{"report_id":"c2da895d-0d94-4b88-a0b8-0ef7b0f9d84b","version":6,"status":"done","tags":[],"date":"2026-01-03T08:58:57Z","url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"title":"幸运澳洲5官网的2025历史开奖记录-开奖历史记录查询-澳洲幸运5开奖结果官网直播-结果预测查询 | Swiss Luxury Watches","dom":{"size":411318,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (56069)","md5":"f38faaf6e3325da098b6d1434c8a948b","sha1":"deff00f41410238e18044209d598777bcfd2f974","sha256":"a4cca33959baeaa0ab3b006313cfcbacd750646ee0955a68f856ef22c40ddf11","sha512":"b815919553c02e902a107513a2f11690ed12dccf1667eee7d43d522b693299c59459204a4c62d16f0d1df1d84e57c8c0d30a5f7d59bc528d19ac67f71586ff46","ssdeep":"1536:2EArBvzaaWV1yKFTuOWtKm83lftb9I1Sy2HPXc8rzgctAAb+RnqX3o7y8fQ/JaOH:czaJ","tlshash":"88946871c59b2433053345caa8a6af2531e186adc5230b46a7fcd3993feac963d4394f","dom_hash":"domhashd3cb1a2201233b14a27bcdd2e5d712a8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T08:58:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"dynamicmedia.audemarspiguet.com","ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"1997-11-12","domain_rank":4006488,"first_seen":"2025-08-26T13:24:29.405072Z","last_seen":"2025-12-11T11:46:51.995196Z","alert_count":0,"request_count":14,"received_data":427639,"sent_data":7469,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":3,"received_data":429384,"sent_data":1443,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bd51static.com","ip":{"addr":"35.215.189.171","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"domain_registered":"2021-10-07","domain_rank":2891718,"first_seen":"2021-10-07T04:20:25Z","last_seen":"2025-12-30T16:20:05.202486Z","alert_count":0,"request_count":1,"received_data":1758,"sent_data":330,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.api168168.com","ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2020-10-09","domain_rank":0,"first_seen":"2020-10-09T11:31:19Z","last_seen":"2025-12-31T08:56:26.283081Z","alert_count":28,"request_count":14,"received_data":103044,"sent_data":6679,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"nickholdsworth.net","ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":92,"request_count":23,"received_data":5521045,"sent_data":10714,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OneTrust","description":"OneTrust is a cloud-based data privacy management compliance platform.","website":"https://www.onetrust.com","common_platform_enumeration":"","icon":"OneTrust.svg","categories":["Cookie compliance"]}]},{"fqdn":"xy678kjw.com","ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-11-29","domain_rank":0,"first_seen":"2025-12-01T12:22:40.644769Z","last_seen":"2025-12-26T07:32:19.272718Z","alert_count":0,"request_count":23,"received_data":715754,"sent_data":10779,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"www.audemarspiguet.com","ip":{"addr":"151.101.239.10","port":443,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"domain_registered":"1997-11-12","domain_rank":281488,"first_seen":"2012-07-26T22:59:32Z","last_seen":"2025-10-03T22:05:49.67179Z","alert_count":0,"request_count":4,"received_data":40474,"sent_data":2098,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Linkedin Ads","description":"Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.","website":"https://business.linkedin.com/marketing-solutions/ads","common_platform_enumeration":"","icon":"Linkedin.svg","categories":["Advertising"]},{"name":"Adobe Dynamic Media Classic","description":"Adobe Dynamic Media Classic is a platform that enables customers to manage, enhance, publish, and deliver dynamic rich media content and personal experiences to consumers across all channels and devices, including web, print material, email campaigns, desktops, social, and mobile.","website":"https://business.adobe.com/uk/products/experience-manager/scene7-login.html","common_platform_enumeration":"","icon":"Adobe Experience Platform.svg","categories":["Digital asset management"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"nickholdsworth.net/js/otsdkstub.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"160781b098f2515908d071936ad73582","sha1":"966b376bce864deb97cc31ad53d43bb5029e2f70","sha256":"18d9d050df7998e9bf7818ee86fe38893c4641d4e8f077ef6220b6b0ca0a4eaf","sha512":"f882396ac1d2966c4acbc874066c9566157aa76b60f79e55ab5c6108552456e28c257be123b4f05bee0bd1ee84a0657a0324bd0983a272218e248a0b13e44a89","ssdeep":"384:Y8ywjpKOtdTDUMABwXqo+Ur+hjTJ8eMAB6LCbnmc52Jo3pA:Yg9KkDLABwX21hjTJHeCz7A","tlshash":"19b2facdb100ef3406d361ed5a3be2aaa236745d2489c174b895dcf0257cc8b6633bb5","size":23567,"data":"","first_seen":"2025-02-17T13:18:46.264855Z","last_seen":"2026-03-25T07:40:46.187727Z","times_seen":2097,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"faf535835063e759f671969ac598a401","sha1":"549fdeb49b565b12ce565dd12d61f552b34288f5","sha256":"b04af32d38dd55c60aefad5eced3a8487f43af37bd458451538ef1795da60f9b","sha512":"1c42591acfe0a5d827abff8ad9313a69d324e13ceaa467279e3a5ad990cb168679b7bc1f7cc1a2b55c284540cab64cdd63e00024f387ae1853657b51e28cb42d","ssdeep":"","tlshash":"77f097bee891a1585bc335b89bbbda48d0ae0429d01ed803a8d6c4cd2e3cfc8143234c","size":656,"data":"","first_seen":"2026-01-03T08:59:14.054475Z","last_seen":"2026-03-04T10:05:55.651457Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"6696b82bf51a5dd3625c76e9735b071e","sha1":"4c3dea41d779d5ee10c484e76222e22c9b1b2628","sha256":"d2cf0aab926042c80f52f9aabd09f61c46aec4ef0343d295ff1114e738d5aef5","sha512":"1295cfaea71e1a2e093be290d13f4acd431a289967b61499f3f71c3465505331272a57cc6197a16b7ed15f6a5c6fa211c0bf1c1a025e457a765cfda4170eb81a","ssdeep":"","tlshash":"3a617b19e575843b98eb50879c77581ff3a0a20ad6e55800fbcec18cfbaf9684a1c5c5","size":3381,"data":"","first_seen":"2026-01-03T08:59:14.056408Z","last_seen":"2026-01-03T08:59:14.056408Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/ssc/index.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7cbf7c3e6596443aea193db26588a203","sha1":"dc9284b3d853f40b1f892dc853002b1cbf2e700a","sha256":"ae8b3e11044bfe4ada3cbe02de1e3a8b9f7476b4cb8cf6e8a29074e423d254e9","sha512":"1117fa2b6976546a1a5728c1f7172c80be412380f748f39d60fb5681629460b52d4216c597a249b39001b762b2134c2b40a8c57b960b4aa13fc8ac57b5d78786","ssdeep":"768:q6s2jKBBk2mtGZpkoVXzoeY2X/oDmJwzaORX3j/rtb4ZZs4tR0NcktIR+Z0eADjM:q9AFgDSmJAJtIM03DjCVM7kI/2","tlshash":"5973851566a5222a20b773f2582fd604f171893782148d05b96e69c40fbfca4b1f7fbe","size":80634,"data":"","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-18T09:06:17.669346Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/tools/tools.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8013dd6bd01a41c8ba3ab87b75e00384","sha1":"7c7ac71f61dbade812e8553ef798ab95b1292ff0","sha256":"e00d209a165a446a1882f368f65c9b87df4599bc70edf7fd176ee85113b33bf4","sha512":"ef9250434b83beb1acb886c6a7f48ca078611c452712459b789cde59a389f1f009cf6652f73a1e1c060000d5a8b6a1d06209e706729763456b74fa425211aace","ssdeep":"768:YhY+GyBfYY65VS27+8cVI+4T1NNa+Na0NaOqBaA32imH52FpJ8M/Q5tQ5+eNj2NV:KtGWfYBVS27+8cVI+Yjvzqsni08o0K9","tlshash":"b6a3a61a99702a5a417373b5593fe500f4214f3b01078846bc7ed6f85fb9a62a378fe8","size":103478,"data":"","first_seen":"2025-07-13T11:51:38.295866Z","last_seen":"2026-04-19T10:30:23.155882Z","times_seen":287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/config.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a974640a2d954cf993c07d3c296ad5d0","sha1":"a9629d8d7962cddb25588ec685246a9127ed31ae","sha256":"be5e9429f8def97c97b68aca5ad518d92a3ac2903f49cfab177d7931d1ec67c0","sha512":"ec3d915fcd3bbe3165efa94654987453ee68fccfe4b9477c1004620680b7bf3c7bc3aa783fbc7d6a779bb7f412d6230bcb82a24b5b942f61cfe0f49ac4fb268a","ssdeep":"192:qSa/WVpaV8Sx4AKtPxlmrwGGfdc8t5YxotT:qd6I+o4tPxESc8t/1","tlshash":"1e32201b845053a66173d779247a2e48e93e135f80058c5b3fbd4ac48f3be3a9059fba","size":10960,"data":"","first_seen":"2025-07-13T11:51:38.408259Z","last_seen":"2026-02-01T15:09:25.940537Z","times_seen":207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e07af256800174a2d8eeb6abd9cf724","sha1":"b98492bbd87cf92d2e8e7bcf3631791501156e16","sha256":"a83beab29294c1fbc3ad2a1b54cd59a7b09743f3aae999dde849c151cec22f7f","sha512":"b0f0d1b77e8749e16e1022947e646fee27baa671adc427ebde9064aae657d07c48f9cf773e0836de2f4bb7cd56232901aae0588c4adaa9b9261b3e50a0acd6df","ssdeep":"","tlshash":"19d023fd679f8800009461deafbc721429565033f291ec663f4c3b0c1f10c47a3d5510","size":257,"data":"","first_seen":"2026-01-03T08:59:14.060485Z","last_seen":"2026-01-03T08:59:14.060485Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/aem.utils.lc-70386a23b857b19fec09f4d2f401a994-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"70386a23b857b19fec09f4d2f401a994","sha1":"62db8d486a16333be9102b0eff6307e99475b8c0","sha256":"8a9b2203888672bc32a020a4290963675585b1e252f37f7d96758c7357b973f6","sha512":"ac290011eb2d8172d7a53248b6b29f8e78a96ac60e579145b6a0de8bb5ac90e1c22eaa7746c3881753b31ef6dfa159b6547ff5821480936d895438716fa07b03","ssdeep":"","tlshash":"274152ca75e1b0d3c98b71702aaf9a5e603bc5496a49ed64d648cfd0bc3019f44c3f88","size":2068,"data":"","first_seen":"2025-08-26T13:24:35.825643Z","last_seen":"2026-01-03T08:59:13.942402Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"eb9465cb3e8f59decc511108c278bdab","sha1":"8a16fec914696fae35863bbc151309c319002016","sha256":"ec221c35d5010bcccaef12b40d111e33177b8dd3a5f5ca8ba3b99342c7fba4fb","sha512":"e4855fa56e14a07c198f33f30d15be1287bf663f11f9608b90bd19db5f0ed36f23b73190b0f1fa4fbfc72bae5c6d672ff951245da57d63d965af9ddbddf58a54","ssdeep":"","tlshash":"b071e1b6e3949d08219a80b469c7b534db02009b939a9c21f35dcd5f1fc2b5e8cbf866","size":3560,"data":"","first_seen":"2026-01-03T08:59:14.062338Z","last_seen":"2026-01-03T08:59:14.062338Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1e301000911846ecf395f816259ee72c","sha1":"0d8562d72ef88d1011f4c38eda04e9da8e071f7b","sha256":"7cfd71474e15bef98ba0dafc48cb213c303bd3352381952da0713b8d2a55fea4","sha512":"ef53d76022e89cef4d967a3a0f37042df89b8f56f37b429642ab426e979008bf42013b2c6e51297c11bf5cd578f33135b57ce0b21316b03a0fde8db82ce569ae","ssdeep":"96:eCoqXYjYO/VDi2Vpzut7AMi2VpVHDpsVkiu2VpcPB/Al2VpaEyI5i2Vp9gn:XUYKiwpzaiwpVCVPuwpcGwpD/iwp9g","tlshash":"3691ef19d4b8842365cf10fb5e6b0415f7c5022989c2e462fadec28edbfe4661e3a9d4","size":4230,"data":"","first_seen":"2026-01-03T08:59:14.063928Z","last_seen":"2026-01-03T08:59:14.063928Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"95644d9ce34edd6db860944a74704de9","sha1":"05a946304bdfb0750e89a9e921db90d5f5d201cc","sha256":"aee93b63596fedaccffa185157ab79a8c1b4f2f4650458cbaa242e676503ac70","sha512":"b216159b7a8287cc134231bfb08ba7c139fc42d07eb8c0cdc50fea4f613d322d5b9187f2ebdd5b543148b1d421a36be9ee27a37a9a5ab09920bbe784e395c459","ssdeep":"96:eCzPlwFpN/wt+i+qAWOC0J0+2LkBqNSVjRiUb7vTfopAg+A7tK+AoQXVn:jlOhJhViYMkV","tlshash":"8ab18e16e169892738db104b5d3b185ff394a20bd6e56814ffcec08cffaea6d15288c5","size":5440,"data":"","first_seen":"2026-01-03T08:59:14.065748Z","last_seen":"2026-01-03T08:59:14.065748Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/date.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9256f059d597b6c3fa046e00d457fcd","sha1":"a5d5298fd6737d99e4dd71f9b1f686849f5f87da","sha256":"5de11f7b517d7f89c70ea78a8fe23a2f86bd848c8eb098003623b9faaff42d2e","sha512":"0757aeb4cea229877f10c0bd5b411cc9836fb66242fe99c5e96d4a13737835b180533e1c4693eec7d3718f8dd6a474b023788c38272a4b38a8b17f24a0a81951","ssdeep":"96:JUAuXHhJ376UYX6sfWdJVeAflACAEYB+zq0LfUvsHFH6+PpDQAyiDJpeC78Kf0rq:CAuzYXtANACAEXlc0DQIsKfPcmF","tlshash":"fef10e4274303008237a91fc75ce928a25f06dffe61a415ea451fe8927deb7e1b7b219","size":7901,"data":"","first_seen":"2023-03-07T12:24:05Z","last_seen":"2026-04-19T10:30:23.339799Z","times_seen":1397,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/pk10BaseTrend.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f6fadebe51378762442a2211edfef60","sha1":"abb6dd63e315112728f3540ef124480e4b1e9048","sha256":"441c3db4288867eb549306e2797b1075d745408c6674660096a9ed695435391e","sha512":"07072b7f0de691c11760da89619c378b0dbae068b540676c6bed50e9c1eb089716a1b235f10fb35730c3afe2ac42dc02ea67fbcc80e3551afc7d5507feb0d71d","ssdeep":"96:bWkh9UBeGm8ViMUrjjEgYQEHqSKFM4AJjCk:N0iMUrHEe0qSKFM48","tlshash":"43d1a919e1822126b25f3efcc63fd15880610fb0e598ee4c76fd9ab16d34ac65073d6a","size":6701,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.188448Z","times_seen":1395,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/drawLines.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7db0502baf867aa0663475b899ffb19e","sha1":"a69f4ef6ab52c62d9885dc55b733c8c37687383e","sha256":"8a3eec9c6525ce4aad8b37e0a188f4716a8fcdec24ee894d2f8ffec447872fbb","sha512":"68964174935137b93491d1bea5e3fec05f068dabd36cf5670bb03c6c4eb30bdfbc493b8002eb8d1e46d7289f9c8430d25d230e1e6870d89fe53cf0f7be78794b","ssdeep":"768:uVYu93uZgDPN6cypp08tc25yBY/BEMXH7YE7cpv:u19MgDl6NppjtDwBY/BEUH7Yecpv","tlshash":"18b208eaf2863475818b63a9143f6749f13368156e06844cf479d8d26d38f8970bfe78","size":24891,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.248689Z","times_seen":1395,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"5c580dca37236702faa5afdc7949b9ca","sha1":"fbdfdfd34f710776e921794ed7f968897b4ba8c5","sha256":"5daef93f3e507eafeee4c71755e5c61cbe1e76b3653025c08cd9eabca24754af","sha512":"25cad7a852e082a9a07afac2f9e63d4d05ab2bdd644c4c761106d04b044e49f028bad5fbc6eb8af51b2b4ec949fd52612a4bb59c4418d938937bea2d8daf5a7d","ssdeep":"96:eCzPlwFpN/wt+i+VF50+TkBqBtjifBcjTviUb7vntiptqg+tq7ttI+AtiQzn:jlOvvicHvi+oqxqLoF","tlshash":"8ac1cf16d025492728d760879c3b186ff354620b96e5ac11fecec08cefbeaad453d8c5","size":5616,"data":"","first_seen":"2026-01-03T08:59:14.068737Z","last_seen":"2026-01-03T08:59:14.068737Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"bd51static.com/7ry.js","fqdn":"bd51static.com","domain":"bd51static.com","tld":"com"},"ip":{"addr":"35.215.189.171","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b49cd1dc0129f18f8ab76d9249e0f1d4","sha1":"83de531cb19e73636a45aef6c47de3317a61fdd3","sha256":"96cd0cf7391454455addfd9b6a7c18139072db87453b022adf2cabbf4beb119d","sha512":"c32d63254c6e11fa48d1f036e87c4494657bffdafd31c76c5d43fcfe885184e50e33b486a652b9d527cc59a6e9e8e29f6787d24c90b6956c26901090812f1094","ssdeep":"","tlshash":"6921f05f7c05e1246796383a33bfde9ce9ae0025241dd802a4eec4ac6d28ff90527b4c","size":1365,"data":"","first_seen":"2025-05-25T12:44:27.079127Z","last_seen":"2026-04-19T10:30:23.238596Z","times_seen":319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"8640588c64e77f73df332bd5ee2d4992","sha1":"08179d7fea6226f8a17f9c9184645a6ad369755e","sha256":"8529239b5fcd7d8fda2a3b7be39b0a517296089e6a19686613a539fd47c89e03","sha512":"ec1be42b1a3c29d75b8bfd9805cdb0c4aeb59c6141ace511bf5a125e5622c6440ea3e639c6e43061d66ba2fdc7348a8d38cf0c632a43b5b5465f19b1bd960fe9","ssdeep":"384:uBM+XaW6aW+1alPaW+1aUsaW+rac5aW+rasByaW+Ba6saW+7a2m9:uK+qWK+klt+kUg+Wc7+Wsk+o6g+G2I","tlshash":"30b2ec16d4398a233887109b0c36399af385a25f9fa5bc547f4dc14cefacaad24395cd","size":24813,"data":"","first_seen":"2026-01-03T08:59:14.070291Z","last_seen":"2026-01-03T08:59:14.070291Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/jquery.async.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e3cd10cd7579756c32b479d018996ce","sha1":"f802c0231c81b061352b3c7bb4c64c143ce353f2","sha256":"9b52ff42b1430595e38ae165b5a8ac6719c0bfddf9407ef9bc720dc30f2d3e5f","sha512":"f268b0dfed8599261280098146616a56bf347d56edaae23924373d6f09c09df07eae57e89cd05fc86175aaa6e3c6d1e12a987a5ee5bb5d678a8e65db3a04c421","ssdeep":"","tlshash":"4a119cd87791a6050752b46c077f211cd23638141c1f9558b6bef4e25c1931eb12e9b0","size":902,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.280743Z","times_seen":1395,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/jquery-1.9.1.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ced1955d04ad67f93c642501960172d","sha1":"e346705c96ed71fef43144a893dc26f0d1ff2a81","sha256":"7196db5ce1154dda0f62614999dfd169a0e5fa9db634c12c308f9f9b22cb6f90","sha512":"c5fdcd09f23cbc4adcdc9ae38e7535eab9d10026b2607c21414cbb02258f0eb99bea0c8b53ee69129c62cf086898f4fec46d1a52f1170955b2b4d6ab0c636a47","ssdeep":"1536:g9sFlxCuYQ8kdpjEhDH19D7jXHi7mdG5bakVV6qN6MQDKwTYHUfn06dPGMIcXQWy:JXdURN6G7h8aGtvnx","tlshash":"b69319dd76c5b12247ab307d106f540af236599a280c8450f135e8fafc7898aa177f7e","size":93015,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.179592Z","times_seen":1254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/iscroll.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3249e269b6bf59a9596ff4dd4908bd74","sha1":"16f804a74f66585bf01bb2217997a2a4ff0c4a23","sha256":"3b294972fe3c686a14d4195e17abc43199da904d959c9ffa128b3649b6bd925c","sha512":"f8fff231edd431cdad0e9426353abceb12ad72e1decfb110aa48f6b81fd061f9b2171bacba515069c1360df4a7cc451c1b0cdce380c4ecdd3849231bb4f07bc1","ssdeep":"384:KgC+EUMfCHqTj54QUX5WSMFqa7BU5TJe3c6OJsBeCWvtk7mSjjxaF:Kl+EUnqTDUX5UFO5TQc6OJsBetO7BlaF","tlshash":"2792a4889112338245ffb399dacb860d607a9339671750cc3929bffa6a447b843d367c","size":19891,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.327157Z","times_seen":1396,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"878bcdcfa03afc0e85ae8c8b1ddfb0f2","sha1":"60d21cf3cd58a2062f05ad84722800a18a7c05da","sha256":"a518c7bb4e8aeabe82ef36eb399033c6d6d4253922e1d7bedc72ef704883b273","sha512":"c208e2a5d2688f8bf647ca78a5f8654ff01298e6058894b7764bf21e681c5e068921fd915f57c32b6239a9c72da318ee43b9a67a29cbbb82440a77920bfd7896","ssdeep":"","tlshash":"a8718a1ae575883b98db208b5d77585ff3a0a206d2e15810fbcec58cbbaea68061c5c5","size":3488,"data":"","first_seen":"2026-01-03T08:59:14.071854Z","last_seen":"2026-01-03T08:59:14.071854Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"b4dce6b1719db9c2342c142179848f52","sha1":"300d316e7dece9a285be193b36f2aff126da6cb2","sha256":"c24673c8fd65f334f2eae440cfd066f64973f324970472a2c9d6b55ebd27a40a","sha512":"0f6fc16fe1cf9d2188b3473e70857d312d065f69f8ac9a9d062d048d8ae5b6ebe93fc964b6ee82b4baaaa9a05736aa1f53f05d16bac565f48b2ac0684924262f","ssdeep":"96:eCslxFpN/wEL7v9Up8g+87t++AUQXr9+iXnH+mkBqlYHj8Zn:klzjwyrTuAZ","tlshash":"ada1ad1ad479852728db104b5c7b181ff350a20be6e1ac14ffcec18cefae96955388c4","size":4918,"data":"","first_seen":"2026-01-03T08:59:14.073375Z","last_seen":"2026-01-03T08:59:14.073375Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"97e5d6baad42625b4235f00567f009c2","sha1":"245fc563617c3ae728680a74ef40b22fadb26cda","sha256":"86b3f1b912ee21a1c91bd07909882cab0d557a0bc86e59add2928a4999850dcb","sha512":"9a500283fc843d57162a1da1d897654a2d50ae2b125c038ddd2792faa8be931267f95f49082593bed441bce964601a523a0ee648022d480441a4ba6cb9faa856","ssdeep":"","tlshash":"35b09201000e0414413026045f26f340bc63b03300a2c4017b7da2897f30877d1242df","size":127,"data":"","first_seen":"2023-10-20T10:37:39Z","last_seen":"2026-01-03T08:59:14.075475Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/rum-standalone.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad057c4adea6ce3bc5ce4b277aa72858","sha1":"ed35cff53cb4155e9a8bf344d21be28747fa4216","sha256":"98227c01d806ecbee30b26d3cbceae448dc273a3574eff8c702d5a14374e01bf","sha512":"5a455116674ba787c4814005afa9ed5145a0df7874316d233fda3852b69fbbde75d263e29f19e9f842c328bed0906d8c357c8d8c84694607cb3bc71cc8991d01","ssdeep":"96:9J4o/vHtcZfoRUGSA8a32BtT3lh2toLZU6KJyaz8qV0+uB:T1vHsfoRfSA8y2B93lh2toLZV+yazFCN","tlshash":"bac1a55d0da2413141b3506f2b5bfb677223a117b2c6e1863dad83003f19a67b6b1fd8","size":5895,"data":"","first_seen":"2024-11-12T16:06:43.935572Z","last_seen":"2026-01-03T08:59:13.940767Z","times_seen":748,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"fb7da86df15f308d0ebc52fc278543f9","sha1":"2b6d53d4aed992cb75b68a3e70a63ad484777a8a","sha256":"6a2c854115fecf256354d5426a33b87fb4ecf95bd6dd76b4a193b0def9558e74","sha512":"5b5dd091edf049a2763ce301e67af1336e1e04a5b0a92c5b491fb6192eb3cf63b8588ace7fe6b3756b151c8ccd8f4e5da8d24365f1cea338d8da89a9410ddf8f","ssdeep":"96:eCzulxFpN/wEL7vowpYg+Y7tC+AwQM9+iZt7/+Kye5kBqBWcfUjtZn:6lzO0pjzFaRZ","tlshash":"d8b1ce16e165842778d7108b5c3b186ff350a20b97e56c15fecec08cff6ea6915384c5","size":5482,"data":"","first_seen":"2026-01-03T08:59:14.077256Z","last_seen":"2026-01-03T08:59:14.077256Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"5b408bcf7c159342c546d513af00679b","sha1":"d1826fd091b371b19b1768370d85fe5366bb367b","sha256":"040eb4f44794458e6689221918c7d4c8faab3abeb23039db79e49d6308e163f6","sha512":"d7e72584240af54da80826a33cbd2af2e7368a1e02af38cf375fbabc7b799eb4d71380ba2365dac5bb3b91ce8a6c409cff8653338e4d9c4e9b4f53f4ae3a342b","ssdeep":"96:GLQCC6Lldt2GB6suv2PDwhLfZevQVkIdgDE/j5jn:GLY6LXtWsuv2PDwzXFj","tlshash":"b3a18d0ae179882b68db60475d37646ee3d4b21f92f16c05fb8ec14cfbee964062c5c9","size":4996,"data":"","first_seen":"2026-01-03T08:59:14.078937Z","last_seen":"2026-01-03T08:59:14.078937Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"99a4609ab3a6f738376319aa954f84c3","sha1":"8da5451835e2df07c243ca2318b43cd05b1bb024","sha256":"0c34ee816c898cf87aaa80b84d91cdcb3e272b197ac588e249bf91a91842c5f2","sha512":"300269198a27e5ed1e5ec251164e95966d8694f231feb93e9f2b5c8098bfe20025428004af29566592887d338854043a6484a0004ac96002388618f67b015f48","ssdeep":"768:GL/a0O1OhLbDDx5xslADvjd0AW2UDVF7Cf4k3f9LrS0hsvaRYv/D4bijmfIrlDoC:SMOFDlH6AW0f5drS0Jkbdcbq","tlshash":"74c3ef16d02c882739cb604b5c37286ef345625f9ab26c54bf8dc18cefee96d25385c9","size":123796,"data":"","first_seen":"2026-01-03T08:59:14.080834Z","last_seen":"2026-01-03T08:59:14.080834Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/ssc/head_aozxy5.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3261b46b0ab83708346a608d8c628ce","sha1":"39835e5d93ce2c5473c7375d9e4492878e598081","sha256":"a4cd3a4af2595491fd9ea98f5faeb959eb00bf0d04c9dfb358dca7685a27ab97","sha512":"cc1ad508f567605d8348557eb0908be2d0638eeb9dbfcdaf750978ed7597efade08560c04c31cdcfb4a7872892cae2c311381fcd91a849628ccda69bb4460987","ssdeep":"","tlshash":"14e078cd45513c04b16dd13811378509d2b2180c104b9d4f1d73e4c3e4d49fd207d38d","size":338,"data":"","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-18T09:06:17.707353Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/html/aozxy5/index.html","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eval","is_inline":false,"md5":"68a98d9e00c5b2e9c5ef03b2f70ffd7e","sha1":"17842dc377d9e77096ab9de1ecc71e4fffaf2200","sha256":"c129618552deadc90624ba69dac929378504f8f5d6a79f900671568ab79d3b07","sha512":"53679db19bc6ff0c688ede02f1c272232629990d93832da5c32bd8ea05750829d284be32b968ba2fa04a0bd5fa83ac75a7fb7b6f6fce62a448c7a63b3b0adfca","ssdeep":"","tlshash":"e5016d19f7dc5b5760bb3250556b86c9142e0c69e504ac40b59f4bd52b9f3bc610fa08","size":753,"data":"","first_seen":"2025-03-06T05:20:52.188346Z","last_seen":"2026-04-19T10:30:23.345972Z","times_seen":1135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/main.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9353cfe089494c8b4e7ae4eed3acfa6","sha1":"73e288a5049610b6d15a5f7c0b3b263f585a7d0f","sha256":"f10c273a01ec93be386810aef1b7746a4eec9b0e58946a79b35c1196d53689f4","sha512":"fa0b8628392648b3d5560c3afb9e9105dd0d7211d161de19f49a6e33458bc958a964f2fe981faf0413475595c55e5d2eb20cb72629fcc2448f1fc551c658cde8","ssdeep":"","tlshash":"1e2189af598531a0d57b2390caa657bcfeba811b471118b07c1c7b224b7ac930426eec","size":1229,"data":"","first_seen":"2025-12-27T09:55:16.404749Z","last_seen":"2026-02-06T09:30:18.392804Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/publish.lc-8de30b27ff2db9f0c4a4441c14c6a62d-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8de30b27ff2db9f0c4a4441c14c6a62d","sha1":"eea805a09cbcb2caecdb0bf8ad0898d4aa2f51a4","sha256":"9627bcf16bc2ba2d617383fb216baa09623a1eea3c39b1c8dad128f7c347d1ed","sha512":"0b5228f351b13ab9f3ced6b59e299e248c102bbe8c1fa99d11682d3e48345d10cdddd9756255fda234400093956560470ffd2a48ff9b67ad610c8c7c88f89021","ssdeep":"3072:C9eu3yBjY6sGtmhftrSOabKmeVZLJicjLlciRLWnrxT+:C9euD6sGtmhfhZhjZLJl/ldKi","tlshash":"44145c41b250f47324f3015b96bf1b0ff1696a5a90329850f361ecee668fe99423177e","size":209216,"data":"","first_seen":"2026-01-03T08:59:13.995401Z","last_seen":"2026-01-03T08:59:13.995401Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/vendors.lc-b44065d69256f34e1aeb8ed251e6bf34-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b44065d69256f34e1aeb8ed251e6bf34","sha1":"5e85e9d1473369488bc6c355c424474cf66292f2","sha256":"3f6b4877498ad9c07902034931099f3699a88424192ab19cc7cfab4885a08dc9","sha512":"ffe0e3680af15b2edd47e0b1bf83452d6b4aad6e013d3836e0ae8ad19b035bf45582e6b87786602cf9172c6aec14649c8e1eead579687c8a9c3881ae677a3315","ssdeep":"49152:DbuHYBJP5XjPb2RcTqhChB5Eej1k4gV1e+O4fjyt/78ZPe/6cIkeYjHF6rHNPLoc:mJW6whiX","tlshash":"cc160897329124314753afea4bfb0446b63676183836c06cbe6cc9c7234a95892f6f7d","size":4058932,"data":"","first_seen":"2026-01-03T08:59:14.086897Z","last_seen":"2026-01-03T08:59:14.086897Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"62b203482d2417c19fb5ec775ea3f2a6","sha1":"7aa1c12d917ce4a149b1e834ec947afe61391296","sha256":"2a227eff2f9a97baa162ffe35f805a40e20291667a936623203f6e627cc1efc9","sha512":"d6911ff1e12d6b3f65c5d681578541cc6c5f8cf47e4bc3d318df82e45ad6b6ce2eae247daf857ebab1acf6fae3088f4ea4036403ed2a87190bb0a1b876608ff5","ssdeep":"96:GLQVO9JycnqQkZLaXjLWlMp7sQcEIJRs0FBQ7I0+pnozoYCnvP3m6T2VOmZD4WB/:GLk0SLgjLWsAXHp3vEvSW7JxWAf","tlshash":"37a29218d078843ba8ff50877c3b1016b350b79b96d26455bf8fd68ce79e979053888e","size":22010,"data":"","first_seen":"2026-01-03T08:59:14.088064Z","last_seen":"2026-01-03T08:59:14.088064Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4563b2614cdcbb9a090a222bf956e0af","sha1":"18b6b010c48455ce620bace9e94d0927aa98d231","sha256":"037ead83ab2c7a0d89effd643c568782ff7c0e7870cc6e12e3758c26cee34872","sha512":"339bf832eff953edc2889d81e53ad82051147c86072273204a561e94cb6ffd0e359d663061a7a07d4e25b659405ec4a9a53af248f54e0b7619334847beadd97b","ssdeep":"","tlshash":"a7f097aedc41a1585ac635b8abafe648e1ae0024e40ec843b8d6c4cd2c38fd9082534c","size":656,"data":"","first_seen":"2026-01-03T08:59:14.089078Z","last_seen":"2026-01-03T08:59:14.089078Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eval","is_inline":false,"md5":"898d6905a466afa3c939bc45a0c3a7d8","sha1":"cc1214dfd21d1ccf2179d792d8ce57d59f612930","sha256":"e771deae1bab7277dc2bd3e3425f668b2bb310832cad83bf978b60aca74eb425","sha512":"263078f6818293d7d6a5ce567b701a43bd31bdc2826fe954daba3c7f800c1de4d3474310c39d8dc782b97cf6a65e611e4093a360dae15e7ba54ba1cdfbaa8974","ssdeep":"","tlshash":"bfe0edf3b1e674a0c41e0040c4536bfcbdbcc00897904d718a253f3a03439eb0424e4c","size":422,"data":"","first_seen":"2025-12-27T09:55:16.4835Z","last_seen":"2026-02-06T09:30:18.569686Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"420d7034bfc897bc10bc1e734aeba7a0","sha1":"e89a297b135d2ecd405cb34af409ba97f17c1fba","sha256":"ffa56ca262b22728f919522c6699f203eb0b1a9ce84a9fe966a8a9283a840271","sha512":"c0dbcabd52082568a0db3d37cd1d77487e89a724a2cd685e61be9e235d870c78ea5b8fb2f24b4f3083b50a6fa6a7bbe4f2f34df496eab3e39f9b316f7d62136a","ssdeep":"","tlshash":"4701491aa0b155000987b4871fa72c32e3f4906ffd879841718cc59aef9f1a881285de","size":779,"data":"","first_seen":"2025-11-23T02:11:10.135791Z","last_seen":"2026-01-03T08:59:14.090889Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"a79ef7f39fb76003a4205513d6bac93c","sha1":"f76cf2cbdfc7e9006bd7efc1e2b7b9f1c4bab37e","sha256":"4ed210204f259e983636f1896e72a44be193cb588233086b6abeb8d5a9a76554","sha512":"34959e0816b5d2ff0711c78b474c862f74e03579845e5b5215fee6ae1c12431c74fb1ca91ff6f65bcd9aa3f1dc954222f7964a85e25fee8ec459d1e9f5deb213","ssdeep":"","tlshash":"63418c0ee1b8942350cf10bb5e7b0419b3e541358983e461b69ec18eefbe86a5b264d8","size":2285,"data":"","first_seen":"2026-01-03T08:59:14.091881Z","last_seen":"2026-01-03T08:59:14.091881Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"6d1c5737b67e1ed1facfd41f8f8ac727","sha1":"154148e023a6546c445760f0bb734eeb93332557","sha256":"8d5201dcea0c1ba2ae85caac769ac9cf7497f5aca42a19e67dc398dc49234a85","sha512":"6a38f871450ae6323457c7a654203434c95be69bfd59fa8b282b173f2ec42d742e3d905b70ce4d0f4362bcb44292ae84f54603efbe1b11bb02496f8a818ab290","ssdeep":"384:UbRPIH0qxYtu19mEyig6kYJSVscDttFLN3luAMfxmhJVtfSALe1PlS9+wkyDYhrn:UzmgvcSVkxg8","tlshash":"7a928a16d929882b74cb604b5c73246ef341a11fceb22855be8dc14cffbda6e28745c9","size":20182,"data":"","first_seen":"2026-01-03T08:59:14.092669Z","last_seen":"2026-01-03T08:59:14.092669Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"953a252bf9a7b7a663200b012155e663","sha1":"cb56157cf729108f171cda4e4ebd706845ed9789","sha256":"bb320727416f5544294ace35fdfd4d6d153584e6732622820639607a10fd2a17","sha512":"b829f449304c305ad7ea60d78d40d30d1b2e1898120d3849418666cb5115bc546554a6f635bc1262cd45f7756e9d51f54d3de378938d11fb90ab721022c3812f","ssdeep":"","tlshash":"91f052ae6c91e5585ad335a89bbbd64cc06e0429101ed803a8d6c4cd2e2cfd8183624c","size":508,"data":"","first_seen":"2024-10-28T10:46:02.890122Z","last_seen":"2026-04-19T10:30:23.354647Z","times_seen":1282,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"11c409983e707cb4849da9631efa1651","sha1":"f6e93e062257442ff49d9959fbce1104f4b7ea27","sha256":"28209fe740ccd3e70b978b42b3be1d6c30f8d6ecfd1f375440431d32a679cf76","sha512":"cb9758c1ae1ad08269bdb2aaa198e055257e4e710ab4cab71f1fc3d2e7b9489b2caf89c95c211e07064d562393ecb0ce907185870c32c91707b6267538c2820a","ssdeep":"","tlshash":"dbf097ae5c81e5585ad635a8abafe24cd56e0024240ec843b8d6c4cd3c38fe9082534c","size":508,"data":"","first_seen":"2024-12-02T17:13:45.829962Z","last_seen":"2026-04-19T10:30:23.355109Z","times_seen":322,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8ef1095bf74bea04e0f9f04835fdebb2","sha1":"e71a9aebe7f805e7baed0c659ef74ccd341abc51","sha256":"b70b8d8c15f13d64afda3f67d73d7fa2e9dc991d34365bb60253a75655977741","sha512":"e59c56aed35a08703bf0a326f82a0fd852653f7cd371fff056b081e3d7034a57d25211d0ef591c58dc524b0a84430002006b3d7e16990a0e4a0c4b6936d243c1","ssdeep":"","tlshash":"38e09af7b5e6b4a4c42e0041c9933bfcbebdc10897904d719a657f3a53079eb0024a4c","size":403,"data":"","first_seen":"2025-12-27T09:55:16.488346Z","last_seen":"2026-02-06T09:30:18.576227Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getShiCaiDailyDragonCount.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:40.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getShiCaiDailyDragonCount.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:41 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":288,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"d6302b034244890892ba53f795d1e0bf","sha1":"2d3ce64c0143fa99b3841cd65f08bd3fa1283dc8","sha256":"7b039cab575af83c4ea7cfc83b6b9fa6f9f0d34bc9d07f6f10d0893b140d658a","sha512":"805103adcccce70de4d0e5b318211de1508aebc4f56f8af6c594eb671534eba6b5c3bc1c77319ba78e4d5cb1976198b8263b87b34410ced019617629dfd74802","ssdeep":"","tlshash":"c1d067a97925352faec90e2df4eaf235a0a012654e5896d5d5fd0821274490eb12fe80","first_seen":"2026-01-03T08:59:13.939119Z","last_seen":"2026-01-03T08:59:13.939119Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1728,"timings":{"blocked":695,"dns":0,"connect":230,"send":0,"wait":338,"receive":0,"ssl":464},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/rum-standalone.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.925Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rum-standalone.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 26 Oct 1985 08:15:00 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"1dc09d84-1707\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5895,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"ad057c4adea6ce3bc5ce4b277aa72858","sha1":"ed35cff53cb4155e9a8bf344d21be28747fa4216","sha256":"98227c01d806ecbee30b26d3cbceae448dc273a3574eff8c702d5a14374e01bf","sha512":"5a455116674ba787c4814005afa9ed5145a0df7874316d233fda3852b69fbbde75d263e29f19e9f842c328bed0906d8c357c8d8c84694607cb3bc71cc8991d01","ssdeep":"96:9J4o/vHtcZfoRUGSA8a32BtT3lh2toLZU6KJyaz8qV0+uB:T1vHsfoRfSA8y2B93lh2toLZV+yazFCN","tlshash":"bac1a55d0da2413141b3506f2b5bfb677223a117b2c6e1863dad83003f19a67b6b1fd8","first_seen":"2024-11-12T16:06:43.935572Z","last_seen":"2026-01-03T08:59:13.940767Z","times_seen":748,"resource_available":true,"data":null}},"time_used":748,"timings":{"blocked":501,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/aem.utils.lc-70386a23b857b19fec09f4d2f401a994-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.927Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/aem.utils.lc-70386a23b857b19fec09f4d2f401a994-lc.min.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 25 Mar 2025 17:40:35 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67e2ea93-814\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2068,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (521)","md5":"70386a23b857b19fec09f4d2f401a994","sha1":"62db8d486a16333be9102b0eff6307e99475b8c0","sha256":"8a9b2203888672bc32a020a4290963675585b1e252f37f7d96758c7357b973f6","sha512":"ac290011eb2d8172d7a53248b6b29f8e78a96ac60e579145b6a0de8bb5ac90e1c22eaa7746c3881753b31ef6dfa159b6547ff5821480936d895438716fa07b03","ssdeep":"","tlshash":"274152ca75e1b0d3c98b71702aaf9a5e603bc5496a49ed64d648cfd0bc3019f44c3f88","first_seen":"2025-08-26T13:24:35.825643Z","last_seen":"2026-01-03T08:59:13.942402Z","times_seen":4,"resource_available":true,"data":null}},"time_used":732,"timings":{"blocked":213,"dns":0,"connect":234,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/main.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 29 Nov 2025 04:45:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"692a7a6a-4cd\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1229,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (474), with CRLF line terminators","md5":"d9353cfe089494c8b4e7ae4eed3acfa6","sha1":"73e288a5049610b6d15a5f7c0b3b263f585a7d0f","sha256":"f10c273a01ec93be386810aef1b7746a4eec9b0e58946a79b35c1196d53689f4","sha512":"fa0b8628392648b3d5560c3afb9e9105dd0d7211d161de19f49a6e33458bc958a964f2fe981faf0413475595c55e5d2eb20cb72629fcc2448f1fc551c658cde8","ssdeep":"","tlshash":"1e2189af598531a0d57b2390caa657bcfeba811b471118b07c1c7b224b7ac930426eec","first_seen":"2025-12-27T09:55:16.404749Z","last_seen":"2026-02-06T09:30:18.392804Z","times_seen":6,"resource_available":true,"data":null}},"time_used":771,"timings":{"blocked":210,"dns":0,"connect":238,"send":0,"wait":323,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/pk10BaseTrend.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/pk10BaseTrend.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-1a2d\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6701,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6701), with no line terminators","md5":"6f6fadebe51378762442a2211edfef60","sha1":"abb6dd63e315112728f3540ef124480e4b1e9048","sha256":"441c3db4288867eb549306e2797b1075d745408c6674660096a9ed695435391e","sha512":"07072b7f0de691c11760da89619c378b0dbae068b540676c6bed50e9c1eb089716a1b235f10fb35730c3afe2ac42dc02ea67fbcc80e3551afc7d5507feb0d71d","ssdeep":"96:bWkh9UBeGm8ViMUrjjEgYQEHqSKFM4AJjCk:N0iMUrHEe0qSKFM48","tlshash":"43d1a919e1822126b25f3efcc63fd15880610fb0e598ee4c76fd9ab16d34ac65073d6a","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.188448Z","times_seen":1395,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:49.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:49 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"9d1bc8a8faabdd7a9873177d084424d2","sha1":"bbdab95f203222926618c1402235383abac3f088","sha256":"6e59794ceaa21e752ef87c035f29bb8dc7c66aaefea25dd5d60c81f353306625","sha512":"57c3224f05b7c7d37fc6db74569c9a03d9c3dc236ce8362919dee31ea762164a60330b12f2514575eddefb6cd8c9e65995088897bfacacd9a586937c06b17b0f","ssdeep":"","tlshash":"5f1194557e2e2c79ff12b1f2782bb0e6a42533125de56f55878dcf14804163a2bcd905","first_seen":"2026-01-03T08:59:13.947315Z","last_seen":"2026-01-03T08:59:13.947315Z","times_seen":1,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/css/publish.lc-34e1a7065f9bb042420c866fa780de8c-lc.min.css","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.927Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/publish.lc-34e1a7065f9bb042420c866fa780de8c-lc.min.css HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 17 Mar 2025 15:25:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67d83ee2-3eb37\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":256823,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"2ec764d294c9e47ebedae88641643966","sha1":"718dd441aa1fa3999eb7a6bee9f3b3982d5bb27b","sha256":"6bcc39990cbb396305ed171c02b9c19be4ce6dc80ea3c505131f252ebe03820e","sha512":"e6e7f517e30201cbab85c3923b9566882787b8995a4c1b5d836acaccefd6676c3092f387627b0f3373a7146e24112b798ae3b2f07d7cbfd1e7172087cde962fb","ssdeep":"3072:ibSuzwVy1EnmJ4bbhtKge8/KtIr2ZB/3UZuRY7a9kHvsJmnQTmJEn6ddxzwVy1E8:iZ1Cd","tlshash":"ab44d9919a80f13c44734a27f4a5a5bc73685c06fb16fefbe983994c89c53a61133b4e","first_seen":"2026-01-03T08:59:13.948744Z","last_seen":"2026-01-03T08:59:13.948744Z","times_seen":1,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":213,"dns":0,"connect":234,"send":0,"wait":288,"receive":235,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.audemarspiguet.com/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-white.svg","fqdn":"www.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"151.101.239.10","port":443,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.audemarspiguet.com","organization":"Audemars Piguet (Marketing) SA"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Sun, 25 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:88:6C:26:59:D8:30:35:02:47:FD:DF:2C:E8:16:88:DB:45:DD:7F","sha256":"35:63:22:62:0F:53:DA:FF:28:67:24:7D:9C:37:B9:10:5A:01:58:44:49:E8:5C:F0:E9:5C:71:DA:F2:07:3A:FD"}}},"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-white.svg HTTP/1.1\r\nHost: www.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://*.bdimg.com https://dlswbr.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/mapvgl/dist/mapvgl.min.js https://www.googleoptimize.com https://www.googletagmanager.com https://*.alicdn.com https://*.mmstat.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.geoplugin.net https://cdn.trustcommander.net https://privacy.trustcommander.net https://*.tagcommander.com https://hm.mieru-ca.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://s.pinimg.com https://*.commander1.com https://s.yimg.jp https://sc-static.net https://d.line-scdn.net https://tr.snapchat.com https://*.youku.com https://*.userway.org; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://api.map.baidu.com https://*.userway.org; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://*.commander1.com https://*.trustcommander.net https://ct.pinterest.com https://www.google.com https://recaptcha.net https://www.gstatic.com wss://ntjp.mieru-ca.com https://tr.snapchat.com https://apm.yahoo.co.jp https://*.bdimg.com https://www.googleadservices.com https://www.google.fr https://*.googleapis.com https://ad.doubleclick.net https://*.userway.org https://needle-engine-analytics-v2-r26roub2hq-lz.a.run.app https://cdn.needle.tools https://www.googletagmanager.com blob:; font-src 'self' data: https://fonts.gstatic.com https://*.userway.org; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com https://td.doubleclick.net https://*.teads.tv https://open.spotify.com https://*.tagcommander.com https://cdn.trustcommander.net https://ct.pinterest.com https://tr.snapchat.com https://*.userway.org; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://dynamicmedia.audemarspiguet.com https://audemarspiguet.scene7.com https://preview3.assetsadobe.com https://player.vimeo.com https://download-video.akamaized.net https://*.cibntv.net https://*.youku.com; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:;\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Tue, 30 Dec 2025 02:17:53 GMT\r\nstrict-transport-security: max-age=63072000; includeSubdomains;preload\r\nx-frame-options: SAMEORIGIN\r\ncontent-type: image/svg+xml\r\ncache-control: max-age=31557600, stale-while-revalidate=1800, stale-if-error=3600\r\ncontent-encoding: gzip\r\netag: \"20f1-64721f797190c-gzip\"\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 369353\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nx-served-by: cache-osl6546-OSL, cache-osl6542-OSL\r\nx-cache: HIT\r\nx-timer: S1767430717.797303,VS0,VS0,VE2\r\nvary: Accept-Encoding\r\ncontent-length: 3124\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Linkedin Ads","description":"Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.","website":"https://business.linkedin.com/marketing-solutions/ads","common_platform_enumeration":"","icon":"Linkedin.svg","categories":["Advertising"]},{"name":"Adobe Dynamic Media Classic","description":"Adobe Dynamic Media Classic is a platform that enables customers to manage, enhance, publish, and deliver dynamic rich media content and personal experiences to consumers across all channels and devices, including web, print material, email campaigns, desktops, social, and mobile.","website":"https://business.adobe.com/uk/products/experience-manager/scene7-login.html","common_platform_enumeration":"","icon":"Adobe Experience Platform.svg","categories":["Digital asset management"]}],"data":{"size":8433,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"17d903334b39e7d4345f2393e5447bdc","sha1":"570c97f2f8bd226f75ee60a608bd5471e46fe293","sha256":"ca2f569e228334605edb94c2f0d7b243396cabcf96a6939f40a76f4302c70dfd","sha512":"ce7010d4e782c617d8650156be7f062d9f9be79cb4c6253174335aeda07fb157896420da16e99cedf056a5d87452d2a3aff19743ae5d2ce9fde51b639a67e2a2","ssdeep":"192:F6ZmIRlsPfGibne+fXt+joFY1MBN+yEPzjZWIYlpI9HG3mdyqMu:FaRKPf/bnPwGRqYXyG3CrR","tlshash":"8102271b0312dbe9beed046cac04188db6e0d8cba4f4f2c5ab5b4411e49d4f4f64c7a9","first_seen":"2023-10-20T10:37:40Z","last_seen":"2026-01-03T08:59:13.950853Z","times_seen":13,"resource_available":false,"data":null}},"time_used":864,"timings":{"blocked":840,"dns":0,"connect":6,"send":0,"wait":4,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/iscroll.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/iscroll.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-4db3\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19891,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19891), with no line terminators","md5":"3249e269b6bf59a9596ff4dd4908bd74","sha1":"16f804a74f66585bf01bb2217997a2a4ff0c4a23","sha256":"3b294972fe3c686a14d4195e17abc43199da904d959c9ffa128b3649b6bd925c","sha512":"f8fff231edd431cdad0e9426353abceb12ad72e1decfb110aa48f6b81fd061f9b2171bacba515069c1360df4a7cc451c1b0cdce380c4ecdd3849231bb4f07bc1","ssdeep":"384:KgC+EUMfCHqTj54QUX5WSMFqa7BU5TJe3c6OJsBeCWvtk7mSjjxaF:Kl+EUnqTDUX5UFO5TQc6OJsBetO7BlaF","tlshash":"2792a4889112338245ffb399dacb860d607a9339671750cc3929bffa6a447b843d367c","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.327157Z","times_seen":1396,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":698,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.audemarspiguet.com/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-mini-white.svg","fqdn":"www.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"151.101.239.10","port":443,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.audemarspiguet.com","organization":"Audemars Piguet (Marketing) SA"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Sun, 25 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:88:6C:26:59:D8:30:35:02:47:FD:DF:2C:E8:16:88:DB:45:DD:7F","sha256":"35:63:22:62:0F:53:DA:FF:28:67:24:7D:9C:37:B9:10:5A:01:58:44:49:E8:5C:F0:E9:5C:71:DA:F2:07:3A:FD"}}},"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-mini-white.svg HTTP/1.1\r\nHost: www.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=31557600, stale-while-revalidate=1800, stale-if-error=3600\r\nstrict-transport-security: max-age=63072000; includeSubdomains;preload\r\nlast-modified: Tue, 09 Dec 2025 00:33:12 GMT\r\ncontent-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://*.bdimg.com https://dlswbr.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/mapvgl/dist/mapvgl.min.js https://www.googleoptimize.com https://www.googletagmanager.com https://*.alicdn.com https://*.mmstat.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.geoplugin.net https://cdn.trustcommander.net https://privacy.trustcommander.net https://*.tagcommander.com https://hm.mieru-ca.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://s.pinimg.com https://*.commander1.com https://s.yimg.jp https://sc-static.net https://d.line-scdn.net https://tr.snapchat.com https://*.youku.com https://*.userway.org; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://api.map.baidu.com https://*.userway.org; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://*.commander1.com https://*.trustcommander.net https://ct.pinterest.com https://www.google.com https://recaptcha.net https://www.gstatic.com wss://ntjp.mieru-ca.com https://tr.snapchat.com https://apm.yahoo.co.jp https://*.bdimg.com https://www.googleadservices.com https://www.google.fr https://*.googleapis.com https://ad.doubleclick.net https://*.userway.org blob:; font-src 'self' data: https://fonts.gstatic.com https://*.userway.org; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com https://td.doubleclick.net https://*.teads.tv https://open.spotify.com https://*.tagcommander.com https://cdn.trustcommander.net https://ct.pinterest.com https://tr.snapchat.com https://*.userway.org; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://dynamicmedia.audemarspiguet.com https://audemarspiguet.scene7.com https://preview3.assetsadobe.com https://player.vimeo.com https://download-video.akamaized.net https://*.cibntv.net https://*.youku.com; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:;\r\netag: \"643-6457a0e84d969-gzip\"\r\nx-frame-options: SAMEORIGIN\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nage: 2168997\r\nx-served-by: cache-osl6547-OSL, cache-osl6542-OSL\r\nx-cache: HIT\r\nx-timer: S1767430717.797408,VS0,VS0,VE1\r\nvary: Accept-Encoding\r\ncontent-length: 757\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Adobe Dynamic Media Classic","description":"Adobe Dynamic Media Classic is a platform that enables customers to manage, enhance, publish, and deliver dynamic rich media content and personal experiences to consumers across all channels and devices, including web, print material, email campaigns, desktops, social, and mobile.","website":"https://business.adobe.com/uk/products/experience-manager/scene7-login.html","common_platform_enumeration":"","icon":"Adobe Experience Platform.svg","categories":["Digital asset management"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Linkedin Ads","description":"Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.","website":"https://business.linkedin.com/marketing-solutions/ads","common_platform_enumeration":"","icon":"Linkedin.svg","categories":["Advertising"]}],"data":{"size":1603,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"39b5afb44a03e8a6d533478c2696ddf9","sha1":"b21a9b5150b6fa13bf844e88974014ccbc817147","sha256":"fca033c4b1b36d38c55363cba6129b33d6f99af138db1b28f1520475c601da03","sha512":"583d0432a821930000f72b0f81f5df1f1a24136cfd147d5391e192c5daefafe2baa71a43b8fe74eeab6f8e79c275872eaa4ed17054f57db7eb889058ac295a04","ssdeep":"","tlshash":"7d31e0ea9288e5d0e54cebb54d30b461733678ff5e29c08dded59c26b304aec4d98a02","first_seen":"2025-08-26T13:24:35.832731Z","last_seen":"2026-01-03T08:59:13.953075Z","times_seen":4,"resource_available":false,"data":null}},"time_used":863,"timings":{"blocked":840,"dns":0,"connect":7,"send":0,"wait":3,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_CODE_26397OR-OO-D417CR-01_v4?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_CODE_26397OR-OO-D417CR-01_v4?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/avif\r\ncontent-length: 40906\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"fd67f9f4db9956207f805da0e79c245b\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756091,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=152,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=180, origin; dur=150, cdntime; dur=30\r\nakamai-cache-status: Miss from child, Miss from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05ebb\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40906,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"fd67f9f4db9956207f805da0e79c245b","sha1":"bde0f294599f606288438f9cda00c4860e01f5c4","sha256":"2dea93825a70cc46732a417962546597bfcca186ae595fe86f0f4b6f7b4d3428","sha512":"e13ca54c984ce8a4df822d6e0ec42192ec3d4ae4024a5a562009d8bab8d1315cbec6b2dde0f013d6a38d733a8adee4aa9db32c0986a4d1d1575fe75762a788a6","ssdeep":"768:1R/nlv4QtOF1+AIOp9sSZ9KXrtick/HCCioso592HY6vr4uRpGAIj3rm:1RNA8OFsAIg6SZ9etiR/HCRodyNRpGAb","tlshash":"c503028b240e6718f448ccb1634ddee662d6fc54cfa31f6636235672f402ee14a46bd5","first_seen":"2026-01-03T08:59:13.954109Z","last_seen":"2026-01-03T08:59:13.954109Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_26397QS.OO.D002KB.01_v4?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_26397QS.OO.D002KB.01_v4?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/avif\r\ncontent-length: 43907\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"e4d4a40d2e3ced22d4d82afddfbd3c33\"\r\nserver: Unknown\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756092,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=253,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=141, origin; dur=127, cdntime; dur=14\r\nakamai-cache-status: Miss from child, Miss from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05ebc\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43907,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"e4d4a40d2e3ced22d4d82afddfbd3c33","sha1":"455dcca2dacf32238272f7fb5418496cdffb3ca9","sha256":"fdbb9a222b809a0bb4c7a619ad942b9d961ac041f76f023fcd1124c5348ca837","sha512":"93013e61ed433246da04631f106b986d08172223936f44800deef93f336142b34338f5fb0c9c8ffc428d5610c8db42c1977f1c0b2cef9ff2755be9ab71db91a7","ssdeep":"768:Dbi3Ot4QL0uxQ2KLvR9zph5p4uh+YWbr1RQltEYph:DbgO6QL0J2gH5ppkYWD+Hph","tlshash":"ad13f115b051bc4b92d904781dc2e1d68c06e23f56974f5ffc3ebbae4d218a0bc72996","first_seen":"2026-01-03T08:59:13.955125Z","last_seen":"2026-01-03T08:59:13.955125Z","times_seen":1,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/img/cltj_img/icon-168index.png","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/img/cltj_img/icon-168index.png HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/css/ssc_newVersion.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d2-7031\"\r\nexpires: Mon, 02 Feb 2026 08:58:38 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28721,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 213, 8-bit/color RGBA, non-interlaced","md5":"9cadfe91f4676d8abaefd706fd002c70","sha1":"3c1f5c663282388d8fa739baf8dd77edcb5a82d0","sha256":"cba1227e78513169698e2b0cf72cd24505429292ecdcb849a8f8f33b9ae5e1d9","sha512":"84ac82a47f8550b13d6d4b804928489423f851c241810d19d268f983e8a5bdf0e98c4e43ca8bddd1ec7494cb34a3374cd3842d8c45a4153ebf4cc30536c52f70","ssdeep":"384:kT4cIpHlIlqQKlgSTxqtWplA+8ixwj08iZpaffwUeyAZ1+Cr444r+RRRkLHX42PT:kT4BYSV3qnc8ffwTB04DJq3LQdt2BI2","tlshash":"ccd2d0dfdc38c182e675ac713aafbf2aa029c2a194d19c0f94e2900c4d96c099dd57e6","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-19T10:30:23.294955Z","times_seen":1390,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/png/favicon-192x192.png","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.772Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/favicon-192x192.png HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:38 GMT\r\nContent-Type: image/png\r\nLast-Modified: Mon, 10 Mar 2025 16:15:27 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67cf101f-156d\"\r\nExpires: Mon, 02 Feb 2026 08:58:38 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5485,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"a5b1faf82d3737349c94081c1fdff4b2","sha1":"90e427121b912be1cae86480ea2bbed9a9c07b96","sha256":"da4b44ac9bc4c21c560cb520df6ec93aed67444de9bd2042d07f7d1945111b40","sha512":"cb6588d3a8ebf238df508370b128f3dd740f2df03c20995e7e27b63b7ff687acb4f2fbef536bc92371182fb4ab9e2e79634fc0b92072e78aef380c394366327d","ssdeep":"96:HAxG+wJzPFBJ7OPjVDfjTmHMOtTmPoMpfrprX+bMvy4JSu:QKdT7mjTJk8frpCMvy4Jz","tlshash":"44b19e44d8b4013acbf9a8e58b7654b0cdd523b62c95f2be042b4ebec935224cf4db09","first_seen":"2023-10-20T10:37:41Z","last_seen":"2026-01-03T08:59:13.95658Z","times_seen":9,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/logo-2000x1220-white-Royal-Oak-Concept?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/logo-2000x1220-white-Royal-Oak-Concept?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:51:58 GMT\r\netag: \"2e6c3c93d836c806657884c170e0c82d\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 19123\r\nexpires: Sat, 03 Jan 2026 12:54:54 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755422,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=20, origin; dur=0, cdntime; dur=20\r\nakamai-cache-status: Miss from child, Hit from parent\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c1e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19123,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"2e6c3c93d836c806657884c170e0c82d","sha1":"22467434f4867259c0e58771d91e14a6991fc15e","sha256":"500baf204108d907e66395320dfa94e61aed8f9d6200998d679a7143b05cd100","sha512":"324e29d30b6b05e095d71225f95180e60677f92f7f6a2cce510b9f7f098334fdbcf2c8a52996954973da8d8a2cdd94fbd2e0211cf9f10c8b337b2176c339e9bd","ssdeep":"384:S+7wFZ8lF0sRLHe7bsgDtR/3tPBzWSnNWMugzvNJXdK9X77tpcmoYx:Kz8/SPB5WSV3XcdRpAk","tlshash":"e182d08d86417e32dc6da33d415a8e9de16459cda2f2290abb0e74b4197c03a74cbba0","first_seen":"2026-01-03T08:59:13.958546Z","last_seen":"2026-01-03T08:59:13.958546Z","times_seen":1,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":839,"dns":0,"connect":1,"send":0,"wait":29,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/jquery.async.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/jquery.async.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 902\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\netag: \"692aea2a-386\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":902,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (902), with no line terminators","md5":"2e3cd10cd7579756c32b479d018996ce","sha1":"f802c0231c81b061352b3c7bb4c64c143ce353f2","sha256":"9b52ff42b1430595e38ae165b5a8ac6719c0bfddf9407ef9bc720dc30f2d3e5f","sha512":"f268b0dfed8599261280098146616a56bf347d56edaae23924373d6f09c09df07eae57e89cd05fc86175aaa6e3c6d1e12a987a5ee5bb5d678a8e65db3a04c421","ssdeep":"","tlshash":"4a119cd87791a6050752b46c077f211cd23638141c1f9558b6bef4e25c1931eb12e9b0","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.280743Z","times_seen":1395,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/ssc/head_aozxy5.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/local/ssc/head_aozxy5.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 338\r\nlast-modified: Sat, 29 Nov 2025 12:42:26 GMT\r\netag: \"692aea32-152\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":338,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (338), with no line terminators","md5":"c3261b46b0ab83708346a608d8c628ce","sha1":"39835e5d93ce2c5473c7375d9e4492878e598081","sha256":"a4cd3a4af2595491fd9ea98f5faeb959eb00bf0d04c9dfb358dca7685a27ab97","sha512":"cc1ad508f567605d8348557eb0908be2d0638eeb9dbfcdaf750978ed7597efade08560c04c31cdcfb4a7872892cae2c311381fcd91a849628ccda69bb4460987","ssdeep":"","tlshash":"14e078cd45513c04b16dd13811378509d2b2180c104b9d4f1d73e4c3e4d49fd207d38d","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-18T09:06:17.707353Z","times_seen":254,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/png/favicon-16x16.png","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.772Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/favicon-16x16.png HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 530\r\nLast-Modified: Sat, 08 Mar 2025 05:23:59 GMT\r\nConnection: keep-alive\r\nETag: \"67cbd46f-212\"\r\nExpires: Mon, 02 Feb 2026 08:58:38 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":530,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"e05cf188d736774a64b07e6dcde5561e","sha1":"a0db9f87b7c729066c4326e970009d73ef93f2b2","sha256":"3f6ec32284c1dad6277a16d39d0a4ee82216a7a412c5f0dbef1eb82430a8452d","sha512":"e58940c2bd492873b3ad713e32519362ed4b1e2fdc00aa4b1e85301edea41e775b22bc063b6a5b3e367b90bbcc62ce06c1d520d184a00d73c819494a07b12255","ssdeep":"","tlshash":"02f0c041fa96aa12839013512605acb9dedf05e344b8d7284305e2653ed7a815db0bf5","first_seen":"2023-10-20T10:37:41Z","last_seen":"2026-01-03T08:59:13.961547Z","times_seen":10,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:44.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:44 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"9aa400dc15fc95c3ceaaced5d21e8cdb","sha1":"190a9c99c26400c254baa6772a94ebb91fb56e70","sha256":"0ab3fd3b291fc01df2edc99c31b8e04246dd0845ca09a6088addbe7ce4560eda","sha512":"70289e75b59d09dbec4f1bbfd35aebceea2db05bd9750128d2d0a8814fb4cb32b9fc0792328dc83e1787d8817c6d62d64d19fc6a11d9619347d74fc74d94c1ef","ssdeep":"","tlshash":"ba11d4557e2e2c79ff12b1f2782bb0eaa42533125de46f55878dcf14804163a2bcd904","first_seen":"2026-01-03T08:59:13.962825Z","last_seen":"2026-01-03T08:59:13.962825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:48.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:48 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"b2adec9bbb456b21fdd1144e9f8cf73c","sha1":"64b5c6698d42f5f68ddc12ba971b987d0890fbae","sha256":"ca6eb144f2e883e8f07c1d8c519c7fde85e03b08e45a94abd4fd64285c3ea586","sha512":"3c7087033d39ea6b5f39c60e96eb1729f0a6a7507a16b3cb8c989eb751f0b053abd50e5454eba4fac014d99d1d49f5faa5f9123a25f8ae6c74d89caac7f330ef","ssdeep":"","tlshash":"ca11d4557e2e2c79ff12b1f2782bb0e6a42533124de56f55878dcf14804163a2bcd904","first_seen":"2026-01-03T08:59:13.964056Z","last_seen":"2026-01-03T08:59:13.964056Z","times_seen":1,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.927Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: text/css\r\nLast-Modified: Fri, 21 Mar 2025 00:14:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67dcaf50-56502\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":353538,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"f58e513bd13493fc125113dd9d185568","sha1":"e8191422968126ea26d95feb3f5f3b1baeaed6bc","sha256":"3504149c84f9671e3b44846ffbdd169b75b9b64cad56f32ac802b2b054369e33","sha512":"40050096d3e601309268a1b0b39d8e451a931bef46ef4bb499d00e65d578fa803edf48be22abbb0737256f9e6ddd4a53d3a0c95c9872ce23342df6c9328f2505","ssdeep":"1536:tfpY2BN8CUHjTXE/k0jrt8K0JIH3lcMgDCSu4df/0usC4ulZrmi00Dif/k0il/yj:RN8CcTXWDam","tlshash":"ba745358f904e2ba2a37a435675ca27d3105b8178f692fe7bb90910419cfff2612335e","first_seen":"2026-01-03T08:59:13.965054Z","last_seen":"2026-01-03T08:59:13.965054Z","times_seen":1,"resource_available":false,"data":null}},"time_used":972,"timings":{"blocked":213,"dns":0,"connect":233,"send":0,"wait":292,"receive":234,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/css/content.lc-5797e8e7d68b9d8bf73ee762c36c2426-lc.min.css","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/content.lc-5797e8e7d68b9d8bf73ee762c36c2426-lc.min.css HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: text/css\r\nContent-Length: 50\r\nLast-Modified: Tue, 04 Mar 2025 02:01:22 GMT\r\nConnection: keep-alive\r\nETag: \"67c65ef2-32\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"5797e8e7d68b9d8bf73ee762c36c2426","sha1":"d86601166742c5951755a2fa5fe6afe9d2730ff6","sha256":"2c368abd119a1d9ba4dba821e8021ea8d2c70047f21cb606118750ee9b5a9ac7","sha512":"7b631e88521b423921b61fd5acdc47c9b3378e0902f8766a31d8601e7d4c102d4184f6a4bef3d57b94c33a0a598b958cea856213c13a1e9d74e259fae39504f6","ssdeep":"","tlshash":"149002744254f261d7b57202455425402010c405b0925169ded83a0686c0a507998e04","first_seen":"2023-06-06T22:44:30Z","last_seen":"2026-04-14T11:51:53.697066Z","times_seen":55,"resource_available":false,"data":null}},"time_used":690,"timings":{"blocked":460,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.audemarspiguet.com/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-mini.svg","fqdn":"www.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"151.101.239.10","port":443,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.audemarspiguet.com","organization":"Audemars Piguet (Marketing) SA"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Sun, 25 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:88:6C:26:59:D8:30:35:02:47:FD:DF:2C:E8:16:88:DB:45:DD:7F","sha256":"35:63:22:62:0F:53:DA:FF:28:67:24:7D:9C:37:B9:10:5A:01:58:44:49:E8:5C:F0:E9:5C:71:DA:F2:07:3A:FD"}}},"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo-mini.svg HTTP/1.1\r\nHost: www.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://*.bdimg.com https://dlswbr.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/mapvgl/dist/mapvgl.min.js https://www.googleoptimize.com https://www.googletagmanager.com https://*.alicdn.com https://*.mmstat.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.geoplugin.net https://cdn.trustcommander.net https://privacy.trustcommander.net https://*.tagcommander.com https://hm.mieru-ca.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://s.pinimg.com https://*.commander1.com https://s.yimg.jp https://sc-static.net https://d.line-scdn.net https://tr.snapchat.com https://*.youku.com https://*.userway.org; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://api.map.baidu.com https://*.userway.org; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://*.commander1.com https://*.trustcommander.net https://ct.pinterest.com https://www.google.com https://recaptcha.net https://www.gstatic.com wss://ntjp.mieru-ca.com https://tr.snapchat.com https://apm.yahoo.co.jp https://*.bdimg.com https://www.googleadservices.com https://www.google.fr https://*.googleapis.com https://ad.doubleclick.net https://*.userway.org https://needle-engine-analytics-v2-r26roub2hq-lz.a.run.app https://cdn.needle.tools https://www.googletagmanager.com blob:; font-src 'self' data: https://fonts.gstatic.com https://*.userway.org; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com https://td.doubleclick.net https://*.teads.tv https://open.spotify.com https://*.tagcommander.com https://cdn.trustcommander.net https://ct.pinterest.com https://tr.snapchat.com https://*.userway.org; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://dynamicmedia.audemarspiguet.com https://audemarspiguet.scene7.com https://preview3.assetsadobe.com https://player.vimeo.com https://download-video.akamaized.net https://*.cibntv.net https://*.youku.com; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:;\r\ncontent-encoding: gzip\r\netag: \"646-64696778dc861-gzip\"\r\ncache-control: max-age=31557600, stale-while-revalidate=1800, stale-if-error=3600\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=63072000; includeSubdomains;preload\r\nx-frame-options: SAMEORIGIN\r\nlast-modified: Tue, 23 Dec 2025 03:52:05 GMT\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 962895\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nx-served-by: cache-osl6521-OSL, cache-osl6542-OSL\r\nx-cache: HIT\r\nx-timer: S1767430717.797117,VS0,VS0,VE2\r\nvary: Accept-Encoding\r\ncontent-length: 757\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Linkedin Ads","description":"Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.","website":"https://business.linkedin.com/marketing-solutions/ads","common_platform_enumeration":"","icon":"Linkedin.svg","categories":["Advertising"]},{"name":"Adobe Dynamic Media Classic","description":"Adobe Dynamic Media Classic is a platform that enables customers to manage, enhance, publish, and deliver dynamic rich media content and personal experiences to consumers across all channels and devices, including web, print material, email campaigns, desktops, social, and mobile.","website":"https://business.adobe.com/uk/products/experience-manager/scene7-login.html","common_platform_enumeration":"","icon":"Adobe Experience Platform.svg","categories":["Digital asset management"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1606,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee41da5d67c7a604eaaa3901078f42ec","sha1":"e6a3685fa0b57b08a1a309034f838ad3bdb394a9","sha256":"fa1227f91965d7749c5cf1581dc7f0bd99f5859590f8ff0a2b53ddc149bcb3d4","sha512":"e5e51736f9969bfe5cfbd0b86c04d56f6e7f66790a109744619b5e0ddcf21063ab4e29094da83758cd95b3cc8041aa159e006520997c0bf1e2eb7ed58dcb9a85","ssdeep":"","tlshash":"7231f4e992c8f5d0e54ceb754d347461b336b8ff5925808eced49c16a214aec4d98a06","first_seen":"2025-08-26T13:24:35.856839Z","last_seen":"2026-01-03T08:59:13.967369Z","times_seen":4,"resource_available":false,"data":null}},"time_used":864,"timings":{"blocked":840,"dns":0,"connect":3,"send":0,"wait":4,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/logo-2000x1220-white-remaster_generic?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/logo-2000x1220-white-remaster_generic?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:21 GMT\r\netag: \"0241be2c3e9a3754e2884158f2e89dfe\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 13785\r\nexpires: Sat, 03 Jan 2026 18:05:55 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755424,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[c=p,n=SE_M_BROMMA,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=17, origin; dur=0, cdntime; dur=17\r\nakamai-cache-status: Miss from child, Miss from parent\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c20\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13785,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"0241be2c3e9a3754e2884158f2e89dfe","sha1":"5d863687907dbda8f9500279105ac5f4ac928542","sha256":"9263ebb9abc449634d70ecb0303a01722e5a731bee8c806a0a01c030e39ed5ae","sha512":"9212deeda218da052cc87c9c0a48b3085e8723ab4c9f16c56f007521fb44364c9b523613e64def604824f03756d0f253be5b8db2625dac4b22e540a192331194","ssdeep":"192:+zC6h5PBXuGy/sFrr1Nbacr6sOusKUzBjUtIfJDjIY6gUvZ5f5QV1pUZG5XOstN7:S35PsGVVz6fusK0LfJH+g8QVHJ","tlshash":"2f52bfa6e1a93c63fd6821ba40087860525eaf6bf0c919ac35cd024dff752ee5127c46","first_seen":"2026-01-03T08:59:13.968224Z","last_seen":"2026-01-03T08:59:13.968224Z","times_seen":1,"resource_available":false,"data":null}},"time_used":891,"timings":{"blocked":839,"dns":0,"connect":1,"send":0,"wait":32,"receive":1,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/woff2/neue-helvetica-45-light.woff2","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.942Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /woff2/neue-helvetica-45-light.woff2 HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 24468\r\nLast-Modified: Fri, 14 Mar 2025 05:54:52 GMT\r\nConnection: keep-alive\r\nETag: \"67d3c4ac-5f94\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24468,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24468, version 1.0","md5":"a6e48a296b98da9dbbb54c02a1496f09","sha1":"06edaaed9b9ef3db1f4881acbc97431626ee7c55","sha256":"6f0b9a5ba7ba02aa7ea0e907d8f5b0980bf8da9ce0e9013ad902478e7050b2dc","sha512":"01c3787908183f2102324fe405a925c3dcf4cd34297385fed66db9d17cef6ea96563dde0dcc17f2cd54c89e3be4d7c57eb2ff8db79e098fa3c2ff1abb0b05089","ssdeep":"384:CahquK2x6xndd7BxPbZ/TZb4H8V/+jXXl/t3LlED9laI8Ob5yN97dmWbUNUVuJ:Caz8RvpZb2Q/+jnxt7GPLty3RwNxJ","tlshash":"6ab2e033dd50a181ef76c72edf06b148a13c6e52fe86f3cf6e490c295102b6a17d1826","first_seen":"2025-08-26T13:24:35.807949Z","last_seen":"2026-01-03T08:59:13.969312Z","times_seen":4,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_26674SG.OO.1320SG.01_v3?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_26674SG.OO.1320SG.01_v3?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"2b38709004bdad5adf27b64a4b7cdc7c\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 42936\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756088,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=152,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=143, origin; dur=0, cdntime; dur=143\r\nakamai-cache-status: Miss from child, RefreshHit from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05eb8\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42936,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"2b38709004bdad5adf27b64a4b7cdc7c","sha1":"78e264d1b47b8af2d62ec6355b146f22d577d5eb","sha256":"98ccf145bbaec524be3e809a0b1a36378549ccdfff63f30d475caf39aad6ddc7","sha512":"f60f1fdba0617f9f595ec7be05fe7ffffe8a8f1df0ce24db9c7322a1b3ad9a66d6708696aeacf19d72f30227c0a07c41bcd66bb77a110d3ee3dd1e9e63ec04b1","ssdeep":"768:dmcrFbK7sU0nT6fP95c8/kQYKtfL27vi/AVZNBOkmDpK4ctKnCRylRAz+JWa11Tv:dFrV8svT6fPX/kQ9D4i/GNsDp/ctgOz0","tlshash":"d413f111be70e34ad4a16434886bc13d2bfd646d6f7c990a6bb71084d8c35f568f164f","first_seen":"2026-01-03T08:59:13.972024Z","last_seen":"2026-01-03T08:59:13.972024Z","times_seen":1,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/chunks/chunk-src_main_frontend_componentsV3_Lookbook_LookbookWrapper_vue-49dbfb498889a249aaa2.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.000Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/chunks/chunk-src_main_frontend_componentsV3_Lookbook_LookbookWrapper_vue-49dbfb498889a249aaa2.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:38 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68e91066-e3b8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-04-19T10:52:12.950917Z","times_seen":10805,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":237,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/css/pk10.css","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/css/pk10.css HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-53fc\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21500,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"4ad2a39088656d3fbc9a8695463fb540","sha1":"c736fced00b9a629bb98d61e8e662394ff2afe53","sha256":"ce537293741ba0dbc920bd27a9bcfb575ce7382ea545f812071851932bf5a8f9","sha512":"c8648f0d3db43f80502064c7c0bf8a29345de217b3363eaa77e78c4a13f759c173f867743b80caedab875603c1d36c690d1ad8a82c001514ca9c64cb8d02a907","ssdeep":"384:Il/unsDrTtY0JMVYTJbtl/wqozQ2isEUc8JvWNJo4OD2bMX6t2Wn00LtK0N5djwC:Il/unsDrTtY0JMaTJbtl/wqozQ2ishcF","tlshash":"37a20439166a2d8db2539aaabff41fd63ec084150b0b42eff5d3ba1853c56702c631c9","first_seen":"2023-04-07T04:13:03Z","last_seen":"2026-04-19T10:30:23.194082Z","times_seen":1343,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/drawLines.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/drawLines.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-613b\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24891,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24891), with no line terminators","md5":"7db0502baf867aa0663475b899ffb19e","sha1":"a69f4ef6ab52c62d9885dc55b733c8c37687383e","sha256":"8a3eec9c6525ce4aad8b37e0a188f4716a8fcdec24ee894d2f8ffec447872fbb","sha512":"68964174935137b93491d1bea5e3fec05f068dabd36cf5670bb03c6c4eb30bdfbc493b8002eb8d1e46d7289f9c8430d25d230e1e6870d89fe53cf0f7be78794b","ssdeep":"768:uVYu93uZgDPN6cypp08tc25yBY/BEMXH7YE7cpv:u19MgDl6NppjtDwBY/BEUH7Yecpv","tlshash":"18b208eaf2863475818b63a9143f6749f13368156e06844cf479d8d26d38f8970bfe78","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.248689Z","times_seen":1395,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:53.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:53 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"99f66960b8f92c12a821ce2ba7261cee","sha1":"c1cd66b818cc294b495209d1da1b9a6ff35fecd4","sha256":"1e215aff52bb0a620e59f6639601b7f08393c8a40c0bc9ea7d77d462643896b7","sha512":"9415376d6e2a07e0e864c4d97497027bd9427c4b48ccb701222d540b99a9318bfe18adf02c10fd4fdd3de74cf512882ad42e2b1ab735671338557038e5efe9f7","ssdeep":"","tlshash":"1511d4557e2e2c79ff12b1f2782bb0eaa82533124de46f55878dcf1480016362bcd904","first_seen":"2026-01-03T08:59:13.97658Z","last_seen":"2026-01-03T08:59:13.97658Z","times_seen":1,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.audemarspiguet.com/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo.svg","fqdn":"www.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"151.101.239.10","port":443,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.audemarspiguet.com","organization":"Audemars Piguet (Marketing) SA"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Sun, 25 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:88:6C:26:59:D8:30:35:02:47:FD:DF:2C:E8:16:88:DB:45:DD:7F","sha256":"35:63:22:62:0F:53:DA:FF:28:67:24:7D:9C:37:B9:10:5A:01:58:44:49:E8:5C:F0:E9:5C:71:DA:F2:07:3A:FD"}}},"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/static/audemars-piguet-logo.svg HTTP/1.1\r\nHost: www.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 02:54:49 GMT\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=31557600, stale-while-revalidate=1800, stale-if-error=3600\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\netag: W/\"286d-645a444accf62-gzip\"\r\ncontent-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://*.bdimg.com https://dlswbr.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/mapvgl/dist/mapvgl.min.js https://www.googleoptimize.com https://www.googletagmanager.com https://*.alicdn.com https://*.mmstat.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.geoplugin.net https://cdn.trustcommander.net https://privacy.trustcommander.net https://*.tagcommander.com https://hm.mieru-ca.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://s.pinimg.com https://*.commander1.com https://s.yimg.jp https://sc-static.net https://d.line-scdn.net https://tr.snapchat.com https://*.youku.com https://*.userway.org; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://api.map.baidu.com https://*.userway.org; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://ob.isstarsbuilding.com https://obs.isstarsbuilding.com https://*.commander1.com https://*.trustcommander.net https://ct.pinterest.com https://www.google.com https://recaptcha.net https://www.gstatic.com wss://ntjp.mieru-ca.com https://tr.snapchat.com https://apm.yahoo.co.jp https://*.bdimg.com https://www.googleadservices.com https://www.google.fr https://*.googleapis.com https://ad.doubleclick.net https://*.userway.org https://needle-engine-analytics-v2-r26roub2hq-lz.a.run.app https://cdn.needle.tools https://www.googletagmanager.com blob:; font-src 'self' data: https://fonts.gstatic.com https://*.userway.org; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com https://td.doubleclick.net https://*.teads.tv https://open.spotify.com https://*.tagcommander.com https://cdn.trustcommander.net https://ct.pinterest.com https://tr.snapchat.com https://*.userway.org; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://dynamicmedia.audemarspiguet.com https://audemarspiguet.scene7.com https://preview3.assetsadobe.com https://player.vimeo.com https://download-video.akamaized.net https://*.cibntv.net https://*.youku.com; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:;\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=63072000; includeSubdomains;preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 2009027\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nx-served-by: cache-osl6547-OSL, cache-osl6542-OSL\r\nx-cache: HIT\r\nx-timer: S1767430717.797204,VS0,VS0,VE2\r\nvary: Accept-Encoding\r\ncontent-length: 4273\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Linkedin Ads","description":"Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.","website":"https://business.linkedin.com/marketing-solutions/ads","common_platform_enumeration":"","icon":"Linkedin.svg","categories":["Advertising"]},{"name":"Adobe Dynamic Media Classic","description":"Adobe Dynamic Media Classic is a platform that enables customers to manage, enhance, publish, and deliver dynamic rich media content and personal experiences to consumers across all channels and devices, including web, print material, email campaigns, desktops, social, and mobile.","website":"https://business.adobe.com/uk/products/experience-manager/scene7-login.html","common_platform_enumeration":"","icon":"Adobe Experience Platform.svg","categories":["Digital asset management"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10349,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c83cd79e398975700f5d348f40328f75","sha1":"af59aabb508492b537d4f9343d669793adb1b243","sha256":"408f836282f8fcaace0f128b8bc921d72d5708f44984d2a3d6b83981ac3941e0","sha512":"09a77898d83961073928e7ece8a0cf270884d5f16e7811eaca90433b785419f7f50bc7160e7794dc17ea1a7cd70311a55c43c5a8452068dc58873f598259b083","ssdeep":"192:UgIWNBskdDC1wvYFsaTLbbBhuBzPaDofq85LYK4LR05/uOVVMa0l:fIYVkavYFvx0eO99km5/uOX0l","tlshash":"3a2295ca5b3091dc59dbed9dff26c848275ee8bd69ba81c4469edf182887dc0f609c10","first_seen":"2023-10-20T10:37:40Z","last_seen":"2026-01-03T08:59:13.97771Z","times_seen":14,"resource_available":false,"data":null}},"time_used":865,"timings":{"blocked":841,"dns":0,"connect":3,"send":0,"wait":4,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Noto+Sans+KR:wght@100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Noto+Sans+KR:wght@100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 03 Jan 2026 08:58:36 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":94901,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1146)","md5":"c40a1180708970b4b3d01831b2542521","sha1":"9ff69f698154eeccfa22f36f5cad02c6f0d8cae7","sha256":"3919834627ed34c128ace71c31868ab9818a4d3e7b20b2e7767060555a614de9","sha512":"037b78912f8599117584142d6fd0b2aed079042ed3542b13e843e437a3c6925d16d3cf13d14435e4b003db7e030b6f930025851460f7c69ad4dedec08f61f7fd","ssdeep":"1536:zVqaMboZW1fAllPo2kZ05LYuXQ9LENf1ciWjKFbyQ:O4kuC2MQ","tlshash":"6f9340b50617cdeefed74ce662cea5227f6c28757900c1fc66f54886ac1a01ad18af4c","first_seen":"2025-09-09T23:07:28.482797Z","last_seen":"2026-01-03T08:59:13.979281Z","times_seen":61,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":56,"dns":1,"connect":8,"send":0,"wait":25,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_26665SG.ZZ.D209CR.01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_26665SG.ZZ.D209CR.01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/avif\r\ncontent-length: 37551\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"89198ae49982acab3a29f58831787c71\"\r\nserver: Unknown\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756094,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=104,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=180, origin; dur=149, cdntime; dur=31\r\nakamai-cache-status: Miss from child, Miss from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05ebe\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":37551,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"89198ae49982acab3a29f58831787c71","sha1":"12f157cb88ee96718aa0a90a4e9c1d464f8cd163","sha256":"c98f7b257c65bc49a78632570eb820f547ce909b67f4874fa8789efab05a5cf4","sha512":"e09ec12395624dae9db5fafeca19739708687b3c0c8d226be5664c6a959d27ad0e61a49299e446c341b9f63012e7bf561a69fbb292358508ed4e7fad607afc95","ssdeep":"768:U8DW3NcAaIpvSidSzSaAkDXVz7HGdGAz7uLNt6mXT9zLQdPRKsNIOeb:03bvvdSzS/kDXVz7mYA+amXT5MdRO","tlshash":"0bf2f1495209fe15c1b89ebfe179fa484e02f1b90fc4b3994f1d5584b9402f69e8c8ca","first_seen":"2026-01-03T08:59:13.980112Z","last_seen":"2026-01-03T08:59:13.980112Z","times_seen":1,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCaiList.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCaiList.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:41 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":84752,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (65520), with no line terminators","md5":"983bc77e8f2ddb84fb809990c4a81203","sha1":"d8590e690842d6666db0be09f9ce99604e8af635","sha256":"578d11e1ac9bf4e91f5ad09f1d00a7e92cebf4335063decfe9bcc3f1300deaf8","sha512":"fbecb7b4d5a2eacf76bb5c63ec239b802bf90ae09fe9715effc03eb03e98985c9b4e271e3954b7eee92c7858608521a6cd5f960c0c6f3d6479e2f3cd6b873809","ssdeep":"384:Enw/TVAP2KQaqZMDuh3913wjxgwSC6x2K6c3Zwx233EE6Hw/uiBkjrwSv5RzhPSu:e6Jnbqiy6k4Qo7Q2EuX2hB","tlshash":"c683fb193a6f2477ae1077b038abb4e7f46117234eb24f574b5ecb60c146b1e1a8f909","first_seen":"2026-01-03T08:59:13.981593Z","last_seen":"2026-01-03T08:59:13.981593Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5483,"timings":{"blocked":2548,"dns":1619,"connect":232,"send":0,"wait":386,"receive":0,"ssl":697},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/img/bg_icon.png","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:39.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/img/bg_icon.png HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/css/public.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d0-3c2a\"\r\nexpires: Mon, 02 Feb 2026 08:58:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15402,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 948 x 404, 8-bit colormap, non-interlaced","md5":"821582b0c313e76c4f0d979664edf668","sha1":"dda5e9d9e4cee99daf3af76f83ffab6b712e7697","sha256":"a5c7914a21f1db358506caaf95ff6d1838769e4c303e6cfa5ebbacdb0b97643b","sha512":"160d5161b10f7bd73c5662b492bd83bd8caaaf1e140aa9d12e44e8aacd25d5124abeffa1d2f1ebbbe4efa0ca8e1b1ab5bba984057973d0677c5e88ef433d681c","ssdeep":"384:CzJsgcvepxLlsLiqMcNrr/OabQ+7211haD:C1sOpxAjrOaU+72jUD","tlshash":"2962c09588d5790b3e243be38e1524237a7ebe5342b0434b8606743e1f458bb286bad7","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-19T10:30:23.31444Z","times_seen":1384,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T08:58:35.396Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:35 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sat, 29 Nov 2025 04:45:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"692a7a6a-26ff8\"\r\nSet-Cookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e; Path=/; Max-Age=259200000; HttpOnly\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OneTrust","description":"OneTrust is a cloud-based data privacy management compliance platform.","website":"https://www.onetrust.com","common_platform_enumeration":"","icon":"OneTrust.svg","categories":["Cookie compliance"]}],"data":{"size":159736,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (339)","md5":"5f449c24c05c4f06ce5feb866fba0978","sha1":"ba1104849e4fd5b2933799d1bb3ae154b389d2aa","sha256":"268130095f0dc4f5749a5041f6dea20d567c47138c950acdbbc866b1be7c8fac","sha512":"78484039c1c7718c216a8ffa54dce345996a575e202fc1f17d5804ecf543ff259c1c3c28eaaabc4ea464ac3048d77ba249f1f7d6b44706acf26d61a9fe32b252","ssdeep":"1536:OgwRJy5QBA3b5Ej+EQMV2xIk6Q2cKTHYdqPfKpcrX+KJnHIIrg62rSp3rSAMr8wf:OgwDy5pNEQMV2OLM3crT3JOXoXYB","tlshash":"09f3a621d0f57226118341f42aa12e29ef91d25bdf4a9c11b1edcb6c4fe7f86ac2790d","first_seen":"2026-01-03T08:59:13.983487Z","last_seen":"2026-01-03T08:59:13.983487Z","times_seen":1,"resource_available":false,"data":null}},"time_used":920,"timings":{"blocked":229,"dns":0,"connect":229,"send":0,"wait":232,"receive":230,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/html/aozxy5/index.html","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/html/aozxy5/index.html HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:37 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 29 Nov 2025 12:42:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea26-8aac\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":35500,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"168906105169211c19d84d1b31821df7","sha1":"665f053fbd77c566333d876cd1dc4aeefcd68c05","sha256":"e9a2e7c95095b3aa43115899f72f1c9d294e4dbefc1caab9f440a2096ad30967","sha512":"120bfe7813451ca1786dee5cc2aec680006f4fef4238ff240a9e1d97382fbb8f8b6cfd4e78ecc9364236dd24900912b2a399060388e07788a08136c330648464","ssdeep":"384:LJDZhWSbnuKfofRju6qdvLj6OLIERqALgLt3WL9d1qd71qGLURUW81quE9aOafa3:LMStdxBfOpwstLRS7Z8N0kU9Ryfjqf","tlshash":"45f2bb2876eeb52a422392c750b96b45a1cfcd34db62596bb1fb137323c7d90780f126","first_seen":"2025-04-16T02:08:15.768603Z","last_seen":"2026-04-18T09:06:17.756059Z","times_seen":211,"resource_available":true,"data":null}},"time_used":2054,"timings":{"blocked":908,"dns":203,"connect":234,"send":0,"wait":235,"receive":0,"ssl":473},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_RO_26674ST-OO-1320ST-01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_RO_26674ST-OO-1320ST-01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"c327bc03d62f65bf4c6e97d0a0cb10a0\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 81757\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756089,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=219,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=133, origin; dur=0, cdntime; dur=133\r\nakamai-cache-status: Miss from child, RefreshHit from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05eb9\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81757,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"c327bc03d62f65bf4c6e97d0a0cb10a0","sha1":"8eb3ebdcfa2f8e74e0cfd24f23bce66c6a353754","sha256":"e004a67b163a5621b87865270123e86b0872ef46d877242b8144a940778f70ee","sha512":"0f604a7b68e41546941cbaac29fdf8bc7560171f082d3aaa77bb870f1075e9fe955d2f805b218eb9941aaa079fba4cbaa04894c9cecd9630306708f15301045d","ssdeep":"1536:tqyCdYHorC+IRxpWO5v6FIwaSN0HVWJPvahsMGuTp32w3fTAwg:tqyCdaNRxx5YIhH+kpAn","tlshash":"608312fcce767811f9680ab94de2b19878d1283dd6487c083aa64ddf4f75a120b17d88","first_seen":"2026-01-03T08:59:13.985986Z","last_seen":"2026-01-03T08:59:13.985986Z","times_seen":1,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/css/common.css","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/css/common.css HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-f71\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3953,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"e5b033e1840c9ced6b1373bd703f48c4","sha1":"39b3c23ca20086705ef134eb88b287704aad1931","sha256":"c2485a8fcb032d8921a78c0c0956e8842f4b6cdbcd2a0266cb1197ef96726f47","sha512":"f0c5d2797a9182391247dedae9d6449b46fcbda7f4b2ad8f30bb243cf474ae87bdb1fa48a4fbcd3e81e512e135b4acc0bab7e10478f99728dddfec414a92d565","ssdeep":"","tlshash":"818102b226353e44b519f4bcae60bfd19b2a4126bf0f0d562491b43cc3859f8077b28d","first_seen":"2024-08-17T08:27:12Z","last_seen":"2026-04-19T10:30:23.262948Z","times_seen":1270,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:46.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:47 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"15e122632b7be7144aea7cadee7b17c6","sha1":"538209299275883f58480badb862d48dba13b9db","sha256":"63c87c0066fc2a98c0293d8f99070077c20df194fd8f337dc292ef486d4b948e","sha512":"263df3ee5c65f88df207868fcb7176b77425b3800356f7406c75dd2154112fd6b3c1098c6d30819127761668429a3424429919472d3ec1f85ad92915484c16e0","ssdeep":"","tlshash":"c31194557e2e2c79ff12b1f2782bb0e6a42533125de56f55878dcf14804163a2bcd905","first_seen":"2026-01-03T08:59:13.988312Z","last_seen":"2026-01-03T08:59:13.988312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:50.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:51 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"ff843f06016139d92007d86a783b3d6b","sha1":"673acf06e545b7f984b5d98192f9749cd7142463","sha256":"a09b35afdc45c0286baac018441d183aeba4e8bca4506cbed4ba4c4d68cd9d86","sha512":"2391b86c2ff2d8df0f45726a67f97f6ac0efc2b14305dd5634e6d6b6f1ffb99b5c8ccc7b1617bd494e72a74d19f622658abc626a5369ab45972fb6390cad238e","ssdeep":"","tlshash":"2a11d4557e2e2c79ff12b1f2782bb0eaa82533124de46f55878dcf1480016362bcd904","first_seen":"2026-01-03T08:59:13.989686Z","last_seen":"2026-01-03T08:59:13.989686Z","times_seen":1,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/css/onetrust.lc-e3a87f952b10202e2d47ac691be5834c-lc.min.css","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.926Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/onetrust.lc-e3a87f952b10202e2d47ac691be5834c-lc.min.css HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 04 Mar 2025 04:41:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67c6847e-4d79\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19833,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (635)","md5":"60c158d48996affc7ba0618120f39833","sha1":"c2010b23125520054f015c78fd4d22785b4db7b6","sha256":"b8e5a67eb8ab1bc587e55708a1ab156f2fa7c588c2923369049814964de2603a","sha512":"3755ea513581169e46b6210960233d0fcf60e89da94a78fe25ba76ea6429c394f641eee33d62757441ed214771ca52c0bd1387fee78cceb7189daa6a40962767","ssdeep":"192:EO6btEiOzwIG3g8fk9hVpkG9c/lOLiJgd3usW3O4FZeyKXCaC9Nb/3EMw1xb6DZU:KCusW3OZ71i906ZAv","tlshash":"4392619a3a95f309e7e79759950379d47600696ffeb398dde101a3b4488c3e34cc420e","first_seen":"2025-11-23T02:11:10.059653Z","last_seen":"2026-01-03T08:59:13.991564Z","times_seen":2,"resource_available":false,"data":null}},"time_used":781,"timings":{"blocked":542,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/logo-2000x1220-white-Royal-Oak-Offshore?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/logo-2000x1220-white-Royal-Oak-Offshore?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:51:58 GMT\r\netag: \"89dd7f8e6dd6b74e3022555a5b11d52d\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 19370\r\nexpires: Sat, 03 Jan 2026 12:54:54 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755425,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=34, origin; dur=0, cdntime; dur=34\r\nakamai-cache-status: Miss from child, Hit from parent\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c21\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19370,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"89dd7f8e6dd6b74e3022555a5b11d52d","sha1":"8596d73c28d42538c09aded0154f21268b58233e","sha256":"2855502ec246af8b810b5abff75eb2a3c61d41170ed65efb3b81733e411d70b8","sha512":"f8d3932e1b95b1aff0b709b882544d3cb18d605dcf893d357ba284128e4c8cd4585364830373440bb540ff8ec670bebd304b75cc200a376a7c3e295f9bcf0e28","ssdeep":"384:SVchcyShjVP3x32joJ3I9lTM79FDQfr4pzkwkTwIApwZr5Iwp:ML3I4I9G0T4pzkwk8y","tlshash":"bb92e0b766da1b0cc46232fb968b6b9227a67344b2373f1d06907879de217100f375b8","first_seen":"2026-01-03T08:59:13.993651Z","last_seen":"2026-01-03T08:59:13.993651Z","times_seen":1,"resource_available":false,"data":null}},"time_used":902,"timings":{"blocked":839,"dns":0,"connect":1,"send":0,"wait":42,"receive":1,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/publish.lc-8de30b27ff2db9f0c4a4441c14c6a62d-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.091Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/publish.lc-8de30b27ff2db9f0c4a4441c14c6a62d-lc.min.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 25 Feb 2025 10:35:28 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67bd9cf0-33140\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65474)","md5":"8de30b27ff2db9f0c4a4441c14c6a62d","sha1":"eea805a09cbcb2caecdb0bf8ad0898d4aa2f51a4","sha256":"9627bcf16bc2ba2d617383fb216baa09623a1eea3c39b1c8dad128f7c347d1ed","sha512":"0b5228f351b13ab9f3ced6b59e299e248c102bbe8c1fa99d11682d3e48345d10cdddd9756255fda234400093956560470ffd2a48ff9b67ad610c8c7c88f89021","ssdeep":"3072:C9eu3yBjY6sGtmhftrSOabKmeVZLJicjLlciRLWnrxT+:C9euD6sGtmhfhZhjZLJl/ldKi","tlshash":"44145c41b250f47324f3015b96bf1b0ff1696a5a90329850f361ecee668fe99423177e","first_seen":"2026-01-03T08:59:13.995401Z","last_seen":"2026-01-03T08:59:13.995401Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1252,"timings":{"blocked":535,"dns":0,"connect":0,"send":0,"wait":256,"receive":461,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/etc.clientlibs/ap-com/ui/clientlibs/publish/resources/chunks/chunk-src_main_frontend_componentsV3_Lookbook_LookbookWrapper_vue-913a5eaa7f7e6f5f0b47.css","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:37.999Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /etc.clientlibs/ap-com/ui/clientlibs/publish/resources/chunks/chunk-src_main_frontend_componentsV3_Lookbook_LookbookWrapper_vue-913a5eaa7f7e6f5f0b47.css HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:38 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68e91066-e3b8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-04-19T10:52:12.950917Z","times_seen":10805,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/css/ssc_index_add.css","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/css/ssc_index_add.css HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c6-55a8\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21928,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (21920), with no line terminators","md5":"ec31771acfe250f8e37425275646d5b9","sha1":"5786f4e685bd67c0f532d9cbabfb698aa11c5b9e","sha256":"257c2ba09ca5560c8c0a7b2772beb6e040fcda0dee139896a1901bb0080ea725","sha512":"45761439043be399af9933cc82b8bc592d48d6e147148d807ceab436b207138b9a569b29a83491241db47f32daf69ed1d0052697955743e36cecec15646dd18b","ssdeep":"192:JmLF281R/BwyqqNcrvYvlhmlHSs+3oTd+hAgKAWLZt/8:Yo8juqNcrgdhuSH3oyAgKY","tlshash":"f3a2453aa6793288e377c23177d1edec25218101c2666765cc5bae39414e3073fbbb69","first_seen":"2025-04-16T02:08:15.773768Z","last_seen":"2026-04-18T09:06:17.744061Z","times_seen":211,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/config.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/config.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-2ad0\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10960,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators","md5":"ae683dcd70a6ac6f9f160625b7060ec9","sha1":"4c596fef13f36d28916e4213eb968c457b8b2a46","sha256":"069bae28b51a8ff46fdb6e2c0c722660b8dc544e93fc75a62ba142aeb5f72082","sha512":"6b52c0cefcb6c7143508b2bc14f0bd6d46ba1a7a76db8c7fc2011d6c94e7ca2e77be5615cc4575546fa3c0675abbe939141f454695af037785dca0177367f084","ssdeep":"192:qSa/WVpaV8Sx4AKtPxlmrwGGfdc8t5LxCDZV:qd6I+o4tPxESc8ten","tlshash":"b032101b845043a6a173d779247a2e48e93a135f80058c5b3fbd4ac49f3be369059ffa","first_seen":"2025-07-13T11:51:38.287222Z","last_seen":"2026-02-01T15:09:25.747652Z","times_seen":209,"resource_available":false,"data":null}},"time_used":698,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":698,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:41 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"13dab2db31278e5b44ea1e1813ae6897","sha1":"d755ef56e6192eb152a2791258d967e9a987935c","sha256":"f6cfbd2b3db5339b54065a2a262426af9263b3b7a529c319a3cbf6674f31f5a6","sha512":"835580fc093a9ae7eecee028dbf25e8859313ec9a8fcfbccbb57e1bd4ac93813e7c21fa767737d049b560dda43612c49a9ecdc46621cc715399298f561c35717","ssdeep":"","tlshash":"441194557e2e2c79ff12b1f2782bb0e6a42533125de56f55878dcf14804163a2bcd905","first_seen":"2026-01-03T08:59:14.002009Z","last_seen":"2026-01-03T08:59:14.002009Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5455,"timings":{"blocked":2558,"dns":1619,"connect":234,"send":0,"wait":338,"receive":0,"ssl":705},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/queryDoubleNumber.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:39.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/queryDoubleNumber.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:41 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":663,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"d919f194fda80e7102f0a2ee724d47bb","sha1":"985d92c7eabd2b4af01891b478d034d6b3ccde45","sha256":"528e30efa55e49d4ac1b4ffbb6dfe119f127e743b288fdcdb2cea5b5d073c1f9","sha512":"9ff669f6b385a8d0487801b92d39e8bc5eebf9803b163a7df8ec0d8f306b367a04490748c1592cd3d918d76ddf14b4852b00fc221b0e2cbd8122a1ce216c5d62","ssdeep":"","tlshash":"29014ec02d5d21727db1b1b2b1fd73d5eae46a221d56455a0d8cd774c1858063f8ea06","first_seen":"2026-01-03T08:59:14.003632Z","last_seen":"2026-01-03T08:59:14.003632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3507,"timings":{"blocked":1560,"dns":615,"connect":236,"send":0,"wait":387,"receive":0,"ssl":709},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nickholdsworth.net/","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T08:58:34.217Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T11:23:18.17825Z","times_seen":13932203,"resource_available":true,"data":null}},"time_used":710,"timings":{"blocked":710,"dns":0,"connect":231,"send":0,"wait":0,"receive":0,"ssl":233},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/otsdkstub.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.926Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/otsdkstub.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 26 Mar 2025 06:37:12 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67e3a098-5c0f\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23567,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23566)","md5":"160781b098f2515908d071936ad73582","sha1":"966b376bce864deb97cc31ad53d43bb5029e2f70","sha256":"18d9d050df7998e9bf7818ee86fe38893c4641d4e8f077ef6220b6b0ca0a4eaf","sha512":"f882396ac1d2966c4acbc874066c9566157aa76b60f79e55ab5c6108552456e28c257be123b4f05bee0bd1ee84a0657a0324bd0983a272218e248a0b13e44a89","ssdeep":"384:Y8ywjpKOtdTDUMABwXqo+Ur+hjTJ8eMAB6LCbnmc52Jo3pA:Yg9KkDLABwX21hjTJHeCz7A","tlshash":"19b2facdb100ef3406d361ed5a3be2aaa236745d2489c174b895dcf0257cc8b6633bb5","first_seen":"2025-02-17T13:18:46.264855Z","last_seen":"2026-03-25T07:40:46.187727Z","times_seen":2097,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":211,"dns":0,"connect":230,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/woff2/neue-helvetica-65-medium.woff2","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /woff2/neue-helvetica-65-medium.woff2 HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 25048\r\nLast-Modified: Sat, 15 Mar 2025 05:02:41 GMT\r\nConnection: keep-alive\r\nETag: \"67d509f1-61d8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25048,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25048, version 1.0","md5":"0f0a88aca45b42039bcfd35aa696d285","sha1":"6083b3df0e7d7c08600d5c353bc218c741cffe7f","sha256":"19cd26ee570ab15c765bd8ce972c3b6d7c9e9fc57961e363b8dc45d2e935aec7","sha512":"ca9cfe5bae50357323799778e14307de0dbef5263794bf394fc994cbed5d3d368fc196fd19117304e590e8687babb3fe52d1e59d49bd803e39df01705154b364","ssdeep":"384:lKkZHqqKS/KfbQkWufqjaN7aCrWdyjXdScXYXAPuV5Q21Rvbhfq921Or0othtJSr:lKuHqHbAufZautSImC+Q21Rlfq99h6r","tlshash":"22b2e192dbc07b2bf01b58bff60471364fdbd685119a39542e0fe95e208e060ab54ebc","first_seen":"2025-08-26T13:24:35.835622Z","last_seen":"2026-01-03T08:59:14.006005Z","times_seen":4,"resource_available":false,"data":null}},"time_used":481,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":235,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/Sortable.min.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/Sortable.min.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 0\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\netag: \"692aea2a-0\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T11:23:18.17825Z","times_seen":13932203,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:45.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:45 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"d7f0c59d0830d2fa8c685c7ab5e69f49","sha1":"c87a5574333c8394665160bc8a8c6d555ba3fc9c","sha256":"e116f59e04d9a918847d77fa2bb924d03b986da4d69ddc891a55c067dc8995c9","sha512":"af8b58d9e6cfdcbbde42cc53069780dff57ae06ec04ec2fe3631605167b9993408c63fe07acf9f21de0b95c57f18b504e74fe60c8baca19be0299cad68f35e21","ssdeep":"","tlshash":"aa11d4557e2e2c79ff12b1f2782bb0e6a42533124de46f55878dcf14800163a2bcd904","first_seen":"2026-01-03T08:59:14.007207Z","last_seen":"2026-01-03T08:59:14.007207Z","times_seen":1,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/content/audemarspiguet/AP150?size=1920,0\u0026wid=1920\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/content/audemarspiguet/AP150?size=1920,0\u0026wid=1920\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\nserver: Unknown\r\ncontent-type: image/svg+xml\r\ncontent-length: 2366\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nexpires: Sat, 03 Jan 2026 18:58:36 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755421,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=104,c=o]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=138, origin; dur=123, cdntime; dur=15\r\nakamai-cache-status: Miss from child, RefreshHit from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c1d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2366,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c7b3924c9ea83b885329820c4339a10e","sha1":"e677435e50deb76fc209a61364cf1f4142dde92a","sha256":"8868dd06687a7fcc27441e137bfacb165f831eb421ffaec1071e8dd28fdf36e6","sha512":"27d3c634942cd4d21a5d955ba06531870a2064410147c45e01e4c5e890af6c3b68a881cb963230e1c86bb590743c65de59c19d7b659e5ed8de6aaf29ecab434e","ssdeep":"","tlshash":"34414e5a7326a6b8f516a2fc47132c346912bea37633c4c9c2f2180599e442d4975ce7","first_seen":"2026-01-03T08:59:14.008237Z","last_seen":"2026-01-03T08:59:14.008237Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1007,"timings":{"blocked":841,"dns":0,"connect":1,"send":0,"wait":147,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/tools/tools.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/local/tools/tools.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea32-19436\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (924), with CRLF line terminators","md5":"8013dd6bd01a41c8ba3ab87b75e00384","sha1":"7c7ac71f61dbade812e8553ef798ab95b1292ff0","sha256":"e00d209a165a446a1882f368f65c9b87df4599bc70edf7fd176ee85113b33bf4","sha512":"ef9250434b83beb1acb886c6a7f48ca078611c452712459b789cde59a389f1f009cf6652f73a1e1c060000d5a8b6a1d06209e706729763456b74fa425211aace","ssdeep":"768:YhY+GyBfYY65VS27+8cVI+4T1NNa+Na0NaOqBaA32imH52FpJ8M/Q5tQ5+eNj2NV:KtGWfYBVS27+8cVI+Yjvzqsni08o0K9","tlshash":"b6a3a61a99702a5a417373b5593fe500f4214f3b01078846bc7ed6f85fb9a62a378fe8","first_seen":"2025-07-13T11:51:38.295866Z","last_seen":"2026-04-19T10:30:23.155882Z","times_seen":287,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/html/public/head.html","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/html/public/head.html HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 29 Nov 2025 12:42:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea28-532\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1330,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"626eb9ecd82619ad149f5b4aeb530720","sha1":"c69c26a74ba1c15ab35cb3b48242603bbbb83cb7","sha256":"dd472572f54f664106cd0ffc2a5e3266bbfe14067b202b26d29315a1479ed062","sha512":"0627d3cb18e744a86ee878194805d402182c839886fddf75ef16a2d9d5e273ead1d5e570b6ae518ce2217cf9e0cdea706aa8f34db6a8d72b3200ae31d9400d9d","ssdeep":"","tlshash":"8321e260f5ac6b2b40b323a2a17b8b45942f9d1ad3009c0076ee57f7278fa68710b545","first_seen":"2025-04-07T08:33:42.704596Z","last_seen":"2026-04-19T10:30:23.330956Z","times_seen":1266,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"bd51static.com/7ry.js","fqdn":"bd51static.com","domain":"bd51static.com","tld":"com"},"ip":{"addr":"35.215.189.171","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.934Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /7ry.js HTTP/1.1\r\nHost: bd51static.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 07 May 2025 07:20:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"681b09cf-555\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1365,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"b49cd1dc0129f18f8ab76d9249e0f1d4","sha1":"83de531cb19e73636a45aef6c47de3317a61fdd3","sha256":"96cd0cf7391454455addfd9b6a7c18139072db87453b022adf2cabbf4beb119d","sha512":"c32d63254c6e11fa48d1f036e87c4494657bffdafd31c76c5d43fcfe885184e50e33b486a652b9d527cc59a6e9e8e29f6787d24c90b6956c26901090812f1094","ssdeep":"","tlshash":"6921f05f7c05e1246796383a33bfde9ce9ae0025241dd802a4eec4ac6d28ff90527b4c","first_seen":"2025-05-25T12:44:27.079127Z","last_seen":"2026-04-19T10:30:23.238596Z","times_seen":319,"resource_available":true,"data":null}},"time_used":715,"timings":{"blocked":226,"dns":15,"connect":237,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/logo-2000x1639-white-Code%20(1)?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/logo-2000x1639-white-Code%20(1)?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:51:58 GMT\r\netag: \"249486cbad329c280d7a87e46f520f48\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 21138\r\nexpires: Sat, 03 Jan 2026 12:54:54 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755418,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=35, origin; dur=0, cdntime; dur=35\r\nakamai-cache-status: Miss from child, Hit from parent\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c1a\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21138,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"249486cbad329c280d7a87e46f520f48","sha1":"0eb57591013434f0c6211a44885bb361c3d70ee0","sha256":"ea78793b68642060177d7210127a83e402b4dcfacb5fd121db6ab0daa4b66a6c","sha512":"cf555bb091b50493771b5aeb16f2a9edf0dee9ee4c10694444099367342d4f4e2160dfcde9d6d1fc90074b63ed40fc06c3b22b3738544779f3c3dbd093714a15","ssdeep":"384:Sgumn9NvuUlz/+d8v0aMd/dekxHKbSSvMYQqDBih8dty+pHue:nN2gqwPLkmSTYHMh8WKHn","tlshash":"7c92d00e61340c85c99e65b342cfb12e9245c75828f9f3b4bcc726060aa3bb446cded6","first_seen":"2026-01-03T08:59:14.011319Z","last_seen":"2026-01-03T08:59:14.011319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":903,"timings":{"blocked":840,"dns":0,"connect":1,"send":0,"wait":45,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/logo-2000x1075-white-Royal-Oak?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:35.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/logo-2000x1075-white-Royal-Oak?size=1071,515\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:51:58 GMT\r\netag: \"ffcdc111812c5d544d01c0eb4733d125\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 16547\r\nexpires: Sat, 03 Jan 2026 12:54:54 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755420,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=15, origin; dur=0, cdntime; dur=15\r\nakamai-cache-status: Miss from child, Hit from parent\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c1c\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16547,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"ffcdc111812c5d544d01c0eb4733d125","sha1":"172ea647be0a2e74a274c896dbd679528d777b76","sha256":"90c39991992aeaa9f181ff3f3ae75bf7d1dc3b6695c840b81c736bc8a02bd050","sha512":"b6ee6aae1403e079e3ed1a4ef1659a0fa58547f1c4724691e59de27ea9ea22fb40b09234d55d82ff2f6412762472bd36196c505d885a954aa02d02871a2783cd","ssdeep":"384:STQzP4aCro4U3ob+rwB2LTpaMS6+KoiN/ocJReZ8AmzYUF26:P4fM4U0+yagM0KoU/gqz","tlshash":"ac72cf06d90d3294c2e8fe7f589f79e1e1972b2df1ced848b4ac741a6b361984e44e10","first_seen":"2026-01-03T08:59:14.012424Z","last_seen":"2026-01-03T08:59:14.012424Z","times_seen":1,"resource_available":false,"data":null}},"time_used":883,"timings":{"blocked":840,"dns":0,"connect":1,"send":0,"wait":24,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_RO_26585XT-OO-1220XT-01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_RO_26585XT-OO-1220XT-01?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"9ac5946276d457e15e2706434f28ee0c\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/avif\r\ncontent-length: 34767\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756093,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=219,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=149, origin; dur=0, cdntime; dur=149\r\nakamai-cache-status: Miss from child, RefreshHit from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05ebd\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34767,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"9ac5946276d457e15e2706434f28ee0c","sha1":"00a6da176fca3806f9aad6566c3140298733b913","sha256":"52a55ddd721fff38c42a6bea9323731119d9820e9fa1c6c3a20b0324ce230f1c","sha512":"03592162ee200021758ca0a7d098df1e7871ab8abc67119d5815d473ee132b8ae65455ea1458237048ae6d33cc7556064e83b2a209a53fbbe23dba03d8b3b1b2","ssdeep":"768:RUileoHVlbLO6Ve4ANGCHp7ILdzCM8Q5xnpE5c:RtleW3bC6kr7IW6J","tlshash":"9cf2e13e936eb3dfa064c026e2a363720d54975f131a18d39844afe49f784ccde729a5","first_seen":"2026-01-03T08:59:14.020392Z","last_seen":"2026-01-03T08:59:14.020392Z","times_seen":1,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:52.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:52 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"1bbcba5f08d59e1f27235d2c145d2467","sha1":"05dbad2a6066bcb101bfa01a26b31ec0d63577b1","sha256":"5791c6f38be5c0189608f9c51eef36292b6ef8b817ce6b801d7518e405baac32","sha512":"271a4fb8dd5cf906c05d4066d431c623f6ed5de6c5df7aa5add61df2c3520c7235b54e4188c4119a4f8d5d8bead00153daf8d919657e80d3557d963a42cfc429","ssdeep":"","tlshash":"d11194557e2e2c79ff12b1f2782bb0eaa82533125de56f55878dcf14804163a2bcd905","first_seen":"2026-01-03T08:59:14.024098Z","last_seen":"2026-01-03T08:59:14.024098Z","times_seen":1,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Cormorant+Garamond:ital,wght@1,500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Cormorant+Garamond:ital,wght@1,500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 03 Jan 2026 08:58:36 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2116,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3fa63e44d77a42fc1907b175e49311a7","sha1":"cca485ed5a9dce163303728ab535ae58786f6895","sha256":"c4feaa9108648748bde12a380d492acb7e404a270261c6e083bcdfa0109ff4bf","sha512":"8481c6ada64fa112149843dafbfdaeedabbe208f852067015f66d97c8efbe23ed60f5324162015493fa0546420c2583ce7ecf17f9197d69c50f8aebe980b1868","ssdeep":"","tlshash":"5841bba20017e440d6074ed576cb7d25de8e295b329488746bfe18ccbd9dd1623a876c","first_seen":"2026-01-03T08:59:14.027247Z","last_seen":"2026-03-27T16:39:57.255582Z","times_seen":4,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":55,"dns":1,"connect":8,"send":0,"wait":19,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/image/audemarspiguet/car_produit_26494BC.OO.D350KB.01_v2?size=470,0\u0026fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:38.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/image/audemarspiguet/car_produit_26494BC.OO.D350KB.01_v2?size=470,0\u0026fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/avif\r\ncontent-length: 39549\r\naccess-control-allow-origin: *\r\nlast-modified: Sat, 04 Oct 2025 21:52:36 GMT\r\netag: \"618a0d30a90aade65a8cc75bce07ae20\"\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nexpires: Sat, 03 Jan 2026 18:58:38 GMT\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749756087,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_M_BROMMA,o=20940],[a=152,c=o]\r\nserver-timing: clientrtt; dur=6, clienttt; dur=152, origin; dur=133, cdntime; dur=19\r\nakamai-cache-status: Miss from child, Miss from parent\r\nx-akamai-cache: 0\r\nakamai-grn: 0.9f4d2417.1767430718.2cb05eb7\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39549,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"618a0d30a90aade65a8cc75bce07ae20","sha1":"0baf2bcc4885771ed3a96a5e89b2dd2f1ace2a4a","sha256":"71bce64ac8641b1efc88fb5df012db976079c3ba21f228f2ad4ef9a05196c6fd","sha512":"34924a84dc9ea7612bcd859555b397f53308bb813e8ce56a8f5bf9ed4dea2dfa969e1a43fbf6603f3510633472adeb786d1f72c72f2fc8a55c2cc3cca6fccf9b","ssdeep":"768:YuUvfmjmUmDhMsW24QwznO3+bQLWYyhpVnvxUbXpD1:njRmDF4QwznU+b47epVZU73","tlshash":"e60302e2f72aa407f6a6b591985a33365951c635e3971373f008262c3827eb0bc4c1ee","first_seen":"2026-01-03T08:59:14.028828Z","last_seen":"2026-01-03T08:59:14.028828Z","times_seen":1,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/css/public.css","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/css/public.css HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-59ac\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22956,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7c54605cb3f71748fb879ee8e6b705ee","sha1":"f8c8be00cc570ee35564f543357034e6addd2500","sha256":"5256fc07502ba8b4af3949b231c9bece358850eb090c6c547e187ef423527f78","sha512":"a86d4d412d17e3be85097a53b5074e38a65900299ca40a7fc38a62fedf0c923d536a07974be98aabee1c71ab3560b05415c8f0e56813133182650b7bccd7db6f","ssdeep":"192:iSICtkWbE2ofggVdomdEP7WaGvuHRVrhF3hng65t71xTFq9YXRHecX6oEg8JYWYp:iSIyxh1r1eo","tlshash":"b4a2ca342cad28c9b11f96ac3d7a7bda4a1c8044de0f4e6cf1bb7db5b7492504272ac5","first_seen":"2023-04-07T04:13:03Z","last_seen":"2026-04-19T10:30:23.239835Z","times_seen":1367,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/jquery-1.9.1.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/jquery-1.9.1.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-16b57\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"0ced1955d04ad67f93c642501960172d","sha1":"e346705c96ed71fef43144a893dc26f0d1ff2a81","sha256":"7196db5ce1154dda0f62614999dfd169a0e5fa9db634c12c308f9f9b22cb6f90","sha512":"c5fdcd09f23cbc4adcdc9ae38e7535eab9d10026b2607c21414cbb02258f0eb99bea0c8b53ee69129c62cf086898f4fec46d1a52f1170955b2b4d6ab0c636a47","ssdeep":"1536:g9sFlxCuYQ8kdpjEhDH19D7jXHi7mdG5bakVV6qN6MQDKwTYHUfn06dPGMIcXQWy:JXdURN6G7h8aGtvnx","tlshash":"b69319dd76c5b12247ab307d106f540af236599a280c8450f135e8fafc7898aa177f7e","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-19T10:30:23.179592Z","times_seen":1254,"resource_available":true,"data":null}},"time_used":468,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":468,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/img/cltj_img/px10obj.png","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/img/cltj_img/px10obj.png HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/css/pk10.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d2-b3a\"\r\nexpires: Mon, 02 Feb 2026 08:58:38 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2874,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 111 x 101, 8-bit/color RGBA, non-interlaced","md5":"5025c85c1772aadbb3e53f953913d3bc","sha1":"fb7fb9939693929455b21cabd3f99b7b4761d39a","sha256":"124aeafaabb57da5126971cd6c763b317cde9003ff1690e447a494952f156139","sha512":"4e22762c206947be1e8757db4c14cfd0cf6fd70f6edbc40bd2a4e6fa9b1a7ee151e17135b39e6bb4df9161e173ed7207e463072d9ffff0fa415005bef0e77334","ssdeep":"","tlshash":"67511b9de451bda064c9ebe428fa8593c9238dc01beaf55ce98c59539c712f0604b6d3","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-19T10:30:23.134818Z","times_seen":1380,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/js/vendors.lc-b44065d69256f34e1aeb8ed251e6bf34-lc.min.js","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.091Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/vendors.lc-b44065d69256f34e1aeb8ed251e6bf34-lc.min.js HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 20 Mar 2025 01:25:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67db6e82-3def34\"\r\nExpires: Sat, 03 Jan 2026 20:58:36 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4058932,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)","md5":"998283f88dbf2526620bb9bb145a5ade","sha1":"aa32d7bb16db95ec470ce68dd46d0e178463c386","sha256":"c668c387ff6c8bc29d80494ed2c8d323f821dc572fbfdd169fdcc2a90f35cdbb","sha512":"008957f5ac3533808a13bd308d8925cb2265d410508ded550d541b2b6860b5adc579d68ba0739587705abf9ab835f28f92d3ee7e2bce84ce114cafdba678a1bd","ssdeep":"24576:D2aupZYBJP5XjPn1J2RcTqhChBe2EerX1k4gV1D:DbuHYBJP5XjPb2RcTqhChB5Eej1k4gVN","tlshash":"e5251b9b326120314793afea1af64142a23572453422c56c7e1ccadb238f595d3fafbd","first_seen":"2026-01-03T08:59:14.034429Z","last_seen":"2026-01-03T08:59:14.034429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":1154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/libs/cq/i18n/dict.en.json","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:37.611Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /libs/cq/i18n/dict.en.json HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68e91066-e3b8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-04-19T10:52:12.950917Z","times_seen":10805,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/com/en/home.ipstack.json","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:37.875Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /com/en/home.ipstack.json HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68e91066-e3b8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-04-19T10:52:12.950917Z","times_seen":10805,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/html/public/footer.html","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/html/public/footer.html HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/html\r\ncontent-length: 192\r\nlast-modified: Sat, 29 Nov 2025 12:42:16 GMT\r\netag: \"692aea28-c0\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":192,"size_decoded":0,"mime_type":"text/html","magic":"exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"098da663f92341ce930a25fb7971face","sha1":"0ae170887c93016b120f912ba8abd9e8f3468c64","sha256":"3f7c04527e76666c241a4f75b13119ac19ffaed8729e3f0f48180a810e98f249","sha512":"3e473556835b74b6288b802a89e3e47fdc95f44d1419d0401533850e1a96d3c306ba29e08945f2bc91cff417caf57b88a77c945ced3bc9d807a37fe776f5bc9e","ssdeep":"","tlshash":"1cc022a0b004ce7a0493014301322788a593cac1e742d831a39006330363503980a446","first_seen":"2025-12-01T12:22:54.124501Z","last_seen":"2026-03-21T19:15:38.581296Z","times_seen":148,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Noto+Sans+SC:wght@100;300;500\u0026amp;display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Noto+Sans+SC:wght@100;300;500\u0026amp;display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 03 Jan 2026 08:58:36 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":330309,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (934)","md5":"b958699b996075ea08828a7d1d7074eb","sha1":"c0ddd792d4c0edd38aa0992fdfc39d446bc9ce57","sha256":"064267571610c4f8c458466f3c3a3bffe560c0c39960af49afebd4a260ee7447","sha512":"ff628a5cf3f95e4a16bcaa9bad02d181bad8f1faa3f01c1794b9d6096563dd97f8d246b8d962c0fb4ddd4d3c2451993ed31eeec7f0778adc00f5ac3a7104ae32","ssdeep":"3072:82rlMFGImOfk7Uo8Y/FQ9k2+MBkb8mGyzFsFisGKbkjEEN:/rlIGUsB/FQkM63zF4i8AV","tlshash":"2c64fca1860785cffde76ca351cdd4147ea964bcf980893992f419d3ac1a05ee0dbb8c","first_seen":"2026-01-03T08:59:14.036905Z","last_seen":"2026-01-03T08:59:14.036905Z","times_seen":1,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":56,"dns":1,"connect":9,"send":0,"wait":28,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/woff2/neue-helvetica-25-ultra-light.woff2","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.942Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /woff2/neue-helvetica-25-ultra-light.woff2 HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 20380\r\nLast-Modified: Mon, 17 Mar 2025 03:31:19 GMT\r\nConnection: keep-alive\r\nETag: \"67d79787-4f9c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20380,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20380, version 1.0","md5":"7785f1b495ac58d935444c20ed28818a","sha1":"f21bf737ddb2d11d54a6db6a433324c270e03782","sha256":"9fe4ef1584cb9cc235b1de2d31f3d786a4f4a2ac0a45b6dfa27665e7b365ab6f","sha512":"629d0e492bd64fd04f540953facc35ec5a9bf67990cfa2531d8169c45e783669fbab6f118e628ffd274303d8aa4b0a5dd696674f90b201e58cf551e878159077","ssdeep":"384:eHgGUt13ea0w98JFWLbNxAvmm9Zom5tfgjBdBTzd4ZAxmiY:agGM4ReIFIeb9ZF5Fgt2ZPiY","tlshash":"fc92d0345c12337efd4a2637702e8a456c626ecddf99cdb8a9765bc69ca1c0b8dc142c","first_seen":"2025-08-26T13:24:35.823417Z","last_seen":"2026-01-03T08:59:14.038696Z","times_seen":4,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/woff2/neue-helvetica-46-light-italic.woff2","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /woff2/neue-helvetica-46-light-italic.woff2 HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 25492\r\nLast-Modified: Thu, 20 Mar 2025 04:18:13 GMT\r\nConnection: keep-alive\r\nETag: \"67db9705-6394\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25492,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25492, version 1.0","md5":"eab41c94d0c091961cfb552206d6cc6a","sha1":"9e3e62d1792f03778f009f0054c6f6a83848c1d8","sha256":"5e562ba50b5096c860ef11704ccb755ef1e414c5840f28f5109b8cd2cd4a24cc","sha512":"8655ed58603335ae0352269247e88e8ddc50fdccae05b1b3ddecfe069388d2ab7b48adf050057953fca7a7bd8fc22f51f8d27413068705d016bf52858a8bb686","ssdeep":"384:yR+tR6IMX/9RRFmdJNvZD1y/sTP8wzZlE+VN5lm5cY2cnNUhaCk:yGoIMPbmVva/4PB77nYfGc1","tlshash":"49b2f175a5113d5fc6af1a79abe81f82ea77d1338b60c19e0d00cb083d797882a67d25","first_seen":"2026-01-03T08:59:14.040695Z","last_seen":"2026-01-03T08:59:14.040695Z","times_seen":1,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":257,"dns":0,"connect":0,"send":0,"wait":235,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/css/ssc_newVersion.css","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/css/ssc_newVersion.css HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c6-5771\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22385,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (22369), with no line terminators","md5":"0369d34b173ce7555a12e248399993b9","sha1":"54f591e9c2fddc9dfbf9635280afa3a84510d32b","sha256":"55d8170581789fd2baf42f160038645f58d3d1af667c0ce888880af5dde1e25e","sha512":"9b89089655a6b2bbcafd037a0e93f0a11bbc33f8dad15fb4d7ddac5aa0ab5aec375729949f459e4aa6b5745e68c3472146e932c448b5b0cec413592f5f33a5bf","ssdeep":"384:jVEF/iBu6GwB8PKhGewM5SflNWnAgg0+gu:jVYtwB8PAGXY80+gu","tlshash":"44a2403a76703769a2ffd1737aa07bcc2850c480c15e43b5dd6f2f619a5b3422ba6394","first_seen":"2025-04-16T02:08:15.810134Z","last_seen":"2026-04-18T09:06:17.752036Z","times_seen":211,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/local/ssc/index.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/local/ssc/index.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea32-13afa\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1920), with CRLF line terminators","md5":"7cbf7c3e6596443aea193db26588a203","sha1":"dc9284b3d853f40b1f892dc853002b1cbf2e700a","sha256":"ae8b3e11044bfe4ada3cbe02de1e3a8b9f7476b4cb8cf6e8a29074e423d254e9","sha512":"1117fa2b6976546a1a5728c1f7172c80be412380f748f39d60fb5681629460b52d4216c597a249b39001b762b2134c2b40a8c57b960b4aa13fc8ac57b5d78786","ssdeep":"768:q6s2jKBBk2mtGZpkoVXzoeY2X/oDmJwzaORX3j/rtb4ZZs4tR0NcktIR+Z0eADjM:q9AFgDSmJAJtIM03DjCVM7kI/2","tlshash":"5973851566a5222a20b773f2582fd604f171893782148d05b96e69c40fbfca4b1f7fbe","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-18T09:06:17.669346Z","times_seen":254,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/img/haomaimg.png","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:39.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/img/haomaimg.png HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/css/public.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d0-2c891\"\r\nexpires: Mon, 02 Feb 2026 08:58:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182417,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1204 x 600, 8-bit/color RGBA, non-interlaced","md5":"e2e251464ed0269900791e37a8557086","sha1":"f26741ef593f9fa19c145d34a1d90b70ee90fe26","sha256":"2cd69edba71483d88d9663a598f00d975a52b3a8a8422e7c9d50fd1ac3f0464b","sha512":"c0376b445e92a7ad916811bfdc640d1d17d6af7acf16f19f023e41fbf69f17e6bf0cf068b32364e6dd1731125115d9456384b156f6bf0c274d67c98c06e3c0aa","ssdeep":"3072:PTWUHyie4FLR3c2PbYLNYACAb2jwDLp4AZm9xGoTgg1nRHnwQNzvZVha09+m:PTQieQR/PcLNOAb28vpIH0QBNrha09+m","tlshash":"a80412c3ad012d7bde40657e4d9b4b1e424090f01cb657a4af1cfef8abd34e6486a61b","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-19T10:30:23.264384Z","times_seen":1390,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:42.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:42 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"c45e0a6596e01ea44cc6620aa41b6852","sha1":"203cc8f80247786a97d719cb1dc240cd03eef996","sha256":"11b43e512c53813849ccee6bfac2586be1a06563054b77ac444242adce4bc5d5","sha512":"9c0866eed2a8aedb1c27993d2edd567cb91eecf77b1a59a995b797e8d68d573c83118bb747419a90ccc6458bab090d00f291c4465382b507d7731ceb8a9cadac","ssdeep":"","tlshash":"f21194557e2e2c7aff12b1f2782bb0e6a42533125de56f55878dcf14804163a2bcd905","first_seen":"2026-01-03T08:59:14.046293Z","last_seen":"2026-01-03T08:59:14.046293Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dynamicmedia.audemarspiguet.com/is/content/audemarspiguet/icon-eA-bw?fmt=avif-alpha\u0026dpr=off","fqdn":"dynamicmedia.audemarspiguet.com","domain":"audemarspiguet.com","tld":"com"},"ip":{"addr":"23.36.77.163","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secure6s.scene7.com","organization":"Adobe Systems Incorporated"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Fri, 28 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:B5:5A:07:11:45:A3:50:9F:3D:E6:0C:5E:26:3C:F3:30:50:7E:C6","sha256":"08:B5:A0:BD:0D:5E:E2:49:2C:A4:FF:87:0F:14:4A:68:37:98:48:D9:46:11:64:35:B7:42:F4:56:D2:FA:32:AD"}}},"request":{"raw":"GET /is/content/audemarspiguet/icon-eA-bw?fmt=avif-alpha\u0026dpr=off HTTP/1.1\r\nHost: dynamicmedia.audemarspiguet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nlast-modified: Sat, 04 Oct 2025 21:52:02 GMT\r\nserver: Unknown\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-type: image/svg+xml\r\ncontent-length: 4627\r\nexpires: Sat, 03 Jan 2026 15:53:57 GMT\r\ndate: Sat, 03 Jan 2026 08:58:36 GMT\r\nakamai-request-bc: [a=23.36.77.159,b=749755419,c=g,n=NO__OSLO,o=20940],[c=p,n=NO__OSLO,o=20940]\r\nserver-timing: clientrtt; dur=1, clienttt; dur=4, origin; dur=0, cdntime; dur=4\r\nakamai-cache-status: Miss from child\r\nx-akamai-cache: 1\r\nakamai-grn: 0.9f4d2417.1767430716.2cb05c1b\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4627,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"39d92b2f2cc6129680810142ec3682f5","sha1":"8ad43e1dc1ae5c591125e44fe2302c53ca7474b0","sha256":"18bba0428c98a063c2cde5b7415d091b15a13a029235ea315fb84bb27758d976","sha512":"f0befd3919335ac9a2fd082eecbc29df423a55883607faf4cd269487b50d068d7170351eccd1dfc82a0bafe847fb3b97c5c48d45ead4c5ad00408a3fe5214517","ssdeep":"96:6NB6/M74BIhNqY9+ZYJNymdI6fX7Une+ZYj+ZYTyd+ZYgNyD+ZYJgzycvDgxnyxw:6NBcM7vPQiJ4mdI+X76iqimwig4KiJcI","tlshash":"0ca11fd417ea03ac276e03a08937588317a85dae3590f5cc8be4be206133eecbd71d56","first_seen":"2023-10-20T10:37:40Z","last_seen":"2026-01-03T08:59:14.048216Z","times_seen":13,"resource_available":false,"data":null}},"time_used":718,"timings":{"blocked":704,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nickholdsworth.net/otf/timesnow-extralightitalic.otf","fqdn":"nickholdsworth.net","domain":"nickholdsworth.net","tld":"net"},"ip":{"addr":"35.220.236.219","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://nickholdsworth.net/","date":"2026-01-03T08:58:36.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /otf/timesnow-extralightitalic.otf HTTP/1.1\r\nHost: nickholdsworth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://nickholdsworth.net/css/vendors.lc-08819eaab432cc7f495d917a43fde693-lc.min.css\r\nCookie: SITE_TOTAL_ID=75ae8fd9607b6a58345f109820e6892e\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 08:58:37 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 89068\r\nLast-Modified: Sat, 22 Feb 2025 05:51:11 GMT\r\nConnection: keep-alive\r\nETag: \"67b965cf-15bec\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89068,"size_decoded":0,"mime_type":"application/octet-stream","magic":"OpenType font data","md5":"2897d8362d521f7275e43d98f22d96ab","sha1":"7908cda9b4e8ed2757979f6c4f012f1473a667af","sha256":"26eb81f5870c28ded63d6ec51190802a949daa990d9e8f32f5531b64be94734b","sha512":"4e801982057fb945fe3e1bbab859a3b08405c575fc114f199fab87fa86c66c06823a2b3126e7580bdeff645f2d7c225e3aa7e37ef1184165ad407dc8c04a1335","ssdeep":"1536:HJ15Wk1qXMPhujSkflecbIj2Kh/QGZenhE3Zh0MnJHK5Tzv1hqm:RrloSkNtbYGoenQbhNszCm","tlshash":"e4936e6fd2c73335c2d5e53c91218db3ae14f81da9fd1c0072aa0bf7c98ea698569706","first_seen":"2023-10-20T10:37:41Z","last_seen":"2026-01-03T08:59:14.050306Z","times_seen":13,"resource_available":false,"data":null}},"time_used":761,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":480,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"nickholdsworth.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xy678kjw.com/webapp/js/lib/date.js","fqdn":"xy678kjw.com","domain":"xy678kjw.com","tld":"com"},"ip":{"addr":"34.96.171.207","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xy678kjw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 29 Nov 2025 03:45:44 GMT","end":"Fri, 27 Feb 2026 03:45:43 GMT"},"fingerprint":{"sha1":"59:DE:80:48:22:C2:0C:E2:B4:C8:7C:85:A8:F0:10:78:C2:7C:41:8D","sha256":"7F:A8:4E:90:FC:76:9B:1F:35:9A:1F:69:3A:B0:FD:9F:A0:C2:35:EC:7D:CE:CB:92:DE:A5:DB:5E:69:9C:45:60"}}},"request":{"raw":"GET /webapp/js/lib/date.js HTTP/1.1\r\nHost: xy678kjw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 12:42:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692aea2a-1edd\"\r\nexpires: Sat, 03 Jan 2026 20:58:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7901,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7873), with no line terminators","md5":"d372d65bf3cac7dd5c8e01e537c1f3f5","sha1":"20d5f82e581928efd22c6422bc0fb6d30f30a4b0","sha256":"e9768904049bc1ebda895c104e828ca51fdfd0ba507c6af453738bd359580b12","sha512":"d3a60553c0d9854a973c563033bebf0c4ceb92699e3aac25b664195b66350089d20524a952c316f7faad5d2eba8dbc05d12bf0a9684bb2fbc3e34f29c09f8d24","ssdeep":"96:JUAuXHhJ376UYX6sfWdJVeAflACAEYB+zq0LfUvsHFH6+PpDQAyiDJpeC78Rf0rq:CAuzYXtANACAEXlc0DQIsRfPcmF","tlshash":"a6f11f4270303048237a91fc74ce928a25f06dffd61a415ea451fa8927deb7e2b7b219","first_seen":"2025-04-07T08:33:42.67714Z","last_seen":"2026-04-19T10:30:23.231308Z","times_seen":1253,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/parameters/getNoAdvertisingDomain.do","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"35.241.91.37","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xy678kjw.com/webapp/html/aozxy5/index.html","date":"2026-01-03T08:58:38.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 00:17:01 GMT","end":"Tue, 31 Mar 2026 00:17:00 GMT"},"fingerprint":{"sha1":"72:2C:9E:37:25:83:F9:B3:E7:A7:3B:9C:75:01:CF:1D:6D:C2:79:BF","sha256":"08:DF:68:1C:CE:56:7F:28:1D:02:97:8F:AC:F5:2E:D2:0D:F2:F4:A5:7A:57:8B:74:62:FD:B9:0D:E7:5B:67:C3"}}},"request":{"raw":"GET /parameters/getNoAdvertisingDomain.do HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xy678kjw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xy678kjw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 08:58:41 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://xy678kjw.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1953,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"7ecdd0ccad41cd367a2c8ee896934a33","sha1":"81a85a497a6d3c1690aec93a1d32d8df034cb9c1","sha256":"ab2996705a41b5da716b687ca0d29d6601350807116ac265e5a17a0ea47a70e1","sha512":"a972c5d286ae479e80fd58d0a812cd0bd4ed618b92f22a44f33638338bbc810a5ddf8a4885fcdd906cba8124f2abbf5508965d0b433b0d512faf6f8e98ade325","ssdeep":"","tlshash":"e041f17b6f1c35db32a506d12ee16c84417cac761f71d8f59729320584e47ac0e5e2de","first_seen":"2025-08-13T13:08:13.288581Z","last_seen":"2026-04-19T10:30:23.265077Z","times_seen":1181,"resource_available":false,"data":null}},"time_used":5480,"timings":{"blocked":2564,"dns":1636,"connect":231,"send":0,"wait":352,"receive":0,"ssl":696},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"api.api168168.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}