{"report_id":"b34d4f6f-ef62-4e32-bd72-9bb46500a7bb","version":6,"status":"done","tags":[],"date":"2025-10-05T17:37:19Z","url":{"schema":"http","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"title":"GROK11H Official Website Presale Get Up to 200% Bonus!"},"submit":{"url":{"schema":"http","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-09T17:37:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"grok11h.top","ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-10-05T17:37:20.086424Z","last_seen":"2025-10-05T17:37:20.086424Z","alert_count":10,"request_count":11,"received_data":238690,"sent_data":4726,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-28T22:11:46.369912Z","alert_count":0,"request_count":2,"received_data":98734,"sent_data":1102,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-28T22:11:39.889585Z","alert_count":0,"request_count":1,"received_data":5740,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-09-28T22:13:25.036628Z","alert_count":0,"request_count":1,"received_data":23803,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-04T16:47:14.439769Z","times_seen":126065,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6918d960f928347f538286edbee80a91","sha1":"a28324894d4d58d98129ddcb4c14435f5c629257","sha256":"112fa07f0eed14a6d2de10109404b320de48e3378d8bb5d6a00376891731baac","sha512":"c1b88912da321a0e2ef370f9b79c7f3e7fdd1323a12a108476669cccbb29ae8f149135ec5a5f2cf5cd441240fe8b494b6256d2cede89a78fe94e432d3408285c","ssdeep":"","tlshash":"c1116d1a5ef17a33006731261ebbd205143251c75a687d78beacc1189f19b8ee5e8f98","size":1024,"data":"","first_seen":"2025-09-30T17:15:07.082301Z","last_seen":"2026-04-04T12:45:45.603178Z","times_seen":276,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/particles.js@2.0.0/particles.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6564e48cc953b8642b7c758cba09fd81","sha1":"5193a1ae0215e55c48de5deb534acb0781a3bfbd","sha256":"f368ba54ef5dc8c6613226de0e95b0a72239c33c3caec2f08c69a939ac9dbd1b","sha512":"930176f24c517cbed366421590f5ddab5443ccaa1f09f2ada62c9c851453bedbef5c0e1580402f2430100b0dae357269f58505d5d541b4dfd10dbb9f082bcba7","ssdeep":"384:WfJ//vWKyCN3yHEPepmcBzAbix29ZzHNSA:QFf289ZzHNSA","tlshash":"08a2b34d23f73e77339a72e04bece1128b70a4d2399b04b0f93c667da5255a601de6a0","size":23016,"data":"","first_seen":"2025-05-01T01:56:50.052191Z","last_seen":"2026-04-04T12:45:45.589024Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"grok11h.top/2.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /2.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11646\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"1dc2e1ed06e3c99b449e67a2c90602a7-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVNAHVMST3WC73208JH\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LSQpcLXMU280xsCWmRNEbBFOLamF31t1CcQV0WCtGfOU5EWm1UD06KLE%2BJ4KHvIN0NJWfGDPujZ%2Bbsvx9MAnpiTYbJ%2FXr3Cp6Q%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9456bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11646,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0c77454b0b212e4078cac85b3f1616f1","sha1":"924455b3b0dca72d5888cb0b7da65ab5a5352a99","sha256":"4839cefb1ead1139d03382d2cd43dfc0b43625eb99d81f3adbf63d37680a6d14","sha512":"d52cf67b6a3b68c70f2c1d8ee423b8c145f12347411e74677bd07c512397b18920cd7a1e12e1b3bf028a35d98426f92678f197300b2434ccbcc285b1e6ec87f1","ssdeep":"192:MtuEcsbpDqD5WwFZW8jON8Jp+VC9xaDUAJzkPUaAvHa22W+1rSBT6RFBCHNl:wujstqJFQUONIpwC9xCUAK3Ca2n+3BCf","tlshash":"5d329fcba38f79b085640231316f8513b56a7484f1f8d99758cf177b3ca5a39c8e14b2","first_seen":"2025-09-30T17:15:07.076567Z","last_seen":"2026-04-04T12:45:45.585203Z","times_seen":339,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/1.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /1.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3444\r\naccept-ranges: bytes\r\nage: 12434\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\netag: \"3b8f8440b2d99a8f235833e594085e21-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVJ6Q6Q253AKSSES4JP\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pKTy4MNEm2QIeRTAYKSFxX3Jwb1isAj0CsNDrTvvoyw78o6YFLAtXTvYmfcljzuj8tIAAVUQg1eLN5EZ9bZDnG%2BIHUs3UOAD5g%3D%3D\"}]}\r\ncf-ray: 989eaf2ade8e56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3444,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 225x225, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c4229ccfa2f7bd9aedbd7564a62271b3","sha1":"bc5ef0055ef56e8eb04c0b8ac041a61a94f6234b","sha256":"cde1dc1e302419749339a4070dd32b5f7009da9eef2810fe7f91887186893d0c","sha512":"08c14e435f89caf9cfe06d4a150f24e3f6a354c86e916415de3d75b29d19e246f34c7a1ed0e7d1f7db58213621b52e24101e11975c6fad7d55f3acaed580a75a","ssdeep":"","tlshash":"dd618e793682d8f9f4502be371e9b258c168b9a2ed654160e4c6d850bc8a76493ab940","first_seen":"2025-09-30T17:15:07.050786Z","last_seen":"2026-04-04T12:45:45.602307Z","times_seen":328,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/5.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /5.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2984\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"836f69b91995c0a2a7b3937b8b02ef28-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVNFHK7MDP6QG3VYRR8\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z9zTw5rtpJpUFfENiDy9AoJFK8ZFT%2BWpw%2BqG%2FiMAH9K7xpf%2FoNNU%2F4ZwMQxgMtmhjepDlND6SLkYwgfakbgGiK1ZVEIXvufCTw%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9b56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2984,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2d1617bdc152c6bbfe3cc95409655a35","sha1":"7c222b20182227583dd82c0bc31e3fbb5eeb4ddb","sha256":"d54d30af672b70a35c3ee6a34f0407abec8adc3dae40836109f2a309b2bfe594","sha512":"ac01a6d5576725ebc39e5ad40be604e168d91b8795f0cd03585b080ff88005599feb73804bae2bddaa406350f8180767f1824808ddd64e8a83267595d6fbd260","ssdeep":"","tlshash":"59512df9db30d56d478fe91ea83567b868df2843c05c95058da5d1ebd54c320d193b60","first_seen":"2025-09-30T17:15:07.055952Z","last_seen":"2026-04-04T12:45:45.594673Z","times_seen":339,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/7.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /7.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7266\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"21445621a7fdf084537f55b16c7056fa-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6EE008NBQSVJTSVHZDYJ8WE\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PNokUY9Q6BA0Iowu3g71wQ7KPKkav%2FqsARhVUAjimTVerCgzc4NJW3YfzmVNx7sklkJTDmlm8yjdzVB2oAWySxEG0nG5nkbRSA%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9e56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7266,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3b193335cb4bb7c6c0b15cca932c55f2","sha1":"bc0124752cebe2e87a26cb9bad3872084dffa98d","sha256":"de5cd14e02a35aefca76af5dbc1205b8f8df7c0b0892baca18102dc16880e6a0","sha512":"c127957415e21fa8f705d0504a9d574d12428e722316ffaf0533bc2e290ff5314fe9986c0ad79575bd7efd44e78ca680948b43a3e98482b3ce0212460d436bd6","ssdeep":"192:X4cQiL7swHNgx+TBYHQXFE59PfxXMSYqTk:XD4wtK+Tqou9Hx8SYqTk","tlshash":"cee1ae5b97c72e60974dbceffeca33536470143d0d11a3938a2b12db107668a1b91ac0","first_seen":"2025-09-30T17:15:07.079612Z","last_seen":"2026-04-04T12:45:45.586907Z","times_seen":339,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://grok11h.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:42:29 GMT\r\nexpires: Fri, 02 Oct 2026 12:42:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 276869\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-04T16:45:24.005391Z","times_seen":133262,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":69,"dns":1,"connect":8,"send":0,"wait":8,"receive":4,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/favicon.ico","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\ncontent-encoding: br\r\ncontent-type: image/vnd.microsoft.icon\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\netag: \"ac4b4f9d4c72ac1313696f5f6809a3fb-ssl-df\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01K6TQ5E9TVZYQMP83BFTP4H83\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3NhofAVQtne%2F4aqpRwLht7bK8RcgHEvb%2BUEQFJdUoAl4rZ2PFpyCXyWb%2BU%2B4x8R7vmXphdmuiq7KTxK62hg6w5F64nGRJ%2Bi4dQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 989eaf2d8cd77130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54684,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"a314da9f659a273c951c5a8b0ab4a46a","sha1":"efdf35fe9a86ade33e237b0df23ff6ff14b7cf7a","sha256":"951ed286ca1946f9c99768ef1736f052f93966d115889afa491ce309caf35f55","sha512":"e649b71989aa0df5b242946c0c385cb557ce4347a80577d55f93c6822a194d020353a900a6ba816858714828051e4f37972b0c0372762379250da2447dc69d65","ssdeep":"1536:Ulxox5vAnVJ09eeoZ2sYuJBTE/lPbxRPJxAgvcDCZuNs:Ulxox5v8eeJXBQ/lPbvxxjv2CZui","tlshash":"3633022c99d188ef73fb38995017eaa745a1688466dbef8cd7e305f07e72624035e843","first_seen":"2025-09-30T17:15:07.073613Z","last_seen":"2026-04-04T12:45:45.598144Z","times_seen":324,"resource_available":false,"data":null}},"time_used":532,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":420,"receive":112,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 05 Oct 2025 17:36:58 GMT\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5054,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"43e6cb63df7a11f872c857e328961e21","sha1":"a4bfa6231dc6e8c8d84296736c60b763c14a4133","sha256":"209f55c7b05c3c78d7bceaa91c937923e79159198173138460e45aaac2fa9db5","sha512":"1b90cfec5e53b8740152240fa6c3b9b367aa9d751dfb3a69387d4e2aea6b140214af96a2ec0372fb9ea992f73a380b51328b080ed44a9ebe74fe2fc7fd522bfe","ssdeep":"96:aOEaNqOEaXFZHOEamOEaO3vOEaBOEaBJc+uTOEaNcNDOpaNqOpaXFZHOpamOpaOI:9NNIxO34OxDONEhYO3RrxGx","tlshash":"afa18992002ba400ab971dc233cf7f3aaece10896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T21:34:59.082547Z","last_seen":"2026-04-04T16:21:26.171796Z","times_seen":1339,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":44,"dns":0,"connect":8,"send":0,"wait":20,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/8.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /8.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 57032\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"39d14f0cebaa8cd15b4f9865d8a2f1df-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVKQ39DD7Z8ADR6GY0S\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=14mTDGYP%2Bnl8eeaYDbra5c2lZKhD3dSVNa8ZgIe%2B0BGZRjsIXUPUzVu%2FP2%2BxvRwkkhgoOZtXGrDSPMepIROBRd5W7rSIH0ApMQ%3D%3D\"}]}\r\ncf-ray: 989eaf2ade8756bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":57032,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"45a0973fd473f6545bf1268fe29f4dfc","sha1":"efe037eb2e30a3e350a8bad79f9d652928b10967","sha256":"9683ca52210bb0f7c37d8dd34495197d45c00579266a940489076754b375264d","sha512":"8b8f095fc485658dfe07a5c4124286d0537866434ec29e9842c1539799af1d1bd8173a6d554bdf5f045df9ec81e56bcc689974aef658d0865452284af4a355b3","ssdeep":"1536:GlzO4/HjqUYXe1SMUDc1nDHnZNBhlE5Xw4ff1v6ViMWO:azJHjqvAtecFnnf65gxi1O","tlshash":"934302b493f8bd725a0b4cad69fa4526008adc20629f3e75923b39d6086335f0157e3b","first_seen":"2025-09-30T17:15:07.063954Z","last_seen":"2026-04-04T12:45:45.592205Z","times_seen":328,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":413,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-05T17:36:57.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50657\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=djwtdCdFbtWUCL%2Fr8%2BMC3gZ%2B75y2kRcuCFHwOr2eQfb8pxGVZAxldTCJMWwbvZZqTk%2FPtt26qKcKQZudxIsP07xd4kNyrVM%2F%2BA%3D%3D\"}]}\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01K6TQ5DKB50R3NC41HCQ5VQSJ\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 989eaf292cf656bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":13050,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"b774af8d0943e20a83f1ec9b49ecb8ae","sha1":"afc7183d0b8f69d21245420ae68f4dba7aa1710a","sha256":"3ca754ed9c32eaa2bfe2b6bb63374f9e346daf89cb9feb1ec94816ae1a543880","sha512":"ce0affd8f9475c9da4fd085fd37d42d1b12e28c1e1a667f6ff540433bc61ac9e57fad578ad59b8cee319345f7eacfd277d8189b95ece226741a7429b6a0095ab","ssdeep":"192:Y1l1XFK1euCuVTcHJMhhGUoIApjZKE7UHJ2wxPlZ1e:YKPNakvxDQ","tlshash":"6e423f23dd81a81723325360aef27358f765424f96050c66bafc618e4ffbaa19453f9c","first_seen":"2025-10-05T17:37:25.21978Z","last_seen":"2025-10-05T17:37:25.21978Z","times_seen":1,"resource_available":false,"data":null}},"time_used":524,"timings":{"blocked":165,"dns":0,"connect":3,"send":0,"wait":194,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/3.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /3.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 51152\r\naccept-ranges: bytes\r\nage: 1\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"9c98b7ceb602cbc11958f9753b83b387-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6EE0056H6MKK86ZWTCZMZH6\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ucNI2eV7bLJJip3ejWLUATkj1ookX%2FuY185cP6IdtkoqBirjj1V7Tb65sU7s5cNLdRsgaBr3szm8fQWf3qGH9nSJZbT%2BDBylRw%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9756bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51152,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ed66d899203784adfe6c2c8dd1939343","sha1":"14b8169d424fcb4290f155981ff1d69ce094dce0","sha256":"fabd28e5a26acf947fbf7af38df17c5bb62f93d252903e86fdf47c6db9f9d9ef","sha512":"929c0f67bc57aa84f41a1d80e6271d6b7bc1e297aa0067dfa736eee56e641a58e15b7a4ba8b0048998147cfb9c38742f8ef232262d8bced3161564e92f6a8c4c","ssdeep":"768:DnDRMPhTcJDJGGS7dih7CpEILJcpxUWuaAE7Knw0eZOG3CuX0haabAnKnY:LDRMPhTsDJodjiBuaA9et7XIRJY","tlshash":"9933d06c75a8a5ecbdec22af1116d74ec802914f13f84d6eda48a60316c79aedb3f441","first_seen":"2025-09-30T17:15:07.08107Z","last_seen":"2026-04-04T12:45:45.586132Z","times_seen":339,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":316,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://grok11h.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:42:29 GMT\r\nexpires: Fri, 02 Oct 2026 12:42:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 276869\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-04T16:45:24.005391Z","times_seen":133262,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":48,"dns":1,"connect":8,"send":0,"wait":8,"receive":10,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/11.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /11.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 16580\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"60ccbc2ca61709623b6242afebfb6731-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVPPHY29P0PDSRHVQSB\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lNnrpfUPA1imh8%2BFsMe33q%2BtHPpYFpjBXqMTKN468Pm%2BAJJYpL3QVYuFgXw4gYTooj4hAJeiPLfu3JSgqaZXuoS2akSRNzZCfw%3D%3D\"}]}\r\ncf-ray: 989eaf2ade8c56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16580,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"219accc7f77ce773b0a35c85aa007167","sha1":"2c24508f752f992c2bab45ee58ff1259a341552f","sha256":"13dfe760e11e584feca95e882c723ef5af5789f90910a57c1595cd26c6f96a56","sha512":"d2b71f61314026636194ca89dddff558870c50658f136fce1c32332f5b112d6d376e6c744ad572c172cbec63817723a75f880f497a02a6caf149d2439f59151a","ssdeep":"384:ov4fsUAqn2wMMKYYCrB4kfnhc5u0nbgdzM5B9ZB/L4LAc:64fsUAqyMKYYC17nh0u0bgdMn7RcN","tlshash":"fe72e1fda47173308c87823939c68c1d14b19acf9caa27565cdf27f1b19e27c6a74452","first_seen":"2025-09-30T17:15:07.077773Z","last_seen":"2026-04-04T12:45:45.59305Z","times_seen":319,"resource_available":false,"data":null}},"time_used":337,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/4.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /4.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2640\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"23613bc934f0cbf322a3268e8d615dea-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVKFN218XCYZMHS56ET\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tjApX0UWPowwxPz8jxscnbgnNqre%2BfakM72MKaAj%2BA5SaT5CeFvQ%2Fx6SO2VFfI0iXpOHScXdmqslvjbpyAuAUnZTDKS7ggbqFg%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9a56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":2640,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 225x225, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"068cfaccde163ad6416ccbd3e64cf73a","sha1":"c3ef4658642c3f268fa6567351324dc5ae202755","sha256":"b1ccadcb9c57c9a2990d487b6ad8eb7323993348d6020a28793643f56c5b9f95","sha512":"dc6f2deacc9405d5b31cac5efde90853ca958a3bbbb7da4586bb932db7fe9846b5c20502a282f2cf1535a3ab19acefcc9d89d9fc74fa3d3bbf3772937868dfdd","ssdeep":"","tlshash":"8d515c4372632a042710b1ae7a0f0a80b916e363a3d0d0f4de94af3527562cfdc720cd","first_seen":"2025-09-30T17:15:07.069315Z","last_seen":"2026-04-04T12:45:45.593761Z","times_seen":328,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grok11h.top/6.webp","fqdn":"grok11h.top","domain":"grok11h.top","tld":"top"},"ip":{"addr":"104.21.21.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"grok11h.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 13:09:22 GMT","end":"Sat, 27 Dec 2025 14:01:51 GMT"},"fingerprint":{"sha1":"45:7C:A5:D2:47:8A:FF:AB:5A:A3:9E:D5:2B:92:6A:6A:61:42:FA:C0","sha256":"5A:3D:F3:75:70:E9:13:D2:98:CA:21:10:B6:B4:C2:CE:3A:5C:4D:32:3E:AE:19:41:22:20:9B:66:20:4F:4B:EA"}}},"request":{"raw":"GET /6.webp HTTP/1.1\r\nHost: grok11h.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9428\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: public, max-age=14400, must-revalidate\r\ncache-status: \"Netlify Edge\"; fwd=miss\r\netag: \"27770ce7e5c04f27370150f7bb294a30-ssl\"\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nx-nf-request-id: 01K6TQ5DVNAFRR8S02M8DJYRVH\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AcNTS4vMiCKBHU6LjObg61BSFmfItMMTQnSrdHD6EwJC5f0uo%2F2delfJ%2B2wmCB79DgKbpDghh%2F9CGav3nK0MpZ7osrQYB7mm1A%3D%3D\"}]}\r\ncf-ray: 989eaf2ade9d56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":9428,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d19d5b8b0d337eecb20c486d19023741","sha1":"8d4c401716031406eeb2f541f1df07ce0df0cf0a","sha256":"aa28c4ce43bbd971e3febb155bd3d1fbb09ee0863bda48cd192a4c28877e0359","sha512":"0193b4b9a48db64b8a8f9bf67a6d1b15cbb804fed9561ed8020b373794f479cdbc426f3ed0fdff881ac1df39bf9009e2e7c76b5bc5ff030603bdd1e47470815c","ssdeep":"192:t5CyRlviNpkm3jaxZws9jj1WstykSOZIY4qRmwzO6HFq5Ch86hzQdRL667Fy4J:t5CYvi3kFxZfjjsoykSOSYfMluFqw8+0","tlshash":"a312ae980e3aee7b74108bb4ee29325ef63a1360f3fc9b597a4295901359d0727c9c49","first_seen":"2025-09-30T17:15:07.071237Z","last_seen":"2026-04-04T12:45:45.596072Z","times_seen":333,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"grok11h.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/particles.js@2.0.0/particles.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://grok11h.top/","date":"2025-10-05T17:36:58.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/particles.js@2.0.0/particles.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://grok11h.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 2.0.0\r\nx-jsd-version-type: version\r\netag: W/\"59e8-UZOhrgIV5VxI3l3rU0rLB4Gjv70\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 05 Oct 2025 17:36:58 GMT\r\nage: 1684972\r\nx-served-by: cache-fra-eddf8230027-FRA, cache-osl6540-OSL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 6168\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23016,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (22686)","md5":"6564e48cc953b8642b7c758cba09fd81","sha1":"5193a1ae0215e55c48de5deb534acb0781a3bfbd","sha256":"f368ba54ef5dc8c6613226de0e95b0a72239c33c3caec2f08c69a939ac9dbd1b","sha512":"930176f24c517cbed366421590f5ddab5443ccaa1f09f2ada62c9c851453bedbef5c0e1580402f2430100b0dae357269f58505d5d541b4dfd10dbb9f082bcba7","ssdeep":"384:WfJ//vWKyCN3yHEPepmcBzAbix29ZzHNSA:QFf289ZzHNSA","tlshash":"08a2b34d23f73e77339a72e04bece1128b70a4d2399b04b0f93c667da5255a601de6a0","first_seen":"2025-05-01T01:56:50.052191Z","last_seen":"2026-04-04T12:45:45.589024Z","times_seen":624,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":9,"dns":2,"connect":1,"send":0,"wait":3,"receive":0,"ssl":4},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}