{"report_id":"b5b4bb30-865b-4ca3-90f0-f611fefe91ad","version":6,"status":"done","tags":[],"date":"2026-04-22T12:58:28Z","url":{"schema":"http","addr":"app.gthrkxdm.top","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"104.21.69.31","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"title":"Download","dom":{"size":20647,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14393)","md5":"a63fc8b307936165bc979a3249ee1ddc","sha1":"1f4fe2ae87d5a5a891dca3a243d30f7a62a85033","sha256":"7642f72777a7d96a2cf14e6add899c3cf7781ea8e6c66bd65566a5b48664b5fb","sha512":"bb30c480ea06c9f7299e2f25cf790be93b3e0f2633c6126c08fc54d69c6e2bf9085e144e1b2ae33fc562d572081e18b281c691de46750288f2217897e507eb8c","ssdeep":"384:UrSvGLQsOOm41wniDKJJNiJRJ0uuuTti0C:rEnbDKJJgJRJ0uuuTy","tlshash":"b392b6b1c2a45136460f06c97d69322e32b7919ffd13880cb66c8798dfd6e25dc21ada","dom_hash":"domhash93273e6ff4541f9344877d550538c950","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"app.gthrkxdm.top","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"104.21.69.31","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T12:58:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"app.gthrkxdm.top","ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-23","domain_rank":0,"first_seen":"2026-04-22T12:58:29.588561Z","last_seen":"2026-04-22T12:58:29.588561Z","alert_count":58,"request_count":29,"received_data":1129863,"sent_data":13254,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"05e99ec5dfd48289ca6f5d94977a0e85","sha1":"0fbbcb67ec20841fef8be5d0dd940ea641423663","sha256":"169effa276c2c5f802c428fae228f93944ef9a0d36a676f94e16a0fb2573e496","sha512":"9b789b87eaffea51e8c70c3475459d461139d17ce2125c1f8c613a4d4b06bd4e09c55e2a3ff28e72283ebcdf04ac13e999ed4e9cf45afc69fb4c82a391b49bb7","ssdeep":"","tlshash":"cd90029d36d351209e5b5694105b189574a5a660145449c5c08998e1ad57024519689d","size":56,"data":"","first_seen":"2026-03-25T14:18:58.705069Z","last_seen":"2026-04-22T13:11:26.716328Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0d9fae00c30927890dcf485c840ea328","sha1":"13da4cfa0e4eb941133261e31d900f4948708677","sha256":"7d128c625ad955bc51c57030ad1131783545a9c4bc711d04111c12b208fcdbdb","sha512":"0e5696f91fd75fff4fdc40378ecfaeb846724221fd262b3a94a5904d2188ead6bc280ca4d740f6778c158b153aa4c9c4103b1bbec1589a11150962196c1104d8","ssdeep":"","tlshash":"f59002a522c25144c65232a4106e1c8d6166847014844a408080e4611ce6130615d49c","size":46,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.882401Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"26faafc5dbb0b17fa684225bdd0ce27b","sha1":"b2c8255eac04991654014d3511497ffd5c8647bd","sha256":"7b5e768d67c7b8c4c881f0f72a9ae77b39ff45007e9c79fc11fc9a7036f3dc91","sha512":"2bba30c13c17c74fa1ed6ed7cce8676008e3989ea7c5b5519ec7d2211e910587ecd6606722a4b33c03f3560c135ab3670adad92d5b83754de5114b886f587f9d","ssdeep":"","tlshash":"2eb0928722a1400a4ec3397c9e8b2046216320ab142cca807e19af80bf8132b9a73788","size":121,"data":"","first_seen":"2026-03-25T14:18:58.878987Z","last_seen":"2026-04-22T13:11:26.755301Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"40e8e10a1c6cc413931e8dff31a7b51c","sha1":"c21c912e89d008d99161b2595a8ac30b71d1c2ea","sha256":"d6e69dd8e4f77799ff1f87dc0d4cf87fc54d87b670558eee0c651dba9551ca77","sha512":"ee63c921a0464d11757846b4338d9ac0aa353b6681341c97221449b432254dd276cf771ae9d4ffcae5097df4907c1214f0c0940d54c85d8885125db831139de2","ssdeep":"","tlshash":"a590029531c290505e521294849b1884a025487014444a4050c2d4521c5a420929649d","size":47,"data":"","first_seen":"2026-03-25T14:18:58.766767Z","last_seen":"2026-04-22T13:11:26.70865Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bd3e0ddacfc481c086f0f87f9561019e","sha1":"dd0134a59ab901987fec4c75a736588612e4ab0b","sha256":"59998f7b8f98e4a24198510aa898f5729d39aa3f96bcc9d2914f182634502a13","sha512":"bb9c477d51334db7ac6b58df72f668c8ca64163b4bb1e68e0f387cb653f1da180693627d8d2a2df58dba257ab69ad7a837ece7ec191aa9d1dbeb851711e69d94","ssdeep":"","tlshash":"049002de32e39510865b259414df189954a5aab114548984c05894a5bd66024a2a589e","size":57,"data":"","first_seen":"2026-03-25T14:18:58.846827Z","last_seen":"2026-04-22T13:11:26.739107Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e4e321d33ac6642b37eccaf7d7a2fd33","sha1":"3669a8d2e7da592d70481721730ed10532c4bea7","sha256":"d1c798e54477c94723c66312ad890e09a0110f5c3fcff80f2feb1e16be96833f","sha512":"5c449b19873d163c6d72c869549b3cbd851a0716c374f511dbce6d5af93131425f61641659f75cb1ab8a009d5dbe16a8e116daa416cb8c62c42fe771189ca5cf","ssdeep":"","tlshash":"fc9002a522c65140865231940156188d60689470548449408080e4a91ca6130516649c","size":45,"data":"","first_seen":"2023-04-16T08:22:18Z","last_seen":"2026-05-20T10:35:00.894048Z","times_seen":213,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9d93b614a1838bb60efa2af8d9d19140","sha1":"c1a98d5fa5d34de1393825d15ed71505b7f9f5d0","sha256":"d8ce304ec99c74b555e79249d1c07b3714696f27cef27376159be8da4e0ade0e","sha512":"1e5768364d7879fd97b04df8f1c62f5f5ddd5ecf3d0465efa2a90072d8496c83d39b6ce8336e8131485ddc1d69263f53ea273dce53004e54b747ac55aa2e447d","ssdeep":"","tlshash":"46a022c833fba220ebbf2288002e08cc00e0f330080808c0c0008cf2bc02038e0e0ecc","size":70,"data":"","first_seen":"2026-03-25T14:18:58.829936Z","last_seen":"2026-04-22T13:11:26.758172Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/common.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"315361969b94bcf6fab06aec7c437015","sha1":"3bce487b3860d2356996c464ea79b02b9a5e171d","sha256":"48c9ac90130df8bb8ba573f3ab9b61740274ef30435ece7f057e0ff7071adb22","sha512":"70d80070715a9902bdbab2e8c9e787b719841c805996c2d9182a16a2d549d1d47df1c39f76f668c9b4326e3a061e598b8eebfde914217f5737b6245eb472bd6f","ssdeep":"","tlshash":"b1e02b8c7597500501373f7c998b8005f572702768291841b6ed4bd47fb502342b7d48","size":401,"data":"","first_seen":"2026-03-25T14:18:58.645056Z","last_seen":"2026-04-22T13:11:26.684649Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a5a38b9de92f746c089071272ce68139","sha1":"f9352346ab24d69b18398e8647b758f03d478e8c","sha256":"7ec55fb56ed7fc7b012797cf13727ad82319a5f6a1d868532b6c6110976e7e97","sha512":"29775781282bcba6446cec80bf3abebf4b0bf4a51853e9882e998a57eacf81f5da0a1fc257744a13073e42b7dc6e616a76da9fcc48a472f554c2d9759fab8b90","ssdeep":"","tlshash":"659004d531c75044475313d4445f3cd4d33d547014c44f40c041d4531cdd434d35d45c","size":44,"data":"","first_seen":"2026-03-25T14:18:58.854419Z","last_seen":"2026-04-22T13:11:26.737196Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"13700e7cca6b6a6c4b1cab1ec903df7e","sha1":"b386441cf99f5708bf25c6ac0fefdc973a549e23","sha256":"a8625846758657f70ee97fbe6ef2b2c434869edf1a322f6e9ae9fcdfca28d96c","sha512":"0a7b1889576a1b012011ecdf234b11998bb7c3746b40e16c5afca7fb3e1d7939ab690000844bec8c89b09c300e455942886d7310499f1ed11d73768dcadc7e0c","ssdeep":"","tlshash":"c0a022c83be38020ca8f0280003e08c800a0b3b0082088c8c08088b2bc022a8a0a08fc","size":69,"data":"","first_seen":"2026-03-25T14:18:58.87075Z","last_seen":"2026-04-22T13:11:26.731338Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/zh-hk.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"5f373dfbfbdcae366c12610c49a14521","sha1":"7a12a1569059f8eda25214687f4ee9ba0995ab58","sha256":"78816c73c390bed4303692f928d383aa6b51dac716e1b85e0cde647116e6f7b8","sha512":"2beeb72fe2e2b0f7cb6eaf81e7b1bd81a67a758b47f1d35392486d426d6b800a87266109d860022c45a0462756901297945a45417f7fb59ebb3980f5f2fc1f73","ssdeep":"","tlshash":"1f5196c4869c48587e340285beb48f49e820f7b78d1611afb27c85a42fb299ed1c5ad9","size":2697,"data":"","first_seen":"2026-04-22T12:58:35.600916Z","last_seen":"2026-04-22T13:11:26.689333Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9a1caf9b0b014c33238042e4cfddb650","sha1":"c0a94c359b57d700a8167d1c29900475f7d75199","sha256":"7f24fd4017096b0d8d263044d2f6ad1c839c698f9136684fbaf377e13bd78821","sha512":"ad3a3bd9806fe089dfa7e15d16a9eff8b7053192f00912da4425b38b5738a481e4de0c4053866eeddbd02fdd5443b21d567aee278bf384567bf2de7bb35a589d","ssdeep":"","tlshash":"2790029932d39154d65b15a4149e18d554a4ba6114944dc8c14494a1ac56120719589c","size":56,"data":"","first_seen":"2026-03-25T14:18:58.731623Z","last_seen":"2026-04-22T13:11:26.730217Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bce771ed23663858efe8a348124b118d","sha1":"fe846ecb3cf0228f3fbd6374be9d8b46ff96d4b8","sha256":"afc3723d05b68bfd84604819bb1d83b24f2eee77df44e2b98e05cf0af0c1d3c3","sha512":"63fc9d9c3e37e2b50f9a58c78e1f161616f7a5e3d261a36812a6ed16f24546372b6f7a6976a47a15527cf06210a52e6a26bda9d6a9837f44f9438cb98d869c74","ssdeep":"","tlshash":"8ca0228323c330000a0302802383ccca20b8003020080c0002fbec200c08030c0cb8ec","size":63,"data":"","first_seen":"2026-03-25T14:18:58.869632Z","last_seen":"2026-04-22T13:11:26.715409Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2c93c5a230481f51bca35ddec2093411","sha1":"366fa9973d063dbdea13decb963ee30caad5ab8f","sha256":"c0131d35d635752577fb15597608c79ad55000262ae5606d1ee0ffdee4670473","sha512":"8390d32e74d0a0260846e2e535db3db0074a5d3b0bdd6cc581ee13da8e542129d54d3c994aa1ead55ae0a54dcb19e9810f55462604a445d2b15d7448f5d038fa","ssdeep":"","tlshash":"c590029521e2640146b62698105b1884602844b8a45cce409154945a1c55124512545d","size":49,"data":"","first_seen":"2026-03-25T14:18:58.820642Z","last_seen":"2026-04-22T13:11:26.722235Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"40c1b54704ad8f66bbe9377a4354afbc","sha1":"b978207d0c451b32dbf57a287691636e64ddb21a","sha256":"8a55132d205434039b6002f8afb30ca40c30c036f49007d73d65d85c8312f48d","sha512":"7c7fb2215ae2f8a374aa97f37becf7c67605eeffd3d120c802390e1ba85d4264cc5da2a69163047cf9640ff9847b57ff215c9318af647caf7997e79b11c2d26b","ssdeep":"","tlshash":"8390029521c25005465212a400ae1c84602a547024484a404080d45118a5020615d45c","size":40,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.880008Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4c23667a1bf643ecda59a0b2ecbe9e89","sha1":"abb55a7c16efa640b042c4b8c6a2d48ef15809f9","sha256":"e1042fef00340e04c106e5c5afe2b57ef9abb41d6c9833e4c51810d9eab8cc3c","sha512":"d852e0cf7aad74c1abfa4d279ead1c3257c0c4cd816f8d95f3323fca725730afdac3bec2646c30ff0b53d507ad28c03548b0f974f17a7968bdfc73565ac38a7d","ssdeep":"","tlshash":"9da022c833e30020ca8f008000ae08c820b0b23000088ec0c00088b0bc02020a2888cc","size":66,"data":"","first_seen":"2026-03-25T14:18:58.713251Z","last_seen":"2026-04-22T13:11:26.712894Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d03ea2875f54ef97f254574cc1de6d4e","sha1":"c3f25d491fee996d45322b3daf2b4fde59025679","sha256":"8b48126e7ee4df14fcfb45de7104619bd48054d49f0f943db765a7be7abe3ff3","sha512":"6c250624ebbf9571595ae9e63a69da01e9b3340b7a97f997bf99d96becf8efac2f2999ed153394bac92b35cc65c2a41088cac98cfca78494f8f444a353f6a0a9","ssdeep":"","tlshash":"18a022c833fba220cbaf2288002e08cc00e0f330080808c0c0008cb3bc02028e0e0ecc","size":70,"data":"","first_seen":"2026-03-25T14:18:58.877311Z","last_seen":"2026-04-22T13:11:26.759536Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4146643069396e5d8bd092284923dac0","sha1":"3d60cd93287015111225afe68d0cd9647e6ddba8","sha256":"ea2d33984eacfe5c383ed456e06b20049b5d9a2ab427fd3c966f9d9434273c36","sha512":"f2c8d15f56135facbd187bb59bdc4a8c50a763766ce6f7588de5b52e4c19c25b506532a0c76b14bb0906b32a7acbb16e8cd97a9c73e680d978528c47e95d984a","ssdeep":"","tlshash":"bd90029921c250245f97169d086f18846125547018894e4141c1d4955ed6120a5a69ed","size":56,"data":"","first_seen":"2026-03-25T14:18:58.874661Z","last_seen":"2026-04-22T13:11:26.707756Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"639144dfc47a03f089f57a8eb2a0ecc0","sha1":"d409136ce98a2098765f3302ff0485cfaa64bde5","sha256":"4e48b43d4eb2c36c227014f787919385dd33222244519bccbb7e655969c15957","sha512":"f2be912cc28cc0a09824df17eb9db49ca4ac62cbe047bfbc196b8d7d7236d05cdbe940efe51bab750ecc02a53be5de26d2392240fa42b811099015b402c9b996","ssdeep":"","tlshash":"c2a002a932d3e110a66f1594109e189558a4a6601c958dc4c04c98a17d56420559d89c","size":59,"data":"","first_seen":"2026-03-25T14:18:58.788278Z","last_seen":"2026-04-22T13:11:26.723209Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"91e793ff1a11fb33d882c2335f0d9ceb","sha1":"e32c408010e2a8b557934b7b08aa7d6b06571847","sha256":"ca958808dec46fbde4f66d7fd4d97b253ebc3e0e894d9b6cbecf23061ccc2ab3","sha512":"162bb6be89c236b06dce194ea4bc5e714bf3a923532776ba1f26cf92762457147b5f66419a75ea43abb90200384eb480a23ec9a1cc93b09681390ef7dfa316ad","ssdeep":"","tlshash":"28a0228832f380008a8f00a0008f0c80c0f3f220080008ccc0888ca0ac3b03082c0cec","size":69,"data":"","first_seen":"2026-03-25T14:18:58.734699Z","last_seen":"2026-04-22T13:11:26.75432Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7acc7d32407bbb1b10edde910cd6291f","sha1":"bdc78e2e1b24b58e7468fa788db0360528f029a8","sha256":"39a964138cfef2b314e2f96332013d43b49727cab06a56ea0573d8f07073cf58","sha512":"9ddbbb5f51f51543b5ff7586cca556a235a065e76bd44e9815c7eb2faffe633633df98b71fc07e196f691e4d25b6ce23cc5ccefa8b1f8cfaa0d25ef837fe7f6a","ssdeep":"","tlshash":"e59002d522e75400467626d8105a1c84a13544b164488a545450945d1c55130511649c","size":48,"data":"","first_seen":"2026-03-25T14:18:58.742124Z","last_seen":"2026-04-22T13:11:26.717924Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e4e321d33ac6642b37eccaf7d7a2fd33","sha1":"3669a8d2e7da592d70481721730ed10532c4bea7","sha256":"d1c798e54477c94723c66312ad890e09a0110f5c3fcff80f2feb1e16be96833f","sha512":"5c449b19873d163c6d72c869549b3cbd851a0716c374f511dbce6d5af93131425f61641659f75cb1ab8a009d5dbe16a8e116daa416cb8c62c42fe771189ca5cf","ssdeep":"","tlshash":"fc9002a522c65140865231940156188d60689470548449408080e4a91ca6130516649c","size":45,"data":"","first_seen":"2023-04-16T08:22:18Z","last_seen":"2026-05-20T10:35:00.894048Z","times_seen":213,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ea70bd69301f621dcd3198394fb0a1e5","sha1":"82335f905d1c6fa5b0de3bd98f1486547c374a95","sha256":"5229c74c3f01f3062ae424422450fbaf3214b44477f8f25342cc6aa18323f10a","sha512":"a614303679a274c2e749303ae27e49f5814705d599207983e71e2c715892c546b6143884d41fb44824809ea8b2b065424222994ce15f7e0a064a0bcbd9115a00","ssdeep":"","tlshash":"1fa022ce20c280008b2202ac00ab0e8320eb80b08cc0080380c0cca08cf8828a00e0ec","size":64,"data":"","first_seen":"2026-03-25T14:18:58.873165Z","last_seen":"2026-04-22T13:11:26.728426Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4d701dcd615fda0e329d3402a3007b0a","sha1":"0ec3713e8c6783dc9d27b9ddc4c8ee9ef673e01b","sha256":"89a32b953e194f6861ab5d091146ebac35f952c776ac9f8d62fd34447e9661d2","sha512":"948fc629741b5b8d53af78b3398b565f912074e74a34161eb24d092f63049cc4d1197434497db13de3c83d14500a61857c1c40c110cd71950d0ec913b5e09851","ssdeep":"","tlshash":"6e9004d531cf5000475331d4055f1dc4703c55705444dd4050c4d4d51c5f030d1f745c","size":44,"data":"","first_seen":"2025-11-01T16:04:34.197293Z","last_seen":"2026-04-22T13:11:26.75384Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9323995311361038c1d49b7b7996f139","sha1":"439e455773722587d66ae4c85050fcaba84501bc","sha256":"dcfdaef8bc591798f4f428f9f84e6e9e7eb7d3f1b6ce75db173dddcea3f19bbf","sha512":"0ade570edb40c261f5857de3ef191382f7b22cea356624052b4151664bd4e96319ac6c8096748fdaca6c5135c943b361f67456bc03b5120f807165bd01763028","ssdeep":"768:xLflRbSbDb5T5Rk2iWxb3b8T10T1Un+dT1I+0DLa9pG99IeCGp99IeCGsKeKQKhz:VlRbSbDb5T5Rk2iWxb3b8T10T1UnOT1A","tlshash":"4cc22200d5ad4412d4ee509bac5ba82db305e31a6261a884fecfc69cff7ed3b0b581d5","size":27684,"data":"","first_seen":"2026-03-25T14:18:58.738232Z","last_seen":"2026-04-22T13:11:26.752098Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/vue-i18n.global.min.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"447a39ca04618137f539d05ea1ef9f4e","sha1":"34e1c65e7f49fdfdc2377da49f03710bc8604e2e","sha256":"9e2132db1e719386cfead1e1b9d9bd8beb3eb5b1007f77e51e7b2f7a425bc277","sha512":"d196a5ba511d64ff6c869f74e3edf125ba23ce5ab6fd56f5614c7612ad86a8471efd62dab95a1035d13afe8f929238f52f11e39b461cf8fd6703899df4204b10","ssdeep":"1536:y7gEgU0f7GygAiquKDb6S+H1zCuG03wZEUm4ukM5R:SgEgjf7Gyg8+JzG03wZ5ukM5R","tlshash":"467306d675e67016877a42ea70b31101ab3d1a18340ed894f5bcda823e27c5a43fbf6d","size":76790,"data":"","first_seen":"2026-03-25T14:18:58.654845Z","last_seen":"2026-04-22T13:11:26.695335Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"02e504257d6a3dd4f13327842a64ae2b","sha1":"e5946d93da0967ea2bf8f6dcc50fdee93a5c8fc1","sha256":"2c4109f67a55f439c790918493f4c8595a313dca0f76ffc57ec5f548877811a0","sha512":"1b08bc25b03893fe4f660ece840b090903c621c94821ffe76afbf790c0cfc1a3440a8e8fb2271190a145861c8b23d5cc7cb0129452fcb21e01072a9f476fd074","ssdeep":"","tlshash":"35a0128832b20814c22a169d700b14d88c61b152009845449145b4755f0945010524ad","size":85,"data":"","first_seen":"2026-03-25T14:18:58.831291Z","last_seen":"2026-04-22T13:11:26.734861Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"898bba728fd67a7c5a32d546f685973e","sha1":"5ba81e4eb1fbb5544dd3ee4c4ab7130885c84076","sha256":"fbdb807317e5f0d60a0155aaae1781ad64758ed7e3e6ec3387fd86418d65179b","sha512":"0c2d7377749f3a539da38ea4ba1b37fdc7712b3bc062ae3a0e72db915f7910826a0b22d08e743a0890ccb2301410492d75be7273a943e5dde9caa886f585111c","ssdeep":"","tlshash":"269002d521c350109e921294049b1884b024447014545a4480c1d4511c5602091964dd","size":45,"data":"","first_seen":"2026-03-25T14:18:58.749622Z","last_seen":"2026-04-22T13:11:26.757579Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c58afef75d9bed6b7c70c099a81876e","sha1":"4b37a9f9ac4a653d9fe1ffac671481d37142288c","sha256":"e4b6982f7ebf192d3780cccb8bc7ab3ec23b8ff751d0745478e51a67378693be","sha512":"eb7c9bbd00b6a62a8313bfa12c3d28d9e5ba8ac4d762b0ac5233a0dbc3a72949a5dde11d78d8dcf203e36ffb00c145efe9f245d0e02787edc3373bc811b615f8","ssdeep":"","tlshash":"e6a0228323c330000a03028823838cea22b800b020080e0002fbec220c08030c0ebcec","size":64,"data":"","first_seen":"2026-03-25T14:18:58.845071Z","last_seen":"2026-04-22T13:11:26.757085Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2750df449e77a7a070e5e40ad87ce8b2","sha1":"6173f0ce58fc939c723ba747684e24ec7d9b4be5","sha256":"e66bbd70ee305f05710c9162e6652fe5fd91721354a1a2dfe9e16f6e12cf9e14","sha512":"24eb15fe15b955c01ba3198c34df201d1d8f92e9129df734af7dd4b01218c6d6b683aff0e5ef6c4e13c0b242d391fdc8b169f0ad0add1c9f085aecd8c141fdfb","ssdeep":"","tlshash":"3ba022c832c3c000820b00c8002f08c008b0b22008800a80c03080e02c3302080c888c","size":61,"data":"","first_seen":"2026-03-25T14:18:58.880564Z","last_seen":"2026-04-22T13:11:26.724327Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/index.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"d67ad75e0314425f079c784a5241fdff","sha1":"a43a2ec1958469f11b7e32964aa64a5938b42dc9","sha256":"ddb708d844644f4e5c001209097c34c2fc469399f6ac18d218bcb9361c7d13a6","sha512":"6fdb6f61b0b9457c9314c52660451e6882901aacf453b0090bc11ad0237647206e067f176de8b504c23b215185506853c9e6c807978dd6f0ce278b4353edcd9f","ssdeep":"","tlshash":"9a419be3d4f7208bd534a2b43e0b6f22ad9103197a478d73b1f7816a67c960c81cca4d","size":1937,"data":"","first_seen":"2026-04-06T21:20:20.883604Z","last_seen":"2026-04-22T13:11:26.701018Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/pt-BR.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"d516a547ed986ce01669c95e056bfb94","sha1":"cb6d131675e26bba181d953145ea087dc01dff8b","sha256":"52d71eb128e8b756b5505980c4bbb3994338f3991d527be03430fb8ff07b805b","sha512":"42f1ccf1a72a4154680910e8d2bc17bda491c234eacc51425e07b1127af026c886d5befdb84c694872dd8f9f35270fd726fd67a003df6868c9d2f0665cac469d","ssdeep":"","tlshash":"7261312b5a9d48153b3043042b768b42f184731fb817486fbbbe46847ff7598e1cae69","size":3339,"data":"","first_seen":"2026-04-22T12:58:35.580897Z","last_seen":"2026-04-22T13:11:26.701867Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a1685bb527d0efa5bbc2aca04d701a66","sha1":"d6578018aa740bc3adc32050fe9f0b217d8de075","sha256":"11df66e8754d2475aaacb7cea90a5b338e319fb378175779a1d69b494f49a9a7","sha512":"d2e9aa778502a9a505ab9fe97be59458d759e907ff8b5d6b218dc6f8c1eb3651f140226e92aa969508e83efce1236c3478b0a5cf46c227b0a469867ead3636a5","ssdeep":"","tlshash":"01902280aac222082f0220a800a2088800200030220b8f802080a0222a0202000300cc","size":57,"data":"","first_seen":"2026-03-25T14:18:58.8176Z","last_seen":"2026-04-22T13:11:26.729563Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/vue.global.min.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d464777cb6dada6498da5d78698d6c5","sha1":"ba5eb7ca45ee5e573e5983bc4619b27caf2cb99e","sha256":"1adb65522efb73c54700d49e168157e59e79f361255e22b8e91311df0485609c","sha512":"e5d48abc5ec5333b1b1d870c98afb5720230745d61aa4275cfbb2d581b84c205495d9d8074f807e6a91e14cf14185076a76a4c7fb1fc7c9583ebdde63aeeda79","ssdeep":"3072:20RSBLV1K6pKt4W4Z8oAfE94Z6wn38Gl9/+eQvRvpIh9By:20GA6pKt4W4io8EMn/l4RvGy","tlshash":"111439a53181b03217da15e250bb0016f33a1925380984e8b5bde8df2d7695e61fffbe","size":194357,"data":"","first_seen":"2026-03-25T14:18:58.677543Z","last_seen":"2026-04-22T13:11:26.702553Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"84353763c03f8ff99d454023a49282c2","sha1":"48fe9fe9bdf8c788e60b54876ddfba942ebf8d9e","sha256":"f974977f74296c49e469920c2cc20f050d505c0dc193eec0acef7816cbd845a8","sha512":"39350a16757c8680a95c520dc960cf75fb44bf7262ba970e833d3513be2996bed74692ee9505eafb04bf7aada0ff806f2d365149d27a3bd746c5537aa4720b80","ssdeep":"","tlshash":"ac90029561f354088a662b9c13572894e0a485f0d4588d404040a8692c55220611a49d","size":53,"data":"","first_seen":"2026-03-25T14:18:58.757395Z","last_seen":"2026-04-22T13:11:26.760546Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8050ae7a69f40fb1863c9ed00f6ee721","sha1":"f73fe36ec8476660750d9873630bcf81ff00a5ad","sha256":"8253eb897f83f6ae828ade5573d9e979c45fad13421a1b0d665d02f1d673e18b","sha512":"93c8a1deb06400d9faa9eeef26fadb17a51d48c16930d9665462bd7b8b131353f3901834297a590c3b013b2e597f632dfd81245a1afe341338616fb32c0c1ac8","ssdeep":"","tlshash":"6ea022c833f30030ca8f0080002e0cc820b0ba3000088ec0c00888b0be02020a2888cc","size":66,"data":"","first_seen":"2026-03-25T14:18:58.872037Z","last_seen":"2026-04-22T13:11:26.74488Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9a1caf9b0b014c33238042e4cfddb650","sha1":"c0a94c359b57d700a8167d1c29900475f7d75199","sha256":"7f24fd4017096b0d8d263044d2f6ad1c839c698f9136684fbaf377e13bd78821","sha512":"ad3a3bd9806fe089dfa7e15d16a9eff8b7053192f00912da4425b38b5738a481e4de0c4053866eeddbd02fdd5443b21d567aee278bf384567bf2de7bb35a589d","ssdeep":"","tlshash":"2790029932d39154d65b15a4149e18d554a4ba6114944dc8c14494a1ac56120719589c","size":56,"data":"","first_seen":"2026-03-25T14:18:58.731623Z","last_seen":"2026-04-22T13:11:26.730217Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"56739c9c8d0848402e5bee6738a098a0","sha1":"b282f254884142e70458950c4fe5b5b358b34cb7","sha256":"b64a40987d3db3d24ef12b4431d70f190b9cee4cf89a0aa0f88f4da458119e88","sha512":"9c5afa00a70fa271b8aa7679e8483753237c3de77707ef3c8271ab5eb3adcab354ad55b61c1b54cb913119a557cb94b6791a2566c02f663b7ae09d34e4db7f9a","ssdeep":"","tlshash":"e09002d932d35510865b299a106a199694bca66055544b84c044a4b16c56420659589c","size":53,"data":"","first_seen":"2026-03-25T14:18:58.764214Z","last_seen":"2026-04-22T13:11:26.711654Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"22b0636ca7d6411b7ce84fff49bfa3c5","sha1":"a12aab9eda3c9df34348c101cdb2ba17754f2097","sha256":"35e5379b08ea3add7c77f41d829821e12ebc8e7149ba7d945d7bdf2fa43c5fec","sha512":"1200de709c84cd5f9e8f32bb372016e5817333e6a455537df2e81970a22fe8f805eda5afe61fd98fcdb0eb66622c3688c156970696f8e2fdde30c93f65a4527a","ssdeep":"","tlshash":"419004d531c75400475331d401571cc4703c5471744c4d4440c0d4d51c55070517745c","size":39,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-16T18:23:06.016626Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0d9fae00c30927890dcf485c840ea328","sha1":"13da4cfa0e4eb941133261e31d900f4948708677","sha256":"7d128c625ad955bc51c57030ad1131783545a9c4bc711d04111c12b208fcdbdb","sha512":"0e5696f91fd75fff4fdc40378ecfaeb846724221fd262b3a94a5904d2188ead6bc280ca4d740f6778c158b153aa4c9c4103b1bbec1589a11150962196c1104d8","ssdeep":"","tlshash":"f59002a522c25144c65232a4106e1c8d6166847014844a408080e4611ce6130615d49c","size":46,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.882401Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/zh.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"1da1a8089d4e9a0b0404a3e75b240900","sha1":"483c464647d1f92a40252aba9a1720178c38e35d","sha256":"b4b4e08dc0ae16547aa3dc198478f4e5d38190b980a374ea14d6426f650fdde5","sha512":"90b971924074938e02849356f33735faa36491f14dd9e6fd1fd28b190122b3342ac8ba731794897b7eec57d86c5dcbf84064d7f0a4ab58e084edf74f5f1916d0","ssdeep":"","tlshash":"a45152c5036dc8942e3a028abd396fa9e421b7bb480651ef777984e43f7485dc1c1bc9","size":2685,"data":"","first_seen":"2026-04-22T12:58:35.612987Z","last_seen":"2026-04-22T13:11:26.700379Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"16d8e9d5b1fdcd09ab6e1ccd33da4922","sha1":"65d3b7202796defa412a62b8fa7c71da733d7d3b","sha256":"da4c22709c3d99c3a5b4a1650da160303f26abee96314e1465e857c90b24a388","sha512":"6562e91d8ccb67c42aa37c9d7c9cd8d5847fe108603c036a54293b809168a643c0bb01a22c153dcad93d72a7f95047c6754b546ea74961a2640df73b1709d406","ssdeep":"","tlshash":"1190029e21e6994046662aa8015a1884642d48b5a49cca444854d55d6d77160615745e","size":57,"data":"","first_seen":"2026-03-25T14:18:58.867417Z","last_seen":"2026-04-22T13:11:26.704418Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c677c1da0539ae31f06676d7a6bc7eeb","sha1":"2fb294c18b7e5be26d675ada5dd478cf4e68a7d4","sha256":"af5011a0e996e9b240713d42cfab5778009adbb2c750d8b67d7b87663be9719d","sha512":"7f16ba9d868721947cec11effa59dfc00c05309b0ba35a9ae3c10cd0fc506c3aab9b60e39c4d117d9ea2db4d9c8c1b6097f90254e20b7bf2d80620ce6fc3a47d","ssdeep":"","tlshash":"cca024cd31f35010cf5700d0304f14d14015553504104544c04dc45cfc37010f0f3d4d","size":79,"data":"","first_seen":"2026-03-25T14:18:58.868502Z","last_seen":"2026-04-22T13:11:26.718793Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"903c75c7a32a6abbfcd620c9609709ff","sha1":"48394cb133df388060f885d63d89f62038285dfe","sha256":"bf5ed2ee7c01cb8d86ab70c69183376cb280b5f4bf3491b93e66164b6fd25171","sha512":"e1abb4814eb6872b5c2b717366d7b4d9245b31b8445f5ac76e60c662897264dac77489e763c7a74d6cf8b64bf9e992cdf69c89c5d70445a42340d199a76df29b","ssdeep":"","tlshash":"399004d531d35045d7f311f444775cc450344d715454cfdc4040d5511c55070d155cfc","size":46,"data":"","first_seen":"2026-03-25T14:18:58.835497Z","last_seen":"2026-04-22T13:11:26.753036Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"76ba957bdc58d658767668a0710a3a34","sha1":"2f0d4a9fe3451f94c91ecebf3b9dc15af035e52f","sha256":"b5da1ac543c74eba368fad3a5bdbc4c96a2c2b6df04f847ef701205946e721a0","sha512":"1741f9f4a4da6890439d0c96c5e6ee6dfeba09cafd078173bcf81c52a6f491a02e9d2f59c67cfac2bd04741d805669bcda394c6d5db683355b6476f626bfb227","ssdeep":"","tlshash":"9d90029561e254005666269c00562888b06484b098588d54c05098692c66120515545c","size":50,"data":"","first_seen":"2026-03-25T14:18:58.754118Z","last_seen":"2026-04-22T13:11:26.740811Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"40c1b54704ad8f66bbe9377a4354afbc","sha1":"b978207d0c451b32dbf57a287691636e64ddb21a","sha256":"8a55132d205434039b6002f8afb30ca40c30c036f49007d73d65d85c8312f48d","sha512":"7c7fb2215ae2f8a374aa97f37becf7c67605eeffd3d120c802390e1ba85d4264cc5da2a69163047cf9640ff9847b57ff215c9318af647caf7997e79b11c2d26b","ssdeep":"","tlshash":"8390029521c25005465212a400ae1c84602a547024484a404080d45118a5020615d45c","size":40,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.880008Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"59dac782b0d48dc1a7c6001fa1bc3a08","sha1":"e9eb0def4350bef59b3e57a1cfb47ea82fb38d57","sha256":"77ce4764eec528b435fea91725d62f1df0dea271df7d3106441e0d18e39fa5b2","sha512":"afa391487245cffc5c0ea2eadbcb07b13cc5b05adbffbd6bdf1a95a8685721f4021536e17942da9e427622c7add9f4bc3bbfc38d311ccf162708a1d47b3fbaef","ssdeep":"","tlshash":"c4b0128c33e34091866f14e428077686a012b13c9859566cc044e06c5f3301030f5e8c","size":97,"data":"","first_seen":"2026-03-25T14:18:58.864036Z","last_seen":"2026-04-22T13:11:26.735858Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/ko-KR.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"1394f01e4621581199b6d5e19b8014e9","sha1":"bd682870af4d656d5fbf61fe9c323292bf4f7a33","sha256":"c83a87e733f31f449f1ce76dbf0e62f5c0dc74013ec2ebd7f98e390282918bbd","sha512":"ca785f7e58379fcf40caab46a69d83476a088a962e1f09001c1979afcbd944f3729b1e2dcc2ea3e8e76680a451b3355838472e83a83937a022ae78b5dd1236c7","ssdeep":"","tlshash":"106151d069ae86c929712a016ef85f45d1a1f3774ba300ebbe788d587f3108b81c1db8","size":3292,"data":"","first_seen":"2026-04-22T12:58:35.566976Z","last_seen":"2026-04-22T13:11:26.686268Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/hi-IN.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"2cf531115e6ef97ce86a86ea0bfd00b2","sha1":"6e14995fdbf8cdf8cbc6d91e51060739bb2bfac5","sha256":"76aeb1079cbbb67d32b13cadb595bccac06c265b87705c2451e32b4c26812c34","sha512":"4fb3befc838d82de0d926bc8843fdfb945acc9c6471abafa273e121c425444571dc050c18dcb005732be3762be6f595b1be4fdcb4f88f7ff0e0ccd506f3234b7","ssdeep":"96:EP5NBPhAXeKPebObj2S9+talkSehlEYPjMAzZCBPwjKecPFhBVCEAYrAAbXks5g9:EPHTWeKPeCj2eNbAdueUKEhD7yravjKb","tlshash":"84b1238cd7bdf3a41cfc389ab6980c7ac6ac7271a7e0016378b4b3d65f51c7850956a2","size":5544,"data":"","first_seen":"2026-04-22T12:58:35.63776Z","last_seen":"2026-04-22T13:11:26.691139Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7acc7d32407bbb1b10edde910cd6291f","sha1":"bdc78e2e1b24b58e7468fa788db0360528f029a8","sha256":"39a964138cfef2b314e2f96332013d43b49727cab06a56ea0573d8f07073cf58","sha512":"9ddbbb5f51f51543b5ff7586cca556a235a065e76bd44e9815c7eb2faffe633633df98b71fc07e196f691e4d25b6ce23cc5ccefa8b1f8cfaa0d25ef837fe7f6a","ssdeep":"","tlshash":"e59002d522e75400467626d8105a1c84a13544b164488a545450945d1c55130511649c","size":48,"data":"","first_seen":"2026-03-25T14:18:58.742124Z","last_seen":"2026-04-22T13:11:26.717924Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"55682be4c1fe73cb16691330614a039f","sha1":"e46070f82e66bb5840982649ac2b8ca05eca6471","sha256":"fab8d64a046e5156409098af2a062f61cbf165cbc77678cb849c421c7e708400","sha512":"387a3c03589b3738cc04422a0d457e63ceb8f9a6f24a2fec8bd5a6c7d74161e42bc8f9f106e1299719f976fc77d46ad371af8a7b80000e2ccf1f0b59c70d2689","ssdeep":"","tlshash":"879002a565e2a400567e26d8005a18c4702444b09c888d90504498592c55520951d85c","size":53,"data":"","first_seen":"2026-03-25T14:18:58.825129Z","last_seen":"2026-04-22T13:11:26.75593Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b1299aafd0ab7ab5f1fb1f0ebcd38d2b","sha1":"53ea2eb6f90c3d796de6537a9aa928a4f9fb6ef6","sha256":"59039976bc8553caabdf579fe64f44239831d84826ead8a27fa9d8cbe1125ad3","sha512":"4ddcd134bc0dfeb0390a28cdbd0426a4817bc709e238e4bfe2e1b5f402b04df11808bb4888fef5e42abf6b238a50239394f32036d713b3d42654cdd00a1c9012","ssdeep":"","tlshash":"55a022c833fba220cbaf2288002f0cc800e0f330083a0cc0c0008cb2be02028e0e0ecc","size":70,"data":"","first_seen":"2026-03-25T14:18:58.812489Z","last_seen":"2026-04-22T13:11:26.732552Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8ae1b25bd4bc427fca4af9ad59e0ba20","sha1":"6deba79b9b49d9a951aea79ec305676c5bf926f9","sha256":"24c1e25ab719008ba27c1e12df2a0c0e48b59cb43e4c365e5255a5f25e8155b7","sha512":"b383a4785d2856b56f8ff20c2fc63dc4c577ffe7093506e42d17da1991adc25574b25d074b40dde967a9005876a58f5528a54e6ce116b328785fb763e930bf65","ssdeep":"","tlshash":"4e8004d531c75000475311d500571dc45034457014444d404450d4515c55030513557c","size":36,"data":"","first_seen":"2025-06-19T18:27:59.950927Z","last_seen":"2026-05-06T09:31:11.401302Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"40c1b54704ad8f66bbe9377a4354afbc","sha1":"b978207d0c451b32dbf57a287691636e64ddb21a","sha256":"8a55132d205434039b6002f8afb30ca40c30c036f49007d73d65d85c8312f48d","sha512":"7c7fb2215ae2f8a374aa97f37becf7c67605eeffd3d120c802390e1ba85d4264cc5da2a69163047cf9640ff9847b57ff215c9318af647caf7997e79b11c2d26b","ssdeep":"","tlshash":"8390029521c25005465212a400ae1c84602a547024484a404080d45118a5020615d45c","size":40,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.880008Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2ae05031730998ce75a33436e301e08","sha1":"2024874e21ba450ca23954bf8b4ef116a3e6dc7e","sha256":"842bbe32cd64901e808d0d53c75a9a895b3cb7a61bd323110fd9583b77824d1d","sha512":"fcbb70b64c260e98506d8c23c5a392441415a0b7f8f8e8401b0b50c53f555135e3a0885f91c8337650d7d9fdb7c44384f7a71b1b58fa1dce93fb46c9382ed8ac","ssdeep":"","tlshash":"45c0128a22a0400a0aca28289e4f3002346300ea142cc5c19a81af907f6231f8ab3bc8","size":165,"data":"","first_seen":"2026-03-25T14:18:58.702299Z","last_seen":"2026-04-22T13:11:26.714135Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/android.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc58696fc20ecf78e3301379b30ed023","sha1":"4e5131b97829ca2f52e8daf67c8ab0d3350bb1d9","sha256":"9dacfebb16b842880b906a63bc5ad7533f7ecede12b18cb489397ac651a9ddc7","sha512":"726ae890616b254bb51225261d71d8d0a5786ccf34a1a9bdc3d104cf599c6605c5042552dd61bb7a9835e74c282d85db0a0a8655f6df3a72b0294f1638f356e1","ssdeep":"","tlshash":"3e017d1645a8913a55b3733a4f072300f41e45234154ab41bfee8785aff28589151dc7","size":732,"data":"","first_seen":"2026-03-25T14:18:58.686387Z","last_seen":"2026-04-22T13:11:26.688814Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/th-TH.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"3800fae914defaaae63bf6e3ae45f7c9","sha1":"ded450f8072c4827906b7dd42271716f695c8a0c","sha256":"1048d6f0855fe1a603cfbb9a2f0adfe3367136f50f2c04bf4f285a4968bb17f2","sha512":"2beca0408c79aff9fa39146da8ae60ac8afe4c6b921c30c309a886e9e0bfd3f2c30d30608abc5568c92af33a791ba1f0316aa351e15564dc8fbdd546f620e3ee","ssdeep":"96:Et5s+51wjs4RLpj4X0C6ZVSlD2UWQa3mbOb41FFxDVpMQlWdnQNwRKLaCJNpwTww:Et5H51wjs4RLpjW0C6ZVED2UWQa3mb+n","tlshash":"16b137b371468990799c1d0b352a7a849569bf963a73f8e175e9205dbbf070e8020ef3","size":5382,"data":"","first_seen":"2026-04-22T12:58:35.571084Z","last_seen":"2026-04-22T13:11:26.689909Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/en-us.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"1061284aee09eaeef08132576aa0faa4","sha1":"13602a5122ea813acec4e3d633d3ab36002d56f5","sha256":"ce61496f1b7f769805483bacf0f5b232d4d8dcd5b013823b4bf0ca902c6934db","sha512":"81b2e6d989801f29ffed281cbc809a9df537ed3ce300d7b2826807eaae8aef610438b06048e8e43028696ded8bfc8332777ece442bf75695333b4229a48da372","ssdeep":"","tlshash":"f95146c7a35441b816310109e939cd90d5b2a3ab6643449ffb7c42683f3242dd2e6fdd","size":2844,"data":"","first_seen":"2026-04-22T12:58:35.573946Z","last_seen":"2026-04-22T13:11:26.679119Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"65d33536160efc436eae0236f273cf09","sha1":"58ed12220d1ffee08ac8e0db8866448bf3c65f50","sha256":"75972d55243a5ee6b2d62d4f72165a8403780f5a5a2b03e02a9f069e504d6d28","sha512":"afb3d98f74ae477d76cf66aae03f056c0764b2c64afaeb16a93046e247ae4330d90ddcef7704fde97f2f298ade45f5e84c0d21f1f638f5b4157726e7ce8c3704","ssdeep":"","tlshash":"7190029521e25410467636dc00562884e02484b194588d504040d46a2c55160612549c","size":50,"data":"","first_seen":"2026-03-25T14:18:58.857564Z","last_seen":"2026-04-22T13:11:26.760036Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d0c81526008b00b2116e0d048f2d9fa1","sha1":"0b5a407619b65f6ce7e28747ca2b091a00d90b4d","sha256":"2e2bd1b4fac95d5a1ed7b10e8b9ca88658de1e8ac86c67e8309a08081f718fe9","sha512":"3edbc4aed9d4afb9e57342d965840db406325ee61e6968d3daaee3fd784388ba97bc89e6fb9b7ff566544409c7038f05685d865a94d1fea17323540982894f9a","ssdeep":"","tlshash":"859004d531c3504cd7d311d400571dc470744c751444cdccc1c0dc511c55030d1d54fd","size":44,"data":"","first_seen":"2023-12-20T13:55:26Z","last_seen":"2026-05-20T11:51:24.546556Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9005f5e979a497565325439cc41cfec1","sha1":"c0766c5f607799f261395c2d297785ce24b0f20f","sha256":"59e6b7369e682d03ed228a60ec2e2b9d81ba096b3e62b3ea9c96ad480806c42f","sha512":"eadc882cf0faa93d65cc83efefed0297c1ce0290c21b35fd28e0c1b50de071d237d8af3e8120856257957fd4008889a411f7ca565659f3311bc7f8cb452dab32","ssdeep":"","tlshash":"889002a522e2540046a627ec045618c4b02484b055988940404594591c65120911645c","size":48,"data":"","first_seen":"2026-03-25T14:18:58.875954Z","last_seen":"2026-04-22T13:11:26.716926Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"af20df8f7164fe136b17511afe884dde","sha1":"d8b176a6c9aefa152476ff851d8f3882578f4576","sha256":"e48bec841bccf93ace9f0a1ff37ec437e55881bb4c5449f581bfa39ed59e4352","sha512":"4819c0cff905070e7769a278a7a3eae7ca098854e8dd92c3de5c305708179a4b93fe28ce81b3d9c37407d44ccc9917d09f47f99c310a24423f38ad1aea627eb7","ssdeep":"","tlshash":"48a022c833e30020ca8f0080002e08c800a0b230000008c0c00088a0bc02020a0888ec","size":61,"data":"","first_seen":"2026-03-25T14:18:58.866076Z","last_seen":"2026-04-22T13:11:26.721171Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/common.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"315361969b94bcf6fab06aec7c437015","sha1":"3bce487b3860d2356996c464ea79b02b9a5e171d","sha256":"48c9ac90130df8bb8ba573f3ab9b61740274ef30435ece7f057e0ff7071adb22","sha512":"70d80070715a9902bdbab2e8c9e787b719841c805996c2d9182a16a2d549d1d47df1c39f76f668c9b4326e3a061e598b8eebfde914217f5737b6245eb472bd6f","ssdeep":"","tlshash":"b1e02b8c7597500501373f7c998b8005f572702768291841b6ed4bd47fb502342b7d48","size":401,"data":"","first_seen":"2026-03-25T14:18:58.645056Z","last_seen":"2026-04-22T13:11:26.684649Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"50bc2ce6359ce12921207dcd31075dfc","sha1":"477707da15f9e30a602908b16ba653fa8511c7f6","sha256":"e29b2f0da5af58c5112db3589701b0034481189e0760053d1af303ef5ec9c9d0","sha512":"a11e940194f6ac1c5c611afc1b85daad3fe68c3b6be0b8857871d9586d84e45ff50786d534981607520189ab00596625b11b4291d95c530292af5a53747f2da0","ssdeep":"","tlshash":"b190029525f25804476627dd555b18c8a424b4b1545899405141a4691d5956051194ad","size":51,"data":"","first_seen":"2026-03-25T14:18:58.746692Z","last_seen":"2026-04-22T13:11:26.756475Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"640a0acda93f7d90168da2bebb5e6552","sha1":"836c61df7f2f8db0a67ecf5024c1ad18fda838e2","sha256":"d9a2217079482fd882d31d82940fa402aae2236e3f45843bd8e905a66beb2a2e","sha512":"1757cf1fa1cf44fcd07513dcf7c3633fe5864dc71f84b39939b9b0ad99bde6d4221c18c5327ea0a3a98238a0e9f67309dcc343bc3a34aabefe390e33e9139ad6","ssdeep":"","tlshash":"1aa022c833fba220ebaf228800ae08c800e0f3300c080cc0c0008cb2bc02028e0e0ecc","size":70,"data":"","first_seen":"2026-03-25T14:18:58.827824Z","last_seen":"2026-04-22T13:11:26.709882Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ae60c74deb4d4b5f113dc6465c50c476","sha1":"275d39f17383a7a56c54cb2250eac3b9a21be0dd","sha256":"c93c644d53bbb4ad297e08edf541eafc1a02b8b70f47ae15afe3fed52d885b31","sha512":"57914a5a6284d1a69387df3d58b79fc7a696656eb3b6c5c4a06143b0d76a7738ecb370449ea075515584cf90aa26aa9dd8e4135a03e072c5e45cc1d474cef675","ssdeep":"","tlshash":"f6a0228832c32080c20f8082000b888000a2a220000008c0c000c0e0ac0203028e088c","size":59,"data":"","first_seen":"2026-03-25T14:18:58.752176Z","last_seen":"2026-04-22T13:11:26.725252Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"85409d723dd8ee764079ff2f03bc2c3a","sha1":"504074950a341d5d406f4ee5a9726cf09ca1448c","sha256":"37d61138d1fe7cbb84f4569fed5417bdbf2466f2f4ebe98760e05851ea19b667","sha512":"be0391555c7ed38f815c65321405f4a58fd3d50e96a6752edd200942c83e0cc3d61e49b340fffb1375504327d3c8aa14b0e9d74a10c02166d0ca45b791a621e9","ssdeep":"","tlshash":"6da0228832e380008a0f08a0008e0a80c0f3fa200800088cc0088cb02c2383002c0cec","size":66,"data":"","first_seen":"2026-03-25T14:18:58.85615Z","last_seen":"2026-04-22T13:11:26.713515Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0d9fae00c30927890dcf485c840ea328","sha1":"13da4cfa0e4eb941133261e31d900f4948708677","sha256":"7d128c625ad955bc51c57030ad1131783545a9c4bc711d04111c12b208fcdbdb","sha512":"0e5696f91fd75fff4fdc40378ecfaeb846724221fd262b3a94a5904d2188ead6bc280ca4d740f6778c158b153aa4c9c4103b1bbec1589a11150962196c1104d8","ssdeep":"","tlshash":"f59002a522c25144c65232a4106e1c8d6166847014844a408080e4611ce6130615d49c","size":46,"data":"","first_seen":"2023-05-09T13:40:49Z","last_seen":"2026-05-20T10:35:00.882401Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/ja-JP.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"33f625434aee6a6fc8c5d06f21500d9e","sha1":"943523cbcd66e7febe4a6fff1771202d3a8df3aa","sha256":"ab9d7bd6b540852d68145f8d5a67a6d45ad2d023de46db88c107c32a4c2e95af","sha512":"130c432af79c79562e7c41a5d7a7ea7cfdbe01b897b2603234a3a876cc07ab9a5c4df88c9ffb287befbc8e42bfee76837b6984385594c23cce97f80c663fa7fe","ssdeep":"","tlshash":"2d71cedce3c454261d304565ad6d6d80e046ffebe892223b767cc0747f311aee990ab8","size":3690,"data":"","first_seen":"2026-04-22T12:58:35.575147Z","last_seen":"2026-04-22T13:11:26.687554Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3072eba3974453e5b10ac7223e0a74ba","sha1":"33cc93716fdf33dbfb921c7706060bb76b0bfdba","sha256":"2cf82f3ba129cd48019d6b37f916b4bef92578ebd3ea806b61412a04ccedc4c2","sha512":"772602d33efce63eef03e7481959007e9496ef6a808fd28cce829ee45e5f057013725a4b1d35595fc2217e4e9d46552fcd7bed451c05b3d295fa17ad88e90b85","ssdeep":"","tlshash":"ba9022ca33c30000c22b008000ca28aa20a0aa2880000880c08080e03ca2020a0c088c","size":56,"data":"","first_seen":"2026-03-25T14:18:58.744461Z","last_seen":"2026-04-22T13:11:26.712313Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6ba4df649be61bcee4d5faeeec8e0ea6","sha1":"6f90d479193f6d974fe85af7f14247a9e06c0748","sha256":"fa310e5cc4b6e6ec4a5143caf257187d34d561a0d117d7c5d5b73bb15c09b8f3","sha512":"237e6cac11e8a0c30b150e8172b157233b654bab12785c285ab2c9d15a52c771552c35b9c91829f7bd119c555aa621abba5afc6b87801e03c10fdbf24f10a6c1","ssdeep":"","tlshash":"9990029921c3e0454a931595045e1888513c5960345d4ac4416494655b7a16456758ac","size":52,"data":"","first_seen":"2026-03-25T14:18:58.850812Z","last_seen":"2026-04-22T13:11:26.73664Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"59dac782b0d48dc1a7c6001fa1bc3a08","sha1":"e9eb0def4350bef59b3e57a1cfb47ea82fb38d57","sha256":"77ce4764eec528b435fea91725d62f1df0dea271df7d3106441e0d18e39fa5b2","sha512":"afa391487245cffc5c0ea2eadbcb07b13cc5b05adbffbd6bdf1a95a8685721f4021536e17942da9e427622c7add9f4bc3bbfc38d311ccf162708a1d47b3fbaef","ssdeep":"","tlshash":"c4b0128c33e34091866f14e428077686a012b13c9859566cc044e06c5f3301030f5e8c","size":97,"data":"","first_seen":"2026-03-25T14:18:58.864036Z","last_seen":"2026-04-22T13:11:26.735858Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3992f2222ed92f8f2beaf347d5a2cb43","sha1":"12859ec14af7ae335886a6c3496d3af98e4ccd08","sha256":"d5c18416529dd82ccb4d3a6a13e1860ddb71988def089c1fb0736d5f113d89a9","sha512":"4c4bb0a913ac0b7b0427b84662fddb3fdc8a8af0d80235039ae781217e6d0e5d3289d19c009c0d530a85cc0bbc4d92cfc455e708529d9d863a11aedecb02a36d","ssdeep":"","tlshash":"cca02280a2c322283ba30a8c00bb288800a08030228b0e00028280880ac2020a03a8ec","size":64,"data":"","first_seen":"2026-03-25T14:18:58.852659Z","last_seen":"2026-04-22T13:11:26.74192Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/css/base.css","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/css/base.css HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-a65\"\r\nexpires: Thu, 23 Apr 2026 00:58:09 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cKzU0mgQSwtEBxYdOsOs5ajyw0wK%2BDiZ5CxLxcuEGE35vXTbcPC7kv%2BgfeaYYckynTgzQyI4gt2XI5bXU4uFoXZYbanbdQ7GP%2B%2FgTpUhhawqjcvChAeKqUZnac9HjEdkDL4f\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fdf480b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2661,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"caf6fd8aea6a038eab242fbde0d196ec","sha1":"2cb1db892507b8e8c42fdd2378ea2efd7ea500f8","sha256":"43135d20eb1a572383f3e542343a45f71d1e27105575c7e6a6abb4ce88f5e022","sha512":"c17ccc7c0c0cfb5fa04d2ac1d9b5c927567b4fdae79c88da2f95310de51613b7ce701716d3c17e054b82843bf6620dc55486149fe24366fc45f8c6b40b28b048","ssdeep":"","tlshash":"9f5174a946003144863acfbebfd56b24eb3c41718b424199bdf1290976c3a5a32d1fba","first_seen":"2026-03-25T14:18:58.646994Z","last_seen":"2026-04-22T13:11:26.685546Z","times_seen":6,"resource_available":false,"data":null}},"time_used":600,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":600,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/ko-KR.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/ko-KR.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-cdc\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nsQbFP%2FkfXKpAjhcihV10fBpVeD%2BwL%2FAkqLqQSf2SQqj6uSLgoJxvOfL2E6Ej0KonANm8Dc9%2BJPgQgEDvE7yCzua5g%2FvzZ%2FOYbiCYOtsllIXynra%2Fo%2BNaGNSAeZakQI4yC7g\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ef8c0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"1394f01e4621581199b6d5e19b8014e9","sha1":"bd682870af4d656d5fbf61fe9c323292bf4f7a33","sha256":"c83a87e733f31f449f1ce76dbf0e62f5c0dc74013ec2ebd7f98e390282918bbd","sha512":"ca785f7e58379fcf40caab46a69d83476a088a962e1f09001c1979afcbd944f3729b1e2dcc2ea3e8e76680a451b3355838472e83a83937a022ae78b5dd1236c7","ssdeep":"","tlshash":"106151d069ae86c929712a016ef85f45d1a1f3774ba300ebbe788d587f3108b81c1db8","first_seen":"2026-04-22T12:58:35.566976Z","last_seen":"2026-04-22T13:11:26.686268Z","times_seen":2,"resource_available":true,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/th-TH.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/th-TH.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-1506\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=exsbO1m%2BpvvsrWR0NNeyC3p5x8us0Dm4LCBYaqbmNhu6A%2BWgopJAMnfaigWfYDlmTv9MgEaLrIdKGCMd%2B7z0Qb7zMikN%2B%2BE9tTTyjKMDr%2Fu8%2B6UDebFwPVpDbKo5xT9xiXfn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ef8a0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5382,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"3800fae914defaaae63bf6e3ae45f7c9","sha1":"ded450f8072c4827906b7dd42271716f695c8a0c","sha256":"1048d6f0855fe1a603cfbb9a2f0adfe3367136f50f2c04bf4f285a4968bb17f2","sha512":"2beca0408c79aff9fa39146da8ae60ac8afe4c6b921c30c309a886e9e0bfd3f2c30d30608abc5568c92af33a791ba1f0316aa351e15564dc8fbdd546f620e3ee","ssdeep":"96:Et5s+51wjs4RLpj4X0C6ZVSlD2UWQa3mbOb41FFxDVpMQlWdnQNwRKLaCJNpwTww:Et5H51wjs4RLpjW0C6ZVED2UWQa3mb+n","tlshash":"16b137b371468990799c1d0b352a7a849569bf963a73f8e175e9205dbbf070e8020ef3","first_seen":"2026-04-22T12:58:35.571084Z","last_seen":"2026-04-22T13:11:26.689909Z","times_seen":2,"resource_available":true,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/en-us.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/en-us.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-b1c\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ov%2BgybSbD0U8h0gavsYRZyQBArS%2B5lHR8xBx%2B0AnpPppAx27vX4vFMgqw3LfUHrk6xoMZBTtaNyAyRlGOtPUuI5I4e7yM%2F1wXbzCE2cAlaY15Kd1atr2dCiMYKIP1FDd9kHW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ef8b0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"1061284aee09eaeef08132576aa0faa4","sha1":"13602a5122ea813acec4e3d633d3ab36002d56f5","sha256":"ce61496f1b7f769805483bacf0f5b232d4d8dcd5b013823b4bf0ca902c6934db","sha512":"81b2e6d989801f29ffed281cbc809a9df537ed3ce300d7b2826807eaae8aef610438b06048e8e43028696ded8bfc8332777ece442bf75695333b4229a48da372","ssdeep":"","tlshash":"f95146c7a35441b816310109e939cd90d5b2a3ab6643449ffb7c42683f3242dd2e6fdd","first_seen":"2026-04-22T12:58:35.573946Z","last_seen":"2026-04-22T13:11:26.679119Z","times_seen":2,"resource_available":true,"data":null}},"time_used":602,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":602,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/ja-JP.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/ja-JP.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-e6a\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UE%2BwX1jxVab3he9hq5VKv%2BrzD8HRnk5WOOa4hVRjhUKxV83gdbl%2FkQpuVuddJygJL1ljDXFyN%2BjQnijtfQ9cjUyAYhQdlOSM%2BkWmKz4Dbk6uiWWUjZP%2F4IWy3Qrbu4b3nKyb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ff8d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3690,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"33f625434aee6a6fc8c5d06f21500d9e","sha1":"943523cbcd66e7febe4a6fff1771202d3a8df3aa","sha256":"ab9d7bd6b540852d68145f8d5a67a6d45ad2d023de46db88c107c32a4c2e95af","sha512":"130c432af79c79562e7c41a5d7a7ea7cfdbe01b897b2603234a3a876cc07ab9a5c4df88c9ffb287befbc8e42bfee76837b6984385594c23cce97f80c663fa7fe","ssdeep":"","tlshash":"2d71cedce3c454261d304565ad6d6d80e046ffebe892223b767cc0747f311aee990ab8","first_seen":"2026-04-22T12:58:35.575147Z","last_seen":"2026-04-22T13:11:26.687554Z","times_seen":2,"resource_available":true,"data":null}},"time_used":599,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":599,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/css/android.css","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/css/android.css HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-2894\"\r\nexpires: Thu, 23 Apr 2026 00:58:09 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t9sMxflFas4LXd1KK%2BMZf1npjV9tO7gF2qaSAnybjt8JI8ngYJ5dTOEnTc%2FR6cRPa9SDNb3fkBN1G7F3zn%2FPpDSTjk1HdUk50bMSi9znLzsR%2FXANX8olrYiA4c4k4EGaI02O\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fdf490b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10388,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"bfeecf10fd52501c57f5bf2c1c1f9615","sha1":"8de5b7a6efb5aaa7cffe719c9c72caa0e9d876f1","sha256":"abca4c414487d1624a9b3b1953070390e0b473f60340059454268ae7216985c5","sha512":"737e7b43b8bd50fbb18f1460e15b81c11b2da6f28db2992d4ac1ba8b205b7a689bfdbaec3c423bc0a9e27624092478e099a709864cb5ca9a7542c321bbf10a93","ssdeep":"192:JvGTORZs/nPPU/bG7yVNA97XkO9wvJRV5cn0nzSM+4DeHY:J+KK0/K7yVO97XkO9wBb+6","tlshash":"ab22109886944709d532cbb7bb9dbe162ed808918503431ebfe11401fa8fa371e25fcd","first_seen":"2026-03-25T14:18:58.681269Z","last_seen":"2026-04-22T13:11:26.698578Z","times_seen":6,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/vue.global.min.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/js/vue.global.min.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-2f735\"\r\nexpires: Thu, 23 Apr 2026 00:58:09 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pUzGsIuMO%2BD23LZdiiGcEw3OiPAfDFpYQTWu1lL5CBZ2jbphatZMQATKytDM2zua69wPNCVnHg3ym3CCpNjBhLoMElxeU5Felv3axYJ%2FXFyMa9bdQjxqWs%2Fcq98NdlTfzEnv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fef4a0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":194357,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (44955), with CRLF line terminators","md5":"3d464777cb6dada6498da5d78698d6c5","sha1":"ba5eb7ca45ee5e573e5983bc4619b27caf2cb99e","sha256":"1adb65522efb73c54700d49e168157e59e79f361255e22b8e91311df0485609c","sha512":"e5d48abc5ec5333b1b1d870c98afb5720230745d61aa4275cfbb2d581b84c205495d9d8074f807e6a91e14cf14185076a76a4c7fb1fc7c9583ebdde63aeeda79","ssdeep":"3072:20RSBLV1K6pKt4W4Z8oAfE94Z6wn38Gl9/+eQvRvpIh9By:20GA6pKt4W4io8EMn/l4RvGy","tlshash":"111439a53181b03217da15e250bb0016f33a1925380984e8b5bde8df2d7695e61fffbe","first_seen":"2026-03-25T14:18:58.677543Z","last_seen":"2026-04-22T13:11:26.702553Z","times_seen":6,"resource_available":true,"data":null}},"time_used":949,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":762,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/logo.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:11.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/logo.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-a8d3\"\r\nexpires: Fri, 22 May 2026 12:58:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d7CwtLgmOhC%2Fwj5x5qATbgJVcDNB5wjdR0amgpO0Z6S2MzTXm8EKMg%2F%2Bp55z9OiT9q779O2zizAfNhI4bHRATIzL61i4B7RMWLAwGQCqZmB10gs4y0jxriByNRe2CeROjsJg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc6e6f950b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43219,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced","md5":"cb63da1f800e6013485748bd23c6e9c2","sha1":"ff60c6d691a8dd87ea211910dc055cbf42899ff5","sha256":"8b5099de2c4875b7867cce5093350f4f0a497b1b54605accbc5b5f7ed0b5009b","sha512":"8d82d4b93a7edb488dccac4c241fbe857d97fed7ed3bc478be894684bd287c35b488ef1e0f124ce112696fdeb0711d7a4f25296a91343253b54c52cda41a1d40","ssdeep":"768:Rh3aDAWH+geoPRt9rgyNPocEhvtJskqQG+iwxw179rvlgO0fbnt7Y3w55sGj:R1geoJLwbJ+QpxA797Cfbnt70Y5F","tlshash":"3113e09e513692e950e014c29631bb1beeb77408669146cdec779c0ce8eb4f220b47e3","first_seen":"2026-04-22T12:58:35.578101Z","last_seen":"2026-04-22T13:11:26.680244Z","times_seen":2,"resource_available":false,"data":null}},"time_used":969,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":778,"receive":191,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/app_image2.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:11.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/app_image2.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 16 Dec 2025 09:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694122ca-193eb\"\r\nexpires: Fri, 22 May 2026 12:58:11 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9d3fTSbknuubJK7CRhJrk6SzLRBDgcNA0ZTSFrCfsClTTEY3h2dooaByB0g%2BQq%2F0nnzjzlU4u6DNPXdOf6DpZaiUwpUvHHf9hOX5m3q3QaBFGsg58CM7BHS6MPtMdML4xEZV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc6e7f970b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103403,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 646 x 1398, 8-bit/color RGB, non-interlaced","md5":"e30653a6aebb26dc86f12ae29be6442d","sha1":"ecd0e6f34806d374988c90c26eb9d25e73e76d19","sha256":"eacfe71b5852157f4e57a95a457a38fc78349d2df57e5c9bef1d090bee41b76e","sha512":"6bbf3a79c0cc6ccca0abfda70ed88430b029910d26fff78d6fcd9e1b52a1a843e44e8c3ff49d19a8adfda732ca83385f3ac02af8f435028e3e34d3401fc6b820","ssdeep":"3072:L01S4o1UDqSF//tie8Fy6LRsEgA6VKD69mqlI13LJOhbj:rWP//ti5RsE29mfJOZ","tlshash":"92a302106b58edb3bc244310cde899d94bf29d404b921128b329bb8d77cb13b16f9bd2","first_seen":"2026-04-06T21:20:20.885998Z","last_seen":"2026-04-22T13:11:26.683657Z","times_seen":4,"resource_available":false,"data":null}},"time_used":776,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":393,"receive":383,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/android.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/js/android.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Apr 2026 00:58:09 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69304950-2dc\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UBNMr7fRa2jvY6Xut16xFdMljEswIjbO%2FAzOQy%2FpUZw%2FwfxFeFJOMVAElcREbjXBuPNDob%2BKmxYvf8JNaCHreee%2FWCyT3cUrc6KVWAe8x3cvY8cWYZ1%2BWidhQGOUwPb3L3MM\"}]}\r\ncf-ray: 9f04cc5fff530b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":732,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"fc58696fc20ecf78e3301379b30ed023","sha1":"4e5131b97829ca2f52e8daf67c8ab0d3350bb1d9","sha256":"9dacfebb16b842880b906a63bc5ad7533f7ecede12b18cb489397ac651a9ddc7","sha512":"726ae890616b254bb51225261d71d8d0a5786ccf34a1a9bdc3d104cf599c6605c5042552dd61bb7a9835e74c282d85db0a0a8655f6df3a72b0294f1638f356e1","ssdeep":"","tlshash":"3e017d1645a8913a55b3733a4f072300f41e45234154ab41bfee8785aff28589151dc7","first_seen":"2026-03-25T14:18:58.686387Z","last_seen":"2026-04-22T13:11:26.688814Z","times_seen":6,"resource_available":true,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/pt-BR.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/pt-BR.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-d0b\"\r\nexpires: Thu, 23 Apr 2026 00:58:10 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JYGJgCaVcwJFfQZ%2BhZmxMV2hc0nogsV7vn0aU2aYwrCHxTzQAoh0T5u6Hh7A%2FrrI5xv4fQstwqfIlbC5CvZYIcDVYu%2FFJ12uGa0VKIHuoDLS%2FKSzyolGeBRyXw7Zf0gfnQ8w\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ff8f0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3339,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (325), with CRLF line terminators","md5":"d516a547ed986ce01669c95e056bfb94","sha1":"cb6d131675e26bba181d953145ea087dc01dff8b","sha256":"52d71eb128e8b756b5505980c4bbb3994338f3991d527be03430fb8ff07b805b","sha512":"42f1ccf1a72a4154680910e8d2bc17bda491c234eacc51425e07b1127af026c886d5befdb84c694872dd8f9f35270fd726fd67a003df6868c9d2f0665cac469d","ssdeep":"","tlshash":"7261312b5a9d48153b3043042b768b42f184731fb817486fbbbe46847ff7598e1cae69","first_seen":"2026-04-22T12:58:35.580897Z","last_seen":"2026-04-22T13:11:26.701867Z","times_seen":2,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/app_image4.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:11.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/app_image4.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 16 Dec 2025 09:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694122ca-182c2\"\r\nexpires: Fri, 22 May 2026 12:58:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WXLU2csMbIZZzbodOZNQMUBXkXQZ6sYn%2BBgK6aLStFSr8aQhi%2BW9TNvfb6wlvj8abgnXMKgWxe7uskKX1Z9DRBqvHNsnnSoy2kYmnsoSCXTp1WHs%2FtD21YuRt3D1NkxIwW8i\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc6e7f990b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99010,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 645 x 1398, 8-bit/color RGB, non-interlaced","md5":"7e90b315e9776efdf6a8602f7371543d","sha1":"739d583a46ad45a0e62c41638e8dd56c86a66aee","sha256":"f292ba2628e2fa60a26f321f95283be6c6ad857fb03291c94125b148aeaec63a","sha512":"20f73ca8ac2da378f15a0a5a5646b5c60e316ccbe926ce0b478913a52520c41ae429afcdc71130fc1f5a11b671d8c62ff6a1b14c75f7f043a4e42242d748436c","ssdeep":"3072:JQs19CP9Vz8JE6mOGYUb49YiLf9y1WnSRK/NU:JQqmvzypmq84Kq9IM/NU","tlshash":"88a3029505f6c2ac80391a30ea7d5f924bba65fe84e2457b00f83ecc976cd68083db56","first_seen":"2026-04-06T21:20:20.927629Z","last_seen":"2026-04-22T13:11:26.691882Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":769,"receive":373,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/favicon.ico","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:12.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:12 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69dc3914-10be\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CIhQXX3ngpJnSU2prZVWfZSd9pbuV6ZriPHGR%2B%2F769Wz9DQyTED9Rs4KjzJeJHONF3fpw9UJZiJxwZQiXQxxXtj%2FZ4TN9tPLLludAY89agoT6W3cp90qbaqbmGIztElS%2Fx2P\"}]}\r\ncf-ray: 9f04cc71dfb00b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"17efc57bfd9aecdb832c3fab792a96c4","sha1":"da06ca73973219f79d5483d526d57fb423bbf99e","sha256":"d63df5392e745ba1261717f780b1a16f325ca0cd03434ee77fdfa0766f8c2d61","sha512":"dd86201012d5fa6d5d700b6128d3923e2239c3be0c94955b9571148c64a7007e81fbeac31bb047cdb60dfc18a97b4dfd7dae27a6e24207fc446e8ee524aa8ad2","ssdeep":"96:yIhcCXuQhyBea12LB/SBwG2k0hpisyccHhXYhJHk:yYT","tlshash":"7791fa8a3b042e4ecc17a2bc4055e3b59ab1dfe89621cb034df5ed377d498e15ca2091","first_seen":"2026-04-22T12:58:35.58338Z","last_seen":"2026-04-22T13:11:26.703459Z","times_seen":2,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/android/a-share.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/android/a-share.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-88d\"\r\nexpires: Fri, 22 May 2026 12:58:09 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PflI%2BGJyVp0ptz8BRDXrzwCMZSlCodPiPEBAILXhgARyduEXSIw4w7wE7f5UizrxGCCrS%2FTrJDN3f6er%2FOLSXimdUn%2FYUpS6E3FzCJJIUxjKrfv28j39WkrJKcQGMqA3gv%2FS\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fef4d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"b187a402f1b5ccac8a1115e46bd38f36","sha1":"4d1a56d6833441034c747bced4d2178a6b5bed30","sha256":"5dc069d015307ed1985a8832b19b5593e1576d39058a3c84bca8ebb6d8d3f3cb","sha512":"9210778aea9fba8b9e82f7f4814435539ac749b1dc62f607ede73b1aa69f3ed6a0a94a2b266ed2a95a36ea9ae6ca7efc03c1f1054751c64415862f9d5219b1c4","ssdeep":"","tlshash":"39413c2ac0c9b059d13e4ee5d9860c73de6aaf8e11e54e1ae32884332bda591e853642","first_seen":"2026-03-25T14:18:58.648465Z","last_seen":"2026-04-22T13:11:26.688232Z","times_seen":10,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":613,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/android/a-upload.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/android/a-upload.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-8b8\"\r\nexpires: Fri, 22 May 2026 12:58:09 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FE6icRuC3a1a5MfdRsDdFR%2FOzUpRI8TQLZhey0ik8CFa1VGBarxfAGpr7gYGAMo9dBjtEULyX7BZbVlCi8v60WFZGbWyC1Oc91KBUQduD1U6HzI0f6Y5fjDrf8hhZWzR3mMl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fef4f0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2232,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"f55022dfa4342d8c6abd1b55431ff0f6","sha1":"d0346698d7ab4ddf845871723c0fcf42727c0592","sha256":"2afb4d661d97f14c4d626c6fc718be9a4e3280a937924573371b91514d02cecd","sha512":"2621150506a88b81acb4f78d2bb16ae3e6d00b297956e2f31d5df97cf41483d70f4dcb11a364446e4f9072303dce335ab9b58e70aacb83cb152cc968c32f2ba7","ssdeep":"","tlshash":"2d412756d2b13aab3d5844e00b957ffe80611a8ea48c1107f2a9500e7538033aaa2af3","first_seen":"2026-03-25T14:18:58.66242Z","last_seen":"2026-04-22T13:11:26.676386Z","times_seen":10,"resource_available":false,"data":null}},"time_used":614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":614,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/android/a-lock.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/android/a-lock.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-4d6\"\r\nexpires: Fri, 22 May 2026 12:58:09 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pu6%2FmvZG4w5J6SGfY%2FaIozODC%2FA4xpk1RH%2Bt2DxOa5hgoWbxjJ0saPqW6neeyYQY2mUuzRzJIl2FRY6WjIUN8SFuO83wh7oqPap2c1Oq%2FBfjY8nc6ljDUZkl09zbBXwUSlDw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fef500b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1238,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"7fc0dd3410b9c9710ca5f952535cc79b","sha1":"0e0326566a1c4f72064bdd31424e47d33c93d24f","sha256":"871b65bdeb5d92af1eef573e43d7efd639dd87d4ab3d512653d278eb86397e69","sha512":"e652484f37a3171a983be15c326b24fbb21f0d022e7e625e5eaf13f9c4063f5987c1dc2d622eb67c0bf87576d6c5cf30d5c093aaa1560429fa909f0c6005672a","ssdeep":"","tlshash":"ad21b4ede4aa50cc3da6ac261240082bbcbe7cd041a4503b3e1951178283fc55dfe252","first_seen":"2026-03-25T14:18:58.649743Z","last_seen":"2026-04-22T13:11:26.67752Z","times_seen":10,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/loading.svg","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/loading.svg HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-1a21\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6%2BtAuzc9MlhyImMGEgf2AmyAGSr4uJEPyBu%2B0NBWkOl7LpsZqzz1x6Jc5fufz%2BEA6mrn0kmwBUCsAFBcrt0NSbS5wgzMv%2FyBjgqsCbdGLDjdtcNlB%2F6Ux2ovZuBIBJnQkRLv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fff520b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6689,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"efdeb5db713ff3b74baf2fa82024b93d","sha1":"75a8b5d30b0428d76258120305cacaae24a6b1fc","sha256":"4222dfba52e03309e0e4b802eac1368b22e1e11dcfb4431288431cb7e387ccb4","sha512":"d0cc17d1b1d630f290260d56a9eb3a0050522f53ca6f5514e0d4163907d96c196426e3285772d5559662e483dedeca8ea07d896f394f00c7515c8d47cfb2fb41","ssdeep":"192:DXSyZ7yJbnyGE+k6h//jCOjlzFr3OdVEOowd+FH:DXSZRk2/mOjBqboQ+d","tlshash":"fcd163df939862e8e102e3f58857a9757a4b3cf93901da0587c02da7d5e21ae0de8c07","first_seen":"2025-10-04T00:48:25.471094Z","last_seen":"2026-05-18T23:39:46.402088Z","times_seen":35,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/zh-hk.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/zh-hk.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-a89\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ztDCTWgld2OWuF8oUNYOFFlMYIGDtpBMztFjz1iwomcAS%2FaZDFGus3SOx7VMTj%2BX05cDnm5F1F0TkYptJalbCOBmusbKyuDpjqalI426oidwPUeDQvpMg7joISQVx1ItfdwR\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ef890b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2697,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"5f373dfbfbdcae366c12610c49a14521","sha1":"7a12a1569059f8eda25214687f4ee9ba0995ab58","sha256":"78816c73c390bed4303692f928d383aa6b51dac716e1b85e0cde647116e6f7b8","sha512":"2beeb72fe2e2b0f7cb6eaf81e7b1bd81a67a758b47f1d35392486d426d6b800a87266109d860022c45a0462756901297945a45417f7fb59ebb3980f5f2fc1f73","ssdeep":"","tlshash":"1f5196c4869c48587e340285beb48f49e820f7b78d1611afb27c85a42fb299ed1c5ad9","first_seen":"2026-04-22T12:58:35.600916Z","last_seen":"2026-04-22T13:11:26.689333Z","times_seen":2,"resource_available":true,"data":null}},"time_used":635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":635,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/app_image1.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:11.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/app_image1.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 16 Dec 2025 09:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694122ca-55b98\"\r\nexpires: Fri, 22 May 2026 12:58:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XL3fM6Zhi0mgAItP5ReclUp5QYCBbH5H6%2Bf7RtafmbUOmmrOl9mXadIXVPxgC3j51GB4%2Bqn2UklfUjUc7qCAQl6vi3c%2BGsMMsjxDuDv0BoPguEXKP%2BfDVrvcGj7Poq%2F3t8lg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc6e7f960b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":351128,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 646 x 1398, 8-bit/color RGB, non-interlaced","md5":"31396bb5836e490ab3d420467525bacb","sha1":"b55a174beef9749213c6ae01d53b44aefc628bec","sha256":"63e9bf55d4c30737db2b11fdd85ade4b9c446710b4d6a2f09c9ff74cb5488dc7","sha512":"892eaf22d2aff102ff0dbbc297bdd684687e2ea09e35f6ef6b11b99d4a06917f4ef810ec7c08a002f846da483a8425342004f0d0958f144d395b61ef8900edff","ssdeep":"6144:354/C+BjGKlLAZERluy9TyAVwV1+kFDIu6ayppoI0cV/8TqbnXU9LJBnV:pcKKxLzvVwVPFDIuwacaWMBV","tlshash":"02742367c1a88ac3cf22b3d54ae9bed70d2ac400c362e5827798d1fd919d6e5c9dc321","first_seen":"2026-04-06T21:20:20.916173Z","last_seen":"2026-04-22T13:11:26.696326Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":802,"receive":597,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/zh.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/zh.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-a7d\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZSM27CB0FO7s%2BMG0A8KXYCIRWWMTgPjRq9bYF9RV6J06j5h608DtENu9MOAMSNFrj1FwSxgJkCKqLVb2JY5opnNo6%2BaeN65ziW2s6Mhru1938lvizoWuG5%2B4Z6CtVNNKCbcP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ef880b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2685,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"1da1a8089d4e9a0b0404a3e75b240900","sha1":"483c464647d1f92a40252aba9a1720178c38e35d","sha256":"b4b4e08dc0ae16547aa3dc198478f4e5d38190b980a374ea14d6426f650fdde5","sha512":"90b971924074938e02849356f33735faa36491f14dd9e6fd1fd28b190122b3342ac8ba731794897b7eec57d86c5dcbf84064d7f0a4ab58e084edf74f5f1916d0","ssdeep":"","tlshash":"a45152c5036dc8942e3a028abd396fa9e421b7bb480651ef777984e43f7485dc1c1bc9","first_seen":"2026-04-22T12:58:35.612987Z","last_seen":"2026-04-22T13:11:26.700379Z","times_seen":2,"resource_available":true,"data":null}},"time_used":590,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":590,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/android.html","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T12:58:08.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /android.html HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 14 Apr 2026 13:09:32 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=1,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XuvkSXFc7g11h0EqM%2B%2FT2VPWUiAQVkrwcjz2aKp%2BXQyrtfDx%2BcjYs18fJFFJkMdN1h%2Bt8o8PC3iFXZwoPU5arvGA1ew8GfrzzcTyAB%2BTkAiyIBupxlePkrP%2FjTLkquoet1RU\"}]}\r\ncf-ray: 9f04cc5bcf2d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24053,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (757)","md5":"95879ed343cd8c295ee7021ebcba5798","sha1":"413d5678684a77028607a2c653843a2809f2bcec","sha256":"5451ae2a775980031c417dc32474fa3bb58f4f97a1d0e7955b0a12d56afc66e5","sha512":"240d8fe7289b6068956f53c908e7e6ade461f447631347320c27134a3f2342c738ec09b247cc5d2cd7bd4b528ff6479f07bb888bfb1f8a009c83ff7d4f14084e","ssdeep":"192:3SvzHjJ+LUNc6r1eV99Few412V9nzA+c/ObFKKvdFpjjdJjjyMFjjaZUZ+jlJDiv:3SvzH15cww41wnMD//MpPXPVP4Oi0F","tlshash":"15b2b4a082f04131958e81893e69181f7f55e2b7e8078a0cb65d4be8dfe3d52cc539de","first_seen":"2026-04-22T12:58:35.616219Z","last_seen":"2026-04-22T13:11:26.697975Z","times_seen":2,"resource_available":true,"data":null}},"time_used":615,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":613,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/vue-i18n.global.min.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/js/vue-i18n.global.min.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-12bf6\"\r\nexpires: Thu, 23 Apr 2026 00:58:09 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NA7JL8JHnrP8skuGH7VojOslg05T%2FO3YsH04elF5hPXmLqnkzxj4jbLWv1NywPZeXHnkPhxKF%2BezKKSFiYgt9lvNzRLUOMADG4dYvxs0PTUFYIA3JXTniyDUSjqnu1wS%2BceI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc5fef4b0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76790,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65173), with CRLF line terminators","md5":"447a39ca04618137f539d05ea1ef9f4e","sha1":"34e1c65e7f49fdfdc2377da49f03710bc8604e2e","sha256":"9e2132db1e719386cfead1e1b9d9bd8beb3eb5b1007f77e51e7b2f7a425bc277","sha512":"d196a5ba511d64ff6c869f74e3edf125ba23ce5ab6fd56f5614c7612ad86a8471efd62dab95a1035d13afe8f929238f52f11e39b461cf8fd6703899df4204b10","ssdeep":"1536:y7gEgU0f7GygAiquKDb6S+H1zCuG03wZEUm4ukM5R:SgEgjf7Gyg8+JzG03wZ5ukM5R","tlshash":"467306d675e67016877a42ea70b31101ab3d1a18340ed894f5bcda823e27c5a43fbf6d","first_seen":"2026-03-25T14:18:58.654845Z","last_seen":"2026-04-22T13:11:26.695335Z","times_seen":6,"resource_available":true,"data":null}},"time_used":789,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":786,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T12:58:07.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 12:58:07 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ics3Z2QkihPDskJ56phDW78qkqxXuTAfBwV93VR6i1ZZeFh%2BUgZLbqeBTRxVhlBca3MTAy4flezt8c9elc8RCECAUrTV8p%2FbVLZHWrVoqMbMYTV2IO0iTmyZvMsRdhx8jU1k\"}]}\r\nstrict-transport-security: max-age=31536000\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9f04cc52992f75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":897,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"609cb5ca4f371793fcee6d56136c24c9","sha1":"275c8d131ccc09c733c5c2d9608ae8d37d296884","sha256":"32f4ae6f81bd8434f274b6f16b811985c60b5f9e1345c54d7cc651648e2e71d7","sha512":"74cf7b5d226deeb613500f66c6ae5a32d08f6f79b9d69eb9a7fa0546f5fb235a015f942d035ac5213af84c12143636c53a18dfe61643ae78b3684e7f72f5dad0","ssdeep":"","tlshash":"87110c129cc1cc0952716070eea2e159e143c2aa438add60b4ca25577fa234d4de76c8","first_seen":"2026-03-25T14:18:58.632369Z","last_seen":"2026-04-22T13:11:26.694731Z","times_seen":6,"resource_available":true,"data":null}},"time_used":748,"timings":{"blocked":69,"dns":40,"connect":1,"send":0,"wait":610,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/common.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/","date":"2026-04-22T12:58:07.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/js/common.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:08 GMT\r\ncontent-type: application/javascript\r\npriority: u=2,i=?0\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Apr 2026 00:58:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69304950-191\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q0tvSI0WI1l6lLhQBRKqcA0549Y2Ei%2BRVRkOIxRjqSKhSpzjcud5OgwLRMZCXDMv2ZEUnu%2BxyGXo6urAhP05hFVYYeJ31qmshmk%2BreXzVMDvl88o7fr0HTFUZkNoxLfU9H4z\"}]}\r\ncf-ray: 9f04cc57ef160b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":401,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"315361969b94bcf6fab06aec7c437015","sha1":"3bce487b3860d2356996c464ea79b02b9a5e171d","sha256":"48c9ac90130df8bb8ba573f3ab9b61740274ef30435ece7f057e0ff7071adb22","sha512":"70d80070715a9902bdbab2e8c9e787b719841c805996c2d9182a16a2d549d1d47df1c39f76f668c9b4326e3a061e598b8eebfde914217f5737b6245eb472bd6f","ssdeep":"","tlshash":"b1e02b8c7597500501373f7c998b8005f572702768291841b6ed4bd47fb502342b7d48","first_seen":"2026-03-25T14:18:58.645056Z","last_seen":"2026-04-22T13:11:26.684649Z","times_seen":6,"resource_available":true,"data":null}},"time_used":596,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":596,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/android/a-delete.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/android/a-delete.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: image/png\r\ncontent-length: 586\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\netag: \"69304950-24a\"\r\nexpires: Fri, 22 May 2026 12:58:09 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I41MUAWYwvfRc%2FlCZwqvRpkxNmqSiyvJ3kfWfT8W4pgBhh2dRcmixuJa3lpJRGQh2pXQuaP1W1vcXnCxtFF0UMNoAExeeB7p3qnsZuPcSIXzAluGS%2FWzp38qcO7Uthhd6WC%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f04cc5fff510b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":586,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"5d362fc71c0d8172be1ff57594e59628","sha1":"089831eb60a2e7e1632524c353df712ea154834a","sha256":"780453aedd5112a64046b91c0cd36a921fe06235229740b0c9f89b529dc1f2b8","sha512":"8caf6258fb9d1b6904d5df4c42b90d99d8a52218fd74970418bedcad34caef2585933e882cf570a9d5181bd3f2782900c81f4def4f07317e1830239fb6f5ad70","ssdeep":"","tlshash":"27f00cfa952898ecde068b39125f63a1d8e9315976ec1945c8462c380b462385037902","first_seen":"2026-03-25T14:18:58.684441Z","last_seen":"2026-04-22T13:11:26.695847Z","times_seen":10,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":623,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/js/common.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:09.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/js/common.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:09 GMT\r\ncontent-type: application/javascript\r\npriority: u=2,i=?0\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Apr 2026 00:58:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"69304950-191\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KjQFA7Uep4IImWWH59iRNuB2l1bHmdNmUGL0ILF9mnptlG2X6PUri1mJqsVnVbQ2%2FxABISAulWF4UC0%2Ba8K05gGmW5wsOpjQUJIaM1xgdtaMzvNd3rj1CFp%2FOLWcPoTNe8pf\"}]}\r\ncf-ray: 9f04cc5fef4c0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":401,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"315361969b94bcf6fab06aec7c437015","sha1":"3bce487b3860d2356996c464ea79b02b9a5e171d","sha256":"48c9ac90130df8bb8ba573f3ab9b61740274ef30435ece7f057e0ff7071adb22","sha512":"70d80070715a9902bdbab2e8c9e787b719841c805996c2d9182a16a2d549d1d47df1c39f76f668c9b4326e3a061e598b8eebfde914217f5737b6245eb472bd6f","ssdeep":"","tlshash":"b1e02b8c7597500501373f7c998b8005f572702768291841b6ed4bd47fb502342b7d48","first_seen":"2026-03-25T14:18:58.645056Z","last_seen":"2026-04-22T13:11:26.684649Z","times_seen":6,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/index.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/index.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 03 Dec 2025 14:29:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304950-791\"\r\nexpires: Thu, 23 Apr 2026 00:58:10 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e7aUzY0p%2FnP9IbOxz5DQ6kSdt4EMB2iSs0WRuivrdKEM7P%2Fp6TzLnenoPAffLkrMiyN3UQXGR2KfA%2FDx9PiQSlFwhEw0clLuG%2FYTfxUF2u%2BVqkwjKgHKedpfsM%2FBhPsxwVIW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc663f7c0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1937,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"d67ad75e0314425f079c784a5241fdff","sha1":"a43a2ec1958469f11b7e32964aa64a5938b42dc9","sha256":"ddb708d844644f4e5c001209097c34c2fc469399f6ac18d218bcb9361c7d13a6","sha512":"6fdb6f61b0b9457c9314c52660451e6882901aacf453b0090bc11ad0237647206e067f176de8b504c23b215185506853c9e6c807978dd6f0ce278b4353edcd9f","ssdeep":"","tlshash":"9a419be3d4f7208bd534a2b43e0b6f22ad9103197a478d73b1f7816a67c960c81cca4d","first_seen":"2026-04-06T21:20:20.883604Z","last_seen":"2026-04-22T13:11:26.701018Z","times_seen":4,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":569,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/lang/hi-IN.js","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:10.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/lang/hi-IN.js HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/static/lang/index.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Apr 2026 00:30:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69dc3914-15a8\"\r\nexpires: Thu, 23 Apr 2026 00:58:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0v7s2A5tirQl8BgWpBq7CLiyECGCOf3AQthZDBpRtLAF%2F7Lw1ZV5XsADoeupBVFB9HS9qgOEcA1GSx2fBd5%2BpVroNtQIwvatS2Ty2eUTIQonVtEOQ9KVylG0974TSYQGycVB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc69ff8e0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"2cf531115e6ef97ce86a86ea0bfd00b2","sha1":"6e14995fdbf8cdf8cbc6d91e51060739bb2bfac5","sha256":"76aeb1079cbbb67d32b13cadb595bccac06c265b87705c2451e32b4c26812c34","sha512":"4fb3befc838d82de0d926bc8843fdfb945acc9c6471abafa273e121c425444571dc050c18dcb005732be3762be6f595b1be4fdcb4f88f7ff0e0ccd506f3234b7","ssdeep":"96:EP5NBPhAXeKPebObj2S9+talkSehlEYPjMAzZCBPwjKecPFhBVCEAYrAAbXks5g9:EPHTWeKPeCj2eNbAdueUKEhD7yravjKb","tlshash":"84b1238cd7bdf3a41cfc389ab6980c7ac6ac7271a7e0016378b4b3d65f51c7850956a2","first_seen":"2026-04-22T12:58:35.63776Z","last_seen":"2026-04-22T13:11:26.691139Z","times_seen":2,"resource_available":true,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.gthrkxdm.top/static/images/app_image3.png","fqdn":"app.gthrkxdm.top","domain":"gthrkxdm.top","tld":"top"},"ip":{"addr":"172.67.203.51","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app.gthrkxdm.top/android.html","date":"2026-04-22T12:58:11.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gthrkxdm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 06:03:04 GMT","end":"Sun, 19 Jul 2026 07:00:33 GMT"},"fingerprint":{"sha1":"18:7F:AA:08:84:6F:80:A0:10:56:E3:4F:35:AF:3C:A6:14:F5:C3:43","sha256":"C2:3F:62:E1:7C:0D:32:1F:1A:53:1D:A7:2A:51:9C:04:8C:98:58:6D:FE:88:00:D6:16:8D:66:2B:0E:77:D8:1D"}}},"request":{"raw":"GET /static/images/app_image3.png HTTP/1.1\r\nHost: app.gthrkxdm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://app.gthrkxdm.top/android.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 12:58:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 16 Dec 2025 09:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694122ca-24f07\"\r\nexpires: Fri, 22 May 2026 12:58:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S0sW%2FIfjKAT2rpUgtZs49q8ajq62szLkbPX72mIBSfbMjfHOp2pBGWWOYnP%2BUqHDD0JaLYENE6AViMCGnirMNf%2FcJp0xrJcSctKf0IBVnR6Th%2BoFAHcrmQArLlAOAO0pypGk\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f04cc6e7f980b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":151303,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 645 x 1398, 8-bit/color RGB, non-interlaced","md5":"9b2e6d49b5ab3cf2880649208c9fecaf","sha1":"6774c20e965b844b3d84c81de0bf9ce486cb94fd","sha256":"3efdb6f7948679fb4380e3b8a0df0b7607511d722d68d92df92fa4e7a15c945b","sha512":"90ac2f88c36d5fca6dd27e9f9f22fcf1e3030e4050068c97be0c79e67be84e4eb7b3bf20565b6c1dd24e7ed70a53ae3ed0ecc3a9cd07f48c878b4f9043fe2afc","ssdeep":"3072:b9H41Td9KAVbP9wtjwrdmU14gd6xAy2h0yNlUxsYL2QC71VYSRap2qNt/sX:hqd9KAVCludmU14gs2ay7UyNQCMIo/s","tlshash":"25e312d940380db22f1a708bb084cc98e9f8964709a546111a7ffcd93cfe9359ae1d9f","first_seen":"2026-04-06T21:20:20.899141Z","last_seen":"2026-04-22T13:11:26.697436Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":751,"receive":370,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"app.gthrkxdm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}