452a9f27","sha1":"468dc194649ed01b7b24241383bf5f83a53e905e","sha256":"a61dec0a29034657f4679fc50316ed58b70823b2d8863b96d6fb1200bee98134","sha512":"157722866484908994c7d999b029250494f6081455b5cf8d52f09b95d19df9b9a66cdc49c8a4a60a6571f7631640ed4f394eed386f348ba967b3d1080621c47f","ssdeep":"3072:23dAhRf69rk3oRBpmGpq0SiSHN7TcGtgoouq:23dAIIoRBpmOSiSt7oG3ouq","tlshash":"f6b32bd67266746a166e502444a7ec0db5be8c81008dcdb8f0a5bcb22d74f12d3e7fe9","first_seen":"2025-12-05T13:38:22.911134Z","last_seen":"2025-12-08T04:45:03.050693Z","times_seen":19,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":87,"dns":1,"connect":30,"send":0,"wait":67,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 22 Oct 2025 06:18:58 GMT","end":"Tue, 20 Jan 2026 07:18:54 GMT"},"fingerprint":{"sha1":"C7:F8:82:22:3E:BC:9D:F4:7B:0A:EF:A0:EE:C2:C2:D1:34:7E:55:1D","sha256":"EA:85:37:F0:6A:CB:4D:61:4B:3D:2C:58:4B:FF:E5:CE:3C:33:94:71:D8:11:77:5A:C1:99:2F:94:1F:D2:FD:F1"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9aa529d54c07b4ff-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":45,"dns":4,"connect":4,"send":0,"wait":13,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"122da.com/5/9895346/?oo=1\u0026js_build=iclick-v1.1649.0\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0","fqdn":"122da.com","domain":"122da.com","tld":"com"},"ip":{"addr":"139.45.196.63","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"122da.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 19:41:16 GMT","end":"Wed, 18 Feb 2026 19:41:15 GMT"},"fingerprint":{"sha1":"B6:69:3B:64:AA:33:38:EB:0B:E8:79:15:0C:1A:ED:85:C2:38:7A:C0","sha256":"AE:AF:19:D8:6A:53:82:E1:B1:E2:03:4C:26:2A:0B:D7:F9:02:9C:76:2E:FD:2C:2B:E6:42:F6:8E:5F:70:2D:45"}}},"request":{"raw":"POST /5/9895346/?oo=1\u0026js_build=iclick-v1.1649.0\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: 122da.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2566\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2566,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBKAFsDQwYCHR9EBx1SGx8UCBJbUlcvXRoYG01IHBsCFlRfGxtHTBVGQ1hZQE8eWwNQWFZbXhYZBRUDAgZIUFVKAgtPS0MIU1JeR1BDBwUVAwIGSFBVSgIaGlNJFUMdF0lIBEJPXkERDEpIWx8TARpTSRVDGQ8DUA5fXQUNHxQJDFtSRFIKXVUbEh1MUUMGVl0bG0BXDUZDWUdaCEVbTRI1Cg4GUQ0ZUl0RDEpIWwIGF1lLQxssBRQCHlgPQgIXAxZSMxAGEQ1PGll3NUpfW1wEVU1gUF0ATl9ZEENWA0kLT1tbXV9cBEdNcFxQXRVLS1hEUghYSQhBLAcZF1IBFRgIAAJUVFtEVwxIS0MITUgeD1AOTARZTVZEFAUVRQUGXkQPUAQdCxlIXR09fgJaWA4BCwYUDhUZHV9MHAcOBVEcV15KY39BDRccEBBWCBUUEQ4IRgRdCxpSSwlfCTQwUxwMTAwLVwAGQxsWUkMbXlxEUwheEBslKwMAF00EGAAKHhkeCVEURV8fExwaTwtLOTACQ0ZMAxtYTFcGFRFDEwBbUhsXVAVVGwUYCElIFkxBFUlfFEBGERwBEktTVhYHDAUCAlUdQ1pAHV8eS1tEVwxfS0MJTUgaEVAOTDhjehEaWAobSk9TFEsXWBFIVEklXQBeBRsfFAoQW1JFThoMD1gNSFRYRRhMBVQbCQJCSFsMGEACREgVQxgaH1AOQ1wbG1BeJQsbAldYCEVbVxZIVFpeFhkJFQNVVxYXHERXDUsKCUxDUEwnG1obFRdBCwAlUk1KWUBQAB1dBARMURRVAh5SFRFVEjsWCh89UQcdXBlIVEZDGEwaXldsXR8dCjcZB1YODVFDUFxZRRhMDlhVXEQlABwYAQoaU0sNTUgYDhxQAR8VAxEUVkYeCRgHSAgdSkNQXkdQWgJPDRtWWFcxKkpZQFYFChtbSAsFX2E9QVJXERpYBxYEGhBnDhhUFB5MUVBHHApVGx8UCgIVSk9AGkVbWg0eTFEJSUJPXUpDFEBVVUoFDExLQwlNSB4FAFdMVwcVEUYWBQ0OGhBVNh1cFQ8NHx1GTFdMG1pFJQUXDAcNUQ1bAwcLAhgXGEwERGZHRBMAHAYBQAIPGFUSD0JJG0cxDl9LXFsTERQ3TVRnBgtmDw8ZDgAWVAtWVUBTVkYQGyoBUBsWVAgfA0lIUg8BRFwfFBMXJg0RBV1LQ18ABh0OXhYHHmheVlURC1tSARBNDFUbCBkxHBdWMQZeTREMHAUVGxBOGgAKZhYPDDQZXRoyAQkFaRUWJgYQFV0bWwMHCwIYFxhMBERmV1MJDw0HBT1LCB9YEwNMURRVAh5SFRFfCTsaAAcNVQAMVD4FHg4AVUxXUVhfRR8ZVUobB0tLQxtTXFpcRQNZWgQIERpYBxUBEAxMNhBdQ1BMHhxfAAJAVxEaWAUfDhwOUQgNXD4DCklIFkxBFU1BVxwCEAsqEVccC1oENQcPUA5MTxsbUlIMAQscHBFdGyZQBUhUSVAYTA5WVENXEwMXNxwGGlNbG01IDR4BQAEAaFBXaUtGQ0pXThoKDEoVBQM0G1AxXxUDERRWRhoEHAFTNhBdQ1BMSV4WDQJETREMWEZVShgHTAEWXUNQTAEBQA8KFRURRCUREAxXWBpLVRsOCzECFhZUTxUVEVceABAcHA1WCBVmCA4dSUhvMxA=\",\"async\":\"TBtbXx4AHAYqC14bGFQESFRbXhYMDEMbCU1YDQo3FwNMS0MJTUgNAxNGCQRZXhEMSkhbCx0DSg4QVwY1GgIfUUxXBxURUhMXGgAUEF8AF14+HgcGFxZUXRsbX1MMARVKT1JFRVtRCAQaGFAOFRAbG1BaEwEXHCoLXEtDGxQEBQUdQwBPGxtSUBwNFQEUFl02EF1DUExJXhYaH1ZfVV8ZOwoHABBbDCZQBUhUSVAYTAxTT1ZEDg0KDQc9UQ1bA0NIQkkRVQMdVlBUWCUNHUpPQBpFW1oUGRoEH2sHCWgIEQxYRlVKFhdLHRZUPgMKNEAWVE8VFRFVFg0aAyoLXEtDG0NGTAgdRxpPDRsRGlgJHBwdDVxLQxsLGRoKFRZCT0VmRl8eRkNKV04aBhhmCA5MUVAWQk9WXVdfDg0WBhQOZwAdSkNQNTYP\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://ffkipas.my.id/\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":0,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":88,"dns":0,"connect":26,"send":0,"wait":30,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:48.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 968\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":968,"data":"{\"code\":\"custom\",\"zone_id\":9895350,\"sw_version\":\"3.1.642\",\"pub_zone_id\":9895350,\"trace_id\":\"78dc8626-cb3d-4e43-8d26-37233a7409ae\",\"oaid\":\"e955225269bf4acfb3e508a49cbcd1d6\",\"ip\":\"91.90.42.154\",\"geo\":\"no\",\"location\":\"https://ffkipas.my.id/\",\"domain\":\"ffkipas.my.id\",\"install_ctx\":{\"country_code\":\"no\"},\"pub\":0,\"installer_type\":\"standalone\",\"event_type\":\"push_unsupported\",\"timeOrigin\":2980,\"previousEvents\":[{\"ts\":1765122468094,\"event\":\"hit_page\",\"event_data\":{\"installer_type\":\"universal\",\"timeOrigin\":2973}},{\"ts\":1765122468094,\"event\":\"page_loaded\",\"event_data\":{\"timing\":{\"connectEnd\":58,\"connectStart\":35,\"domComplete\":1718,\"domContentLoadedEventEnd\":1609,\"domContentLoadedEventStart\":1604,\"domInteractive\":1596,\"domLoading\":806,\"domainLookupEnd\":35,\"domainLookupStart\":34,\"fetchStart\":33,\"loadEventEnd\":1718,\"loadEventStart\":1718,\"requestStart\":58,\"responseEnd\":906,\"responseStart\":704,\"secureConnectionStart\":38},\"installer_type\":\"universal\",\"timeOrigin\":2974}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"60940087b4c8953adce6634e0018605b","sha1":"7d1224d6171c135c1964595b5632c8d5f9bf2852","sha256":"f41ed1e2e8d61444dc043d06fcb2dd4770b73e535d80bdb871d4a1b87f777371","sha512":"91add1ebac6a608caa9cbc4bf2edbbefdeae337c73493380f304229d8524524638128fd82599feedeac681da33c4b28ee7cace1f7f1209906508e06d2d6e464a","ssdeep":"","tlshash":"b4a0245030c4050041d535031d5ccd04477c05f30f55405ccccdfc11533100447413c3","first_seen":"2025-12-07T15:48:18.438699Z","last_seen":"2025-12-07T15:48:18.438699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 358\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":358,"data":"{\"timeOrigin\":921,\"code\":\"custom\",\"zone_id\":9716024,\"sw_version\":\"3.1.642\",\"trace_id\":\"3f90af1c-43c2-4edf-a373-ba7648ca514d\",\"location\":\"https://ffkipas.my.id/verifyuid\",\"domain\":\"ffkipas.my.id\",\"pub\":0,\"installer_type\":\"micro\",\"event_type\":\"before_prerequest\",\"previousEvents\":[{\"ts\":1765122471735,\"event\":\"init_micro_tag\",\"event_data\":{\"timeOrigin\":915}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"quge5.com/88/tag.min.js","fqdn":"quge5.com","domain":"quge5.com","tld":"com"},"ip":{"addr":"139.45.197.114","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"quge5.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 05:33:52 GMT","end":"Mon, 19 Jan 2026 05:33:51 GMT"},"fingerprint":{"sha1":"16:5B:0E:CF:8A:8E:B6:EB:7A:9F:6A:73:F0:CE:30:2B:5D:BA:B4:F9","sha256":"2B:7C:A1:7C:CB:78:44:3E:92:41:63:7D:48:69:90:58:90:0C:69:9C:7B:B1:7A:DF:56:4F:CA:67:D6:34:30:23"}}},"request":{"raw":"GET /88/tag.min.js HTTP/1.1\r\nHost: quge5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 62f2af4cbced591eb63df15de425a96b\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115823,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65494)","md5":"5284130c6e5b4953d6eedca8452a9f27","sha1":"468dc194649ed01b7b24241383bf5f83a53e905e","sha256":"a61dec0a29034657f4679fc50316ed58b70823b2d8863b96d6fb1200bee98134","sha512":"157722866484908994c7d999b029250494f6081455b5cf8d52f09b95d19df9b9a66cdc49c8a4a60a6571f7631640ed4f394eed386f348ba967b3d1080621c47f","ssdeep":"3072:23dAhRf69rk3oRBpmGpq0SiSHN7TcGtgoouq:23dAIIoRBpmOSiSt7oG3ouq","tlshash":"f6b32bd67266746a166e502444a7ec0db5be8c81008dcdb8f0a5bcb22d74f12d3e7fe9","first_seen":"2025-12-05T13:38:22.911134Z","last_seen":"2025-12-08T04:45:03.050693Z","times_seen":19,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 22 Oct 2025 06:18:58 GMT","end":"Tue, 20 Jan 2026 07:18:54 GMT"},"fingerprint":{"sha1":"C7:F8:82:22:3E:BC:9D:F4:7B:0A:EF:A0:EE:C2:C2:D1:34:7E:55:1D","sha256":"EA:85:37:F0:6A:CB:4D:61:4B:3D:2C:58:4B:FF:E5:CE:3C:33:94:71:D8:11:77:5A:C1:99:2F:94:1F:D2:FD:F1"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9aa529f78ae3b4ff-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-05T11:31:39.74295Z","times_seen":330379,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6opo.com/wrr?z=9895346\u0026p_rid=88d14b94-1f8f-461f-9799-83ed904508e0\u0026rb=CrbJQoe0MGFrYcop4mlH-Y86Adta2xP6o0neB4yFkLM15FOwnfkopCkCTLjstw22XxRHbrrNu6f2VrcRC67CwzKx6xA1L1c7V3QehxWbbbORzwUR3C2YKSTpBjTPVKE9c62TRY_8MsftWAeKwVXoROJjqk-61y-V17Sp3Vura7REIETikl64kwG9Z7Ui8aV7k_dRPKuxSoAjnqRr5IPNu7aQ-VJvLNCxzkpopRFj_q9dY_AUUxMzMInbz5DZp_ii99FdGlG51xfSmD6qF-gvdMuJ3bwywqf0qwYm1w2p_2hyH9-o\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9","fqdn":"6opo.com","domain":"6opo.com","tld":"com"},"ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"6opo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 23:08:12 GMT","end":"Thu, 01 Jan 2026 23:08:11 GMT"},"fingerprint":{"sha1":"12:6F:03:3B:FC:49:A3:E1:60:52:64:59:B1:4F:E7:2D:91:98:E1:BB","sha256":"0C:C0:88:D7:18:66:94:1D:10:EB:04:76:F9:82:7D:86:D9:84:E2:65:9D:D8:12:8D:C2:DC:16:34:BD:40:24:9D"}}},"request":{"raw":"POST /wrr?z=9895346\u0026p_rid=88d14b94-1f8f-461f-9799-83ed904508e0\u0026rb=CrbJQoe0MGFrYcop4mlH-Y86Adta2xP6o0neB4yFkLM15FOwnfkopCkCTLjstw22XxRHbrrNu6f2VrcRC67CwzKx6xA1L1c7V3QehxWbbbORzwUR3C2YKSTpBjTPVKE9c62TRY_8MsftWAeKwVXoROJjqk-61y-V17Sp3Vura7REIETikl64kwG9Z7Ui8aV7k_dRPKuxSoAjnqRr5IPNu7aQ-VJvLNCxzkpopRFj_q9dY_AUUxMzMInbz5DZp_ii99FdGlG51xfSmD6qF-gvdMuJ3bwywqf0qwYm1w2p_2hyH9-o\u0026dmn=\u0026userId=0802986dc3b24e40fbfaef6bcbac55d9 HTTP/1.1\r\nHost: 6opo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\ncontent-type: application/json\r\nContent-Length: 2637\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2637,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBKAFsDQwYCHR9EBx1SGx8UCBJbUlcvXRoYG01IHBsCFlReGxtHTBVGQ1hZQE8eWwNQWFZbXhYZBRUDAgZIUFVKAgtPS0MIU1JeR1BDBwUVAwIGSFBVSgIaGlNJFUMdF0lIBEJPXkERDEpIWx8TARpTSRVDGQ8DUA5fXQUNHxQJDFtSRFIKXVUbEh1MUUMGVl0bG0BXDUZDWUdaCEVbTRI1Cg4GUQ0ZUl0RDEpIWwIGF1lLQxssBRQCHlgPQgIXAxZSMxAGEQ1PGll3NUpfW1wEVU1gUF0ATl9ZEENWA0kLT1tbXV9cBEdNcFxQXRVLS1hEUghYSQhBLAcZF1IBFRgIAAJUVFtEVwxIS0MITUgeD1AOTARZTVZEFAUVRQUGXkQPUAQdCxlIXR09fgJaWA4BCwYUDhUZHV9MHAcOBVEcV15KY39BDRccEBBWCBUUEQ4IRgRdCxpSSwlfCTQwUxwMTAwLVwAGQxsWUkMbXlxEUwheEBslKwMAF00EGAAKHhkeCVEURV8fExwaTwtLOTACQ0ZMAxtYTFcGFRFDEwBbUhsXVAVVGwUYCElIFgYZQ0lADFVLHw4eC0gIChcME0ACFhtMQRVJXxRARhEcARJLU1YWBwwFAgJVHUNaQB1fHksPDQcLXhAMUAVIQkkcU0xXBxURQgBGQ0ogNntLVRsPCExRQxhMA1ZJEQxYMxAGRlAaRVtJFUhUW14WCxtWVREMSVNVSh0BGlNNAU1ICgZQDkNcGxtBQg5GQ0VEThoKEWYOCARJSARCT1lOEQxLSFsfEUACDxhVEg9CSR1HDR1CGwkUNg0XHQ1CQFFPZldeTEdQXAcJU1xdFEACGAQGBxRLGlE+BQwBLV0ACVJBEQxXVVVKAgtWNhJcGBkxBxdaCRlfGwkESFNVShYNVAYLZgUPHh8aFlRfAxURQB8KHQcHQAJLWxVDDQ8GF0QPCUQbCQZWRhcEV1gaDBcUNDlMR1BaAh4VAxFTFEksO1kHVktVGwIFAgQAawkMWkxHFEBGChoSABpFW0kHBkxRUBZCT1RVRxRAHwREVwhLGVsDUEZMGxxATFcHFRFGFBYaSk9SFEsJVQAeCAQAWTEJUk1WVQ4LC0pPGRoACmYABAoZHV0KTw1fUloJAVVKHBFnHQtQBQ8AH1AOCAxbSlYaWA0KNxYKSgYUUBQHMVNEawEfaFdWQR8WW1ITA1QaHBVDAx00EVwcAlpQRltYXh8JGRFdRVtQEjULDxVRTFdRWF9FH0hbAQY9XwwaUg5IVB8AQQtBFVBAaQ0BGzceC0xLQ18ABh0OXhYHHmhOVlQlDxAcKlQIXyZWEzUADgVRHE8NX1JaCQFVShwRZw0cSgoeARstRw8LVktaFEACGAQGBxRLEEo+CQYZHVkHGFpmXEYfFhhKTwRZBQpcHEZMBRdHTFcVCwUCTVNOX0JRCUtVGwIGBw4cQDEEUxsJFA8KEgYaFVZLVRsADAgCHl0PGVJmWlJYXltKWUBMGxhfBwMNNAFbGx9UXGxfHkZDSldOGggdTwQYGgIBURwyXl0RDFhGVUoWA1UZGFAGBDECFhZUTxUVEVUPFw0HGD1RDSYIQ1BMSV4WDRhETVxbJQ0dN0dAAktbFUMJAgIRXzEEUxsJFFhIWwsaEUxLQxtDRkwGF0AGAlMbCRQQFw0JEkAUSwtmFAMKSUgWTEEVVlJpEwBbUldAFEsYXQUDGgIdWg8BaFBXRVheIjUI\",\"async\":\"TBtbXx4AHAYqC14bGFQESFRbXhYMDEMbCU1YDQo3FwNMS0MJTUgNAxNGCQRZXhEMSkhbCx0DSg4QVwY1GgIfUUxXBxURUhMXGgAUEF8AF14+HgcGFxZUXRsbX1MMARVKT1JFRVtRCAQaGFAOFRAbG1BaEwEXHCoLXEtDGxQEBQUdQwBPGxtSUBwNFQEUFl02EF1DUExJXhYaH1ZfVV8ZOwoHABBbDCZQBUhUSVAYTAxTT1ZEDg0KDQc9UQ1bA0NIQkkRVQMdVlBUWCUNHUpPQBpFW1oUGRoEH2sHCWgIEQxYRlVKFhdLHRZUPgMKNEAWVE8VFRFVFg0aAyoLXEtDG0NGTAgdRxpPDRsRGlgJHBwdDVxLQxsLGRoKFRZCT0VmRl8eRkNKV04aBhhmCA5MUVAWQk9WXVdfDg0WBhQOZwAdSkNQNTYP\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://ffkipas.my.id/verifyuid\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":0,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://ffkipas.my.id/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a2c6c77dde0f47e335c307a84b4f8205\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=15","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:54.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a2c6c77dde0f47e335c307a84b4f8205\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=15 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:55 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 0\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c02c2d159469db77e0ddc02d6875189f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":724,"timings":{"blocked":312,"dns":1,"connect":91,"send":0,"wait":99,"receive":1,"ssl":205},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"067kk.com/500/9895347?excludes=22954946\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"067kk.com","domain":"067kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"067kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:44:13 GMT","end":"Tue, 17 Feb 2026 10:44:12 GMT"},"fingerprint":{"sha1":"45:EE:26:70:10:D7:95:CA:56:73:B1:50:1E:20:7C:F2:03:2E:BA:9B","sha256":"C2:E3:12:F6:02:1E:57:20:4F:4D:EA:6F:1B:B2:7F:8F:B9:CF:27:B9:B0:A1:3E:5F:CA:5A:7E:E6:CB:D6:69:D3"}}},"request":{"raw":"GET /500/9895347?excludes=22954946\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 067kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 347486d8f6d52ade391ec1336d641093\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:47:55 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1949,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"79d49549bc484efef4c1f3e7315a772a","sha1":"1ce469beac59b84bf1e1cffe46e3220375d6d9c3","sha256":"10697dc01a248ebe6abe53879895bd7d6696364cf6bca1aa88f60ae1d01bb3fe","sha512":"e5739455fbafd64e7927f1bf783dfbe4349eae4a0a08bb9ef052b1303c6053b85fcd04900eabb347a75114aa011cf288d6d716bedb6ab91bd10e570a81cf5099","ssdeep":"","tlshash":"b341088a33cbe32a0bf04083e8750c5db4e2202f1598a764d84efead074e1014cf639a","first_seen":"2025-12-07T15:48:18.457561Z","last_seen":"2025-12-07T15:48:18.457561Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:56.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 02 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402921\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T11:47:09.583507Z","times_seen":716548,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":79,"dns":1,"connect":14,"send":0,"wait":15,"receive":21,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"responseremainrust.com/ntv.json?key=edb436ac16df38178d554d87def407b2\u0026vstc=2\u0026rb=","fqdn":"responseremainrust.com","domain":"responseremainrust.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"responseremainrust.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 11:58:04 GMT","end":"Sun, 22 Feb 2026 11:58:03 GMT"},"fingerprint":{"sha1":"2A:74:BD:69:38:6D:55:D6:A5:D0:58:76:7D:6F:5C:5D:22:A4:99:18","sha256":"3C:90:0A:4B:CD:24:41:B0:1A:FA:18:30:34:A9:AD:CC:E9:20:26:55:44:AE:B1:79:17:80:3F:B6:B9:4A:20:6C"}}},"request":{"raw":"GET /ntv.json?key=edb436ac16df38178d554d87def407b2\u0026vstc=2\u0026rb= HTTP/1.1\r\nHost: responseremainrust.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26537203=1; nlecedb436ac16df38178d554d87def407b2=[5941311]\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: application/json\r\nContent-Length: 6303\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uncs=2; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\nuncs49=2; expires=Mon, 08 Dec 2025 15:47:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 9\r\nHost: responseremainrust.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8df8e42f9af2e971e7c602e5c904aeb6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8212,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fa8e34ced17d2c530284a511e3948aff","sha1":"2ee486be52dfbb02fd86b10db8429d6f4edd3709","sha256":"da5eb2dd5c6e56f248b4b93fa51952fe02c86adc7fd4a787867a9efb5f6485fd","sha512":"57b6f9d62579fc202bb3f39a8b7bf6cb77ec39b0d57c8026efb09439f04f6a9929453ea279593603b488d84e66702dad36074c55b3153ca34dfad4c470b23c38","ssdeep":"192:Ave61G8KpwavaqO4nSO5s646FbiJYzKzEBwWFbe:Aveu9CaqxSO5s64ysYKJ2be","tlshash":"3e027de1050d929f0625ee8e0ffb387f1c1a704be481bc76e4b8fe412c055a35b22a16","first_seen":"2025-12-07T15:48:18.458366Z","last_seen":"2025-12-07T15:48:18.458366Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"responseremainrust.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 24 Nov 2025 05:08:19 GMT","end":"Sun, 22 Feb 2026 05:08:18 GMT"},"fingerprint":{"sha1":"EF:AC:DB:BB:24:F1:7B:72:D3:0C:E3:26:53:60:D2:D0:DD:A9:B4:4D","sha256":"9D:09:C2:43:F6:4A:FE:AD:33:EE:71:F9:8C:70:95:03:6C:81:C2:C6:17:6B:AE:F4:55:73:6A:F4:E9:A0:32:EE"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=677","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=677 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nCookie: uid_id2=83c6cca2-5f47-4ebb-b12d-f78b3ec45ada:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26535179=1; sleca2c6c77dde0f47e335c307a84b4f8205=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:55 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":114,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/cdn-cgi/rum?","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 1013\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1013,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1526,\"startTime\":1765122465121,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"ce6cfc23-31b7-4942-86ed-08a5b84e48f7\",\"location\":\"https://ffkipas.my.id/\",\"nt\":\"navigate\",\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":1597,\"domContentLoadedEventStart\":1606,\"domContentLoadedEventEnd\":1610,\"domComplete\":1719,\"loadEventStart\":1719,\"loadEventEnd\":1720,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":34,\"domainLookupStart\":35,\"domainLookupEnd\":36,\"connectStart\":36,\"connectEnd\":58,\"secureConnectionStart\":40,\"requestStart\":58,\"responseStart\":705,\"responseEnd\":705,\"transferSize\":5089,\"encodedBodySize\":4259,\"decodedBodySize\":16300,\"name\":\"https://ffkipas.my.id/\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":1720},\"siteToken\":\"9821d538e60847f4ba622d85dc6586d2\",\"st\":2}"}},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nstrict-transport-security: max-age=0; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FcQBwi5rt14bscsmip9oR%2BHKziNqhwcaRpMkE0FMKYt4NhUeRA%2BQww24HJpcTczln8fNMwExdc%2Bw1xnBMOPy5JUaRWN0ofmeXojp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9aa529da0d39b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6opo.com/88/171903","fqdn":"6opo.com","domain":"6opo.com","tld":"com"},"ip":{"addr":"139.45.197.246","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"6opo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Oct 2025 23:08:12 GMT","end":"Thu, 01 Jan 2026 23:08:11 GMT"},"fingerprint":{"sha1":"12:6F:03:3B:FC:49:A3:E1:60:52:64:59:B1:4F:E7:2D:91:98:E1:BB","sha256":"0C:C0:88:D7:18:66:94:1D:10:EB:04:76:F9:82:7D:86:D9:84:E2:65:9D:D8:12:8D:C2:DC:16:34:BD:40:24:9D"}}},"request":{"raw":"GET /88/171903 HTTP/1.1\r\nHost: 6opo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4095,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4419ce5f2cd367e8b04dbd8e4ac58808","sha1":"20997ef523c0c3fff0130de4d69d41c4bf1dfd45","sha256":"7b55b13ceb83ce15a87fcc27237c9075cf12df7e49a96a07c77711239d954e62","sha512":"55bef75190ad748d92334098df8cb326cb19b245bb34ff9edf1d84bbe2d44dddc37c9ac9b33c0ddcfc1282d910967add11cb510347bec07eaf50f5756a2884fa","ssdeep":"","tlshash":"b081a55ed94d2e7fd50351dfdc2a28134bbc15673a84bc8ac5d82c8c22cb1e853a8b0b","first_seen":"2025-12-07T15:48:18.459235Z","last_seen":"2025-12-07T15:48:18.459235Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3nbf4.com/event","fqdn":"3nbf4.com","domain":"3nbf4.com","tld":"com"},"ip":{"addr":"139.45.197.121","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:51.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3nbf4.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 11:29:15 GMT","end":"Tue, 06 Jan 2026 11:29:14 GMT"},"fingerprint":{"sha1":"B8:5C:B5:E8:90:27:1D:FD:CA:8A:71:AA:01:26:28:02:27:BE:4F:8F","sha256":"03:48:D4:EE:D8:6F:8F:7D:F6:77:58:F1:71:D7:62:D8:18:E7:A2:E4:94:84:7A:E8:87:4B:51:C2:37:C3:56:AE"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: 3nbf4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ffkipas.my.id/\r\nContent-Type: application/json\r\nContent-Length: 358\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":358,"data":"{\"code\":\"error_json\",\"sw_version\":\"3.1.642\",\"error_message\":\"subscrDb_get_all_subs:, message: error-obj: {}, error-msg: A mutation operation was attempted on a database that did not allow mutations., error-name: InvalidStateError, error-code: 11, error-ctx: {}\",\"error_location\":\"https://ffkipas.my.id/verifyuid\",\"error_stack\":\"\\\"unknown\\\"\",\"timeOrigin\":920}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c037e2baa9fbab12ec2407db21790563","sha1":"022511546d5905e0219ac120aa60412bbb2fbe46","sha256":"5228b2c00fe9e8c4f5dee03b4f45a48139b8be545e2f0e4598ce94a725b2020e","sha512":"226ee8fc8fac65c60652de2e45ac01974004f3b2bc518fdc88eb1d61a48cd00918739d0a4a7a51d5f95c8c45905d9786d2f3582ac30e5eebeda9af2c1291835d","ssdeep":"","tlshash":"b3a0244101444d54004f140f7154d401043c5f135f1030d4d71ffd31100c1015547103","first_seen":"2025-12-07T15:48:18.460102Z","last_seen":"2025-12-07T15:48:18.460102Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 07 Dec 2025 15:47:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bc2b1610fdbd8b75cfe8d34ab7bd2621\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":283,"dns":0,"connect":94,"send":0,"wait":128,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"067kk.com/500/9895347?excludes=22954946\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"067kk.com","domain":"067kk.com","tld":"com"},"ip":{"addr":"139.45.197.248","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:55.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"067kk.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 10:44:13 GMT","end":"Tue, 17 Feb 2026 10:44:12 GMT"},"fingerprint":{"sha1":"45:EE:26:70:10:D7:95:CA:56:73:B1:50:1E:20:7C:F2:03:2E:BA:9B","sha256":"C2:E3:12:F6:02:1E:57:20:4F:4D:EA:6F:1B:B2:7F:8F:B9:CF:27:B9:B0:A1:3E:5F:CA:5A:7E:E6:CB:D6:69:D3"}}},"request":{"raw":"OPTIONS /500/9895347?excludes=22954946\u0026oaid=0802986dc3b24e40fbfaef6bcbac55d9\u0026tgp=\u0026of=true\u0026sw_version=v1.768.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=2\u0026pl=https%3A%2F%2Fffkipas.my.id%2Fverifyuid\u0026drf=https%3A%2F%2Fffkipas.my.id%2F\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: 067kk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ffkipas.my.id/\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 07 Dec 2025 15:47:55 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"067kk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 26 Oct 2025 15:37:01 GMT","end":"Sat, 24 Jan 2026 16:36:49 GMT"},"fingerprint":{"sha1":"84:49:FF:DC:BD:D8:BA:3D:2F:25:0B:EF:CA:E4:6D:73:79:8C:F9:7D","sha256":"AF:21:94:4D:14:07:CF:FC:E5:3C:3C:F4:AC:47:9E:83:98:6A:62:87:FB:8C:27:43:25:FB:97:CC:47:15:99:4A"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ffkipas.my.id\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://ffkipas.my.id\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0802986dc3b24e40fbfaef6bcbac55d9; expires=Mon, 07 Dec 2026 15:47:46 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9aa529da1c3c2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6f2de031a56c4799ff9a08d6878c8115","sha1":"3d6b0bff8e909055832c2656587b81035225c04f","sha256":"4b3e13ddce818f7d1c875301d3d948398f68ea7eb04c10102b63182fa2006fc2","sha512":"14bda72ca243a4a7684781238bb349d0703ccc78c6d68815743af7c4266d48b4e27d74982b9a453763e27b3e3432e3a148ec85bcb2f87faeb196cd22d35abacf","ssdeep":"","tlshash":"27a00284049c0dc945941d26de8bf791c24680555857b358c1edd983f1ce95d9b89a44","first_seen":"2025-12-07T15:48:18.461587Z","last_seen":"2025-12-07T15:48:18.461587Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":8,"dns":1,"connect":1,"send":0,"wait":31,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9895349","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"172.67.223.75","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"glempirteechacm.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Nov 2025 12:45:49 GMT","end":"Fri, 06 Feb 2026 13:44:19 GMT"},"fingerprint":{"sha1":"67:E0:53:17:21:20:D0:BD:1B:BC:43:82:F7:94:B6:8C:F5:0D:AF:0D","sha256":"D6:94:5F:77:E7:2C:B8:33:7F:E2:CC:9A:BF:8D:18:5F:08:1C:3B:82:84:A5:67:C8:71:12:E7:24:1F:BC:09:E8"}}},"request":{"raw":"GET /401/9895349 HTTP/1.1\r\nHost: glempirteechacm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V5ItApjusnVdXdqqDmc92bkBUUfzEP8IHCD36UYYU4XOW4NpFwPnNqLJfzHGr1dAWWYT0cgGoLtClhE7GGU3NdErx%2BoVjlgDAnQQ%2BKYRgtDLG78%3D\"}]}\r\ncf-ray: 9aa529da6af7783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":167001,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f084c294003f6ab0861f97c56ea7f49","sha1":"d6f2e8597880b3b887559a9ba2a0c483a5a18ddc","sha256":"623ba969515db64159446cd27e4da257daac0c8d6d32f685a52fb863159356d3","sha512":"749d39e1eb122113c065d3298fb2065e7263cb8667794f0f9ecfb235c402b6dcf35add1e77fec003ea0c049f99cfda1a3762cec29b6c2a8ab12a960b3659cbac","ssdeep":"3072:A7zKGhsQ72zBOnEk4r0rNN3RecbVRTlQAOTSwGxq6/2DRaTIJSKjuEOVEABn:/IBCcpySwZ6/2DRaMsKCZbBn","tlshash":"e5f3fac9769174562963b430122fae5f792b8e30548e8d18e1a5f4e53f3844b93a3efc","first_seen":"2025-11-28T16:11:53.055324Z","last_seen":"2025-12-11T12:23:25.693667Z","times_seen":30,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":28,"dns":0,"connect":1,"send":0,"wait":47,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 07:09:58 GMT","end":"Sat, 21 Feb 2026 08:09:55 GMT"},"fingerprint":{"sha1":"B5:C9:29:A1:B9:60:7F:A7:9E:9E:63:3E:DF:4E:05:34:4B:27:D3:86","sha256":"2D:FA:43:BC:F1:83:E4:D9:E0:ED:1A:D1:C5:0E:F5:E0:77:29:F1:F1:23:2F:E3:30:7B:72:49:1E:82:5C:DB:C1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::x5l9d-1765122138875-18be64810abd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 327\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h8Q2pbUG3PlnpqXIVe6WyOio93icfOzNwBEWW6aT%2FTp4Mykd1R%2FimaxL8V2PXHrrI%2FE0K7UHnV5C%2BZf5hqRhsn4H2sEDTebxmHl1QLpCAbs%3D\"}]}\r\ncf-ray: 9aa529d4d9f85690-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":10,"dns":1,"connect":1,"send":0,"wait":16,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/pic2.png?v=1.0","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/pic2.png?v=1.0 HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 15:37:15 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 391788\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 39\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0idZD9tNk4ciI1K3OoDez3oHtymqHPNE8Zt84nAgGu3tGTjReWpaQ8nvSI5VAH0NY9GrRws1suk5ME%2B7dbTdf%2FJ9gkedilLZX2DI\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529d4fd07b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":391788,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1704x786, components 3","md5":"e6af965b7d4179527c41a90df3311755","sha1":"d91324bd3df2bb572c5399e5f2801fe2012db146","sha256":"cb9f1654a586ef7ad64489bf02b6afad59ca2b8b2b02ceaf5fd1e8bf13a56785","sha512":"c02c88dd02c420b4b4751c53477a31dd9bdc54b48ca49ae8f54d3abddec1c394b34a73ff48a75386c6d37e4e56995763fbc959144807f263c5ce3d450c35d511","ssdeep":"6144:wsi4MYj4EGbUxnjCkbscCcjVYSeSFjmq6vjpnV3hzjHhcBrnhKE:O998OXAjeSFK5vjpndFrK11","tlshash":"f584f127c809c362a55c03e8fd436d6c1a1b5b6de6da6beb10224fcfbf992050dc916d","first_seen":"2025-12-07T15:47:42.69537Z","last_seen":"2025-12-07T15:57:24.105721Z","times_seen":5,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":10,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/d6/39/0a/d6390af0b4f58d3725cd01a19abacd3a/1756661987.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:52.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/d6/39/0a/d6390af0b4f58d3725cd01a19abacd3a/1756661987.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 93518\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:39:48 GMT\r\netag: \"68b488e4-16d4e\"\r\nexpires: Tue, 09 Dec 2025 15:47:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93518,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:25:00], progressive, precision 8, 320x240, components 3","md5":"c68d4f79a76b758c2624caba8892164b","sha1":"f5fbfbc14fea8c9b05a962b395ff854517c333fe","sha256":"19e1f4a3d8aa639cc69911d4c6bc713497f0936330c1fc4539ca2dade4eeb6af","sha512":"ef6f997a9bfe1a208b4c54ba2f7d732f19348df16b73cc73a7628d190fe456aba0ec1d87993daefa127cd8f093cca3ca7cc2c49c4c4a8017f20d0c79badff1e1","ssdeep":"1536:BGfG/zbP01UpLKf55/FiVhLgNa1qiokfY89PqoPt48z:BGfGbT018L+9iVhLr1qiBw89PJJz","tlshash":"4d93f23bb6a2db21f5e4563886fbe79503b30e68ae3701503ccdb6d4b7a64c31999407","first_seen":"2025-09-02T18:13:44.321498Z","last_seen":"2026-04-05T10:55:23.344056Z","times_seen":1280,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ffkipas.my.id/verifyuid","date":"2025-12-07T15:47:57.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 07 Dec 2025 15:47:57 GMT\r\ndate: Sun, 07 Dec 2025 15:47:57 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26935,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"51e82f70d1b655f1447b6881fc12c970","sha1":"d07fb502aaf2635cd74dd1ad42d916b2bfe923c1","sha256":"9c313d568db4279e917f0ed107f57397c1e14d5e2f29667f207f31c409658440","sha512":"60b0345cf672afd26c41e56155e3fefc18e6f92e1d969f25dd33d6aa5e49c624e7017f9dc49d5f35ba2f85886546c1fcb93e7303d045618e3508bb3f0f6d1e5a","ssdeep":"768:DFSFjFGFUFB4FiLFZF1Fn8XguBSivFRa1KRzBfiiMgFK1GIBEiNnr7gr8yBOijh1:WCJiWp","tlshash":"8bc20fa1041b500057834ce223cebf34fe1f52507142d0b5abfdab6badcbc6652693ad","first_seen":"2025-11-19T00:27:59.992265Z","last_seen":"2026-02-19T18:18:33.653497Z","times_seen":1142,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ffkipas.my.id/assets/images/pic2.png","fqdn":"ffkipas.my.id","domain":"ffkipas.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ffkipas.my.id/","date":"2025-12-07T15:47:46.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffkipas.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Oct 2025 09:52:51 GMT","end":"Thu, 15 Jan 2026 10:51:42 GMT"},"fingerprint":{"sha1":"CC:F7:34:EF:C8:0D:D7:BA:61:5C:59:6F:9C:84:10:EB:B8:77:BB:8E","sha256":"E9:02:F7:94:61:0A:79:F6:92:B0:A9:74:B9:D8:C9:49:60:C7:55:60:B1:7E:1B:E1:DA:3D:7E:2B:09:2D:79:24"}}},"request":{"raw":"GET /assets/images/pic2.png HTTP/1.1\r\nHost: ffkipas.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ffkipas.my.id/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 07 Dec 2025 15:47:46 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 15:37:15 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 391788\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 40\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cR5LyNDnPH3Y2MfXFcM94xwxm0a6grTnN0TN%2FbLgzkCbg7lcqzzo1VN2aGlaVTTin02D1QCJcG31XwAlaOByCufBNEQE%2F7ZIHXUr\"}]}\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=0; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9aa529d89d2ab4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":391788,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1704x786, components 3","md5":"e6af965b7d4179527c41a90df3311755","sha1":"d91324bd3df2bb572c5399e5f2801fe2012db146","sha256":"cb9f1654a586ef7ad64489bf02b6afad59ca2b8b2b02ceaf5fd1e8bf13a56785","sha512":"c02c88dd02c420b4b4751c53477a31dd9bdc54b48ca49ae8f54d3abddec1c394b34a73ff48a75386c6d37e4e56995763fbc959144807f263c5ce3d450c35d511","ssdeep":"6144:wsi4MYj4EGbUxnjCkbscCcjVYSeSFjmq6vjpnV3hzjHhcBrnhKE:O998OXAjeSFK5vjpndFrK11","tlshash":"f584f127c809c362a55c03e8fd436d6c1a1b5b6de6da6beb10224fcfbf992050dc916d","first_seen":"2025-12-07T15:47:42.69537Z","last_seen":"2025-12-07T15:57:24.105721Z","times_seen":5,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}