{"report_id":"cbfc79d0-21b4-4ee8-a21f-214b0ebde068","version":6,"status":"done","tags":[],"date":"2026-03-18T10:50:23Z","url":{"schema":"http","addr":"tk-h5.spys1010.vip","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":0,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"title":"Tiktok Order Center","dom":{"size":13158,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (13158), with no line terminators","md5":"ad89b08f501ab97e2d4dcd435c0b1d6b","sha1":"9ccebc82669929d678205801c243c8cb778be313","sha256":"36fe160adc6a220fed0b4c48d4ff580bd3a9acad1f74d47564284857dce5e114","sha512":"f4a38350888d355a2be64a15514233a7e43801b1ed8340bc0e5ce4be9c8a9175e999e15e18c32bdacb8ba1ad60c575c75668faf2d8b9826668fcaa28950f701d","ssdeep":"192:z+H/k34VL8qy6xfX/fq0emcWPd4FQxXpVDhq3aEyvhM4SPLgjnhIRbrOqYAkN+Nq:yVL8qy8Xth2m5jq3aEChmR3O57gKzp","tlshash":"5f427ca5980b286b8253c5c07c30fb163cb3d61ec94f55805bec43ab1febd701aa94e8","dom_hash":"domhash29cc00ecca69266c3f695b55df31dcae","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tk-h5.spys1010.vip","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":0,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T10:50:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tk-h5.spys1010.vip","ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-07-02","domain_rank":0,"first_seen":"2026-03-18T10:50:24.615553Z","last_seen":"2026-03-18T10:50:24.615553Z","alert_count":27,"request_count":9,"received_data":1400233,"sent_data":4593,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tk.spys1010.vip","ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-07-02","domain_rank":0,"first_seen":"2026-03-18T10:50:24.614149Z","last_seen":"2026-03-18T10:50:24.61415Z","alert_count":6,"request_count":3,"received_data":4363,"sent_data":1679,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0791fb6155920d0c3d3ac3e89671e8d8","sha1":"c6f60af536ce3a3299a6f27322681fa6834257db","sha256":"f5fffa7f07a691af8e1110f33f8dd08989fa5eebb26eca5b41b79dc8ed833373","sha512":"4f5ae536da9dacec21c663d206104e312f7d098739a49610a705685a1c59be4c8a5ebc2752a1cfe4d29a5111da9c7ea2cede51ae7b6065fd60f23eee1c3f757a","ssdeep":"","tlshash":"eac08cc4a0c72d002a06b46110af34e4a024402b748c1f02aca9d8893e630b09233fd8","size":152,"data":"","first_seen":"2025-04-03T11:16:25.590291Z","last_seen":"2026-04-19T22:22:01.983479Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"ae8b398da7489e608d31204307bb3fb6","sha1":"b35a10e4eee80b370a2a4ccc044644eb444bcf14","sha256":"289d700e74cd6a79714de6b43872bb4555d50b8ecc116366ebb8c70e2bb27a8c","sha512":"0985a59a2f163639bad3f8520e5999a4f9ef7cfe73af1be0bd612847ef0adda129d31eef5751151b2cb90dce8e9543858445a6989769bd09224c85a62a6a8a53","ssdeep":"","tlshash":"fac08cc8a0c26e211a02681814af24e49028402770481b02cdd4d8882e230b08233e98","size":141,"data":"","first_seen":"2023-04-30T07:46:29Z","last_seen":"2026-06-11T01:13:34.306016Z","times_seen":250,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"45d4d4edd671bac1211aecc8ecdbd296","sha1":"3f5b724b67703c5097824632b795d0b90228de29","sha256":"192c40beb2a2e7bf0d00a3b8f3eabf9e8df82732870264b93584fb967fb706c8","sha512":"491d97d53dcdbcb6169ad1f9ee2d556caadb2c6b3c9e5b2ccf6382db9c72275c3e83f7effd39e78d852205057238438111da2dca694c186364d12d554faf1601","ssdeep":"","tlshash":"2dc08cc8a0c32d002607a51064af38f4a034846b704c1f038ea8ec693e630f48233e98","size":154,"data":"","first_seen":"2023-09-27T19:17:21Z","last_seen":"2026-06-15T21:11:45.649181Z","times_seen":190,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"bab4c6469f7df2c27147d0937879c4c7","sha1":"6438117917a2a4635cdf94b3742645472ea9acf5","sha256":"35c4a7604803f40949f2b97f2012302dafaaef3bedee6f04f091a389133edb75","sha512":"452d77b29b62fb30b4c5474211cdfc02d36c3be1c9834fa0373a9cd474fa6f4a86ecc3e7695e78afda23c51d734903705013a4c2414bd772966c152b77f03357","ssdeep":"","tlshash":"0fc08cc8a0c22d102e02a51014af38e4a034802770881b0b8da4dc493e230f0923be98","size":150,"data":"","first_seen":"2024-02-20T23:53:55Z","last_seen":"2026-06-02T18:41:58.334982Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6900701ff959494d30437499abeb8885","sha1":"7cb4c820fbf30caa6b50d6c2dc4aa7c0c4b644d8","sha256":"3be52a71ee1e4d668cceef779a9942298cef4d68e03183d10681c4aa945c83f5","sha512":"731bc35b44d92adfda91474163cba7cbfe8ebb8faeb76364becb6a0f87c8d62c68a560257759546c0c38da3d0ea220cbee60eed126f77194441f92786231135b","ssdeep":"","tlshash":"b5c08cc4a0c22d101642645420af26e4a028802a70485b128c94d8482e620b48233ea8","size":138,"data":"","first_seen":"2023-04-13T00:16:19Z","last_seen":"2026-06-16T17:17:23.328011Z","times_seen":7209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/js/chunk-vendors.be306b32.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"50d30c35eaefb8d86e32b70bd7f6f577","sha1":"c31b5651624df26f2897795a28690fe610d63456","sha256":"9e8e81749bffed463571058e10803737e06442b83cb4654ab33d0e7a23e2db0f","sha512":"0ef20302b8eda461896bc53969e7a4f08fa9060370ee5b6008d3b4054d5c6ec3ae33373dae34d4e143b6568731a2f35d72dc383e967a6fc59e0cfc4398cbe365","ssdeep":"6144:c76v250VvXyNTvFJygQSqiy4v3B/7jFD8Tw8lAZr1NIfxXtNy/izw+:SmmwvIRqp2FDl8lAp1mxXTJzz","tlshash":"7705d7ccb5d2b06147eb6170402f110bf23a6959a40e80a4f26af8e47dbd9ad9177f7c","size":841792,"data":"","first_seen":"2025-07-24T16:08:00.782695Z","last_seen":"2026-03-18T11:40:26.637006Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/js/app.5e5a2e07.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5304016db9059d2b63fab844ef863bb5","sha1":"027414673ec0b8a356dc614ccc0daf34e4d6a2c5","sha256":"fb27ce09c11769182bfb569addac18b09919444de420808f7009fffde82becb8","sha512":"4f0d0687cba04dde7205f1c183106e98532fa86182b6566a8d7274016a211629a006ba3372408222ef2b65cc168cd8293f99083eb03128f441868bf056b4d8e1","ssdeep":"3072:X9g7hDkViK2lB0IGZWUdomRj+OSQUpXUqw4hX99vDOehg/msr7K6EZZc4sCWC:X90IiK2D0dGmV+O7UDNlqehg/ms4ZZF","tlshash":"73248c5eb9c6299d04e2819970cb7025e2ee2cc2d60dd3b095efc53239f1649d3aad7c","size":223995,"data":"","first_seen":"2026-03-18T10:50:28.637541Z","last_seen":"2026-03-18T11:40:26.645803Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/login","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"17b4a1ac99cbefe23d1f621823aaf892","sha1":"a92639e84296ffaabce1e35477837ec6ce985889","sha256":"b8854c105a17a34f70428344d249a47f7ca6b149ec58d8aec9fc3e5cfa474a32","sha512":"664b74692e5cc59b8d268ec77c5f5e4b1e631043792608866128787fcfaaea60c5da57e5ca83fd278022937aecde9fa849476ad5bac30d4cfccd2dfe97c0ba90","ssdeep":"","tlshash":"ebc080c4a0d62d101511541014bf24d890244026744c57029dd4d8482d934f44133e98","size":149,"data":"","first_seen":"2023-11-01T14:09:04Z","last_seen":"2026-06-14T12:59:36.942402Z","times_seen":130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/config.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eae7253c755466343af5ca9b798f0105","sha1":"4509e0466b3f07e14bc2792f9ec332e2f606ce78","sha256":"d0149152a433dcc9524d2180db2480815fde46dd152eb0b83f4ae28970aac7b9","sha512":"aab32afd3348119c2c10c7371b183196dbff7a3cb1ffa4b247a337142039854f3d953e80714da9bb3613168d35f11b0406da1a68efd7a4b6e93799977cd187c0","ssdeep":"","tlshash":"d1a024f70170531504d03440454f3c00f51314444c4d044430455ccc1d474d5140c17c","size":76,"data":"","first_seen":"2026-03-18T10:50:28.635896Z","last_seen":"2026-03-18T11:40:26.636448Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/favicon.ico","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:04.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:04 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 4286\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\netag: \"69b834a2-10be\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"1ba2ae710d927f13d483fd5d1e548c9b","sha1":"c0605efed936ee2600284e6480521d06fa64f872","sha256":"db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445","sha512":"f933cd352eaba92f509b3863353ddfefadfada26a4152ecdc4727d450bbf35e7b10fb3038fe8db340d5c63d74e608c1560ec84d0f6ffc8ccd940c9e0d7533544","ssdeep":"48:i3H5R5hLOR4kt38PduMoglJrd6qTrp9hweFC0+6Ga:ipHFUs4MLBvuyCda","tlshash":"ee9175df61c388d9c1b1977f78c449a14f6fd951ba28351f55cf30622e5d75818c1c46","first_seen":"2023-04-18T17:42:03Z","last_seen":"2026-06-16T11:38:40.336324Z","times_seen":6296,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk.spys1010.vip/upload/6fec103461a9d11b/ca536cb523292709.png","fqdn":"tk.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:04.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk.spys1010.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:26:33 GMT","end":"Mon, 15 Jun 2026 13:26:32 GMT"},"fingerprint":{"sha1":"D2:05:EE:B4:92:45:5E:5C:2C:36:75:F6:9F:1D:FD:E1:86:AF:BC:39","sha256":"91:96:2C:23:11:F0:25:F0:3D:1D:77:21:AC:A0:4B:49:BA:9B:92:28:34:C9:C0:0E:F0:76:60:93:4C:10:AB:EF"}}},"request":{"raw":"GET /upload/6fec103461a9d11b/ca536cb523292709.png HTTP/1.1\r\nHost: tk.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: s3ef8f2b5=vqc67iebcn34ubiiglvnqv5l3m; server_name_session=3e1efed906ada8ce3e3f84cc0ad67e1c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-17T09:31:00.786811Z","times_seen":16480402,"resource_available":true,"data":null}},"time_used":228,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T10:50:01.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-2e3\"\r\nset-cookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":739,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (739), with no line terminators","md5":"bb2c5ee082015bf67d0ddce9396572db","sha1":"c249eb11b7180bc7bcf10ee6a68b0b7f1ed8a4d9","sha256":"5475afb02ea0480944930df92057d32a24890e33eeec56cbc22a7cd8288f07f0","sha512":"455e49b402dd2bd46e09e4442234070ca91441b9d184a47b1ecc2f8c85922a0c83eb2aee0ee2fb4eed3e23a33f76db4f89b9d8ca2d909c56e30ffa9c2f5e1497","ssdeep":"","tlshash":"5201dc83cc10e05e47a04e85ae74f22f98ca9c6a5971dcd0b4f910bd0ca0fcd9a6b840","first_seen":"2026-03-18T10:50:28.624137Z","last_seen":"2026-03-18T11:40:26.635861Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1081,"timings":{"blocked":444,"dns":54,"connect":191,"send":0,"wait":194,"receive":0,"ssl":195},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/js/chunk-vendors.be306b32.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:02.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/js/chunk-vendors.be306b32.js HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-cd840\"\r\nexpires: Wed, 18 Mar 2026 22:50:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":841792,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32861)","md5":"50d30c35eaefb8d86e32b70bd7f6f577","sha1":"c31b5651624df26f2897795a28690fe610d63456","sha256":"9e8e81749bffed463571058e10803737e06442b83cb4654ab33d0e7a23e2db0f","sha512":"0ef20302b8eda461896bc53969e7a4f08fa9060370ee5b6008d3b4054d5c6ec3ae33373dae34d4e143b6568731a2f35d72dc383e967a6fc59e0cfc4398cbe365","ssdeep":"6144:c76v250VvXyNTvFJygQSqiy4v3B/7jFD8Tw8lAZr1NIfxXtNy/izw+:SmmwvIRqp2FDl8lAp1mxXTJzz","tlshash":"7705d7ccb5d2b06147eb6170402f110bf23a6959a40e80a4f26af8e47dbd9ad9177f7c","first_seen":"2025-07-24T16:08:00.782695Z","last_seen":"2026-03-18T11:40:26.637006Z","times_seen":4,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/css/chunk-vendors.ecdb3706.css","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:02.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/css/chunk-vendors.ecdb3706.css HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-2e040\"\r\nexpires: Wed, 18 Mar 2026 22:50:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":188480,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4275d10f2f64276803159783d7d0aa75","sha1":"51efebb76e2eecc4e136e67d5ce6854aa45c45f2","sha256":"01ead950496c20c752bd646d2d03604b3e4ff734224748c7d903fece0b30b0ba","sha512":"31614d4e948c208df6c1d6ca3f79bddf7572116f6f20d3d8c86e962bada94210f9fbe4d09ac840d5b3389df32d82d569f6301723cbbd7532fe6d56f19432bfef","ssdeep":"1536:ACN5J+jOkiHcinubsfTwLCgV8jFNlx0Beyu2rmQbaGZMGIV5VGR:ACnumTwLCjv4AGTR","tlshash":"220493a9ea90a17d7f1bb1359b8796dcf13cf960ed01dab4f10191184ec3bf1162362a","first_seen":"2025-04-03T11:16:25.584156Z","last_seen":"2026-05-30T10:32:12.106264Z","times_seen":30,"resource_available":false,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":795,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/img/logo2.cefdd90e.png","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:03.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/img/logo2.cefdd90e.png HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/login\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-2c51\"\r\nexpires: Fri, 17 Apr 2026 10:50:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11345,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"f5e1e74889731d8249bee213740b0be5","sha1":"11d0821fc441b11b1cfa915f74f308151a4b5bc7","sha256":"9638ae03154c09ccc4c01ac746261415e7a57c6a278e0000e83430532b9020fe","sha512":"3091ce3655b61339821ecf89f9c866dd718ff6828422d008451578402c1139fe90c63343b54565d424f338f2bca704ea76b9afb776c8adff7c4ca8c7aa750fd1","ssdeep":"192:wSZ6OeQa1MuVPzms+5Cx+CiwRx+8g3jyE44gEj1DUDx4G1me17BlX7Inps:Xc+2jFas+S+sD+8g74WUDx4G1J7TrCps","tlshash":"be32c0993111baf9024427325960305373f632f3c3be893287ca40f9eabeb331697295","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-05-29T19:49:45.410097Z","times_seen":60,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/img/bj.43260d18.png","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:03.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/img/bj.43260d18.png HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/static/css/app.12bf981c.css\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-1aaed\"\r\nexpires: Fri, 17 Apr 2026 10:50:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":109293,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1170 x 2532, 8-bit/color RGBA, non-interlaced","md5":"8e7d45f2fa827c754de6d84aaa1bc735","sha1":"1ac47233df83399a092389c507d4bb5df38440e8","sha256":"0ed8e8bbc30a49c9a54949760d44101779608d22761207e6e7ffc964c0d59601","sha512":"3bc3af5910700e3e262143e5c8baf794eb3494b04c96ae1a33404e2d6a61acd2e76c0a1b2888ca77c6d66c23cd5582e16c3105f61e59c4ee29fd2ede96629af4","ssdeep":"1536:BvPri1K3WCh04cTj1ejiMDMAtAkhX8mpk5rvDx73kiLBsNPVNJQKt+GrXyB3Fzy4:BborFX1ZMRfhMt1zLBsJVTQKGzy4","tlshash":"e2b3aee6f253f99cc9cd447b0a2815bd5af2b9e3e171c73380774e0ce9ae7a51698900","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-05-25T22:58:14.29848Z","times_seen":65,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk.spys1010.vip/index/user/common_parameters","fqdn":"tk.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:04.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk.spys1010.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:26:33 GMT","end":"Mon, 15 Jun 2026 13:26:32 GMT"},"fingerprint":{"sha1":"D2:05:EE:B4:92:45:5E:5C:2C:36:75:F6:9F:1D:FD:E1:86:AF:BC:39","sha256":"91:96:2C:23:11:F0:25:F0:3D:1D:77:21:AC:A0:4B:49:BA:9B:92:28:34:C9:C0:0E:F0:76:60:93:4C:10:AB:EF"}}},"request":{"raw":"GET /index/user/common_parameters HTTP/1.1\r\nHost: tk.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Allow-Credentials: true\r\nOrigin: https://tk-h5.spys1010.vip\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: https://tk-h5.spys1010.vip\r\naccess-control-allow-methods: GET,POST,PATCH,PUT,DELETE\r\naccess-control-expose-headers: User-Token-Csrf\r\nset-cookie: s3ef8f2b5=vqc67iebcn34ubiiglvnqv5l3m; path=/; HttpOnly\nserver_name_session=3e1efed906ada8ce3e3f84cc0ad67e1c; Max-Age=86400; httponly; path=/\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With, language,token,access-control-allow-credentials,access-control-allow-origin\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2164,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a274c233c4946ee9eacd696121ba4737","sha1":"73ac49bde859d326ebf517768c9fdcb819845b36","sha256":"17c69eeb8f151755de38a36dc699459c726a5518f11b573c05b2b34287bd931c","sha512":"e6951949f2e30534c8a05ae808348e799c93c0db6d907df88b0d9917d97ddf4713d223dae1f7c98d5aa20d3562477f21b28e14adc8565fa3b79b87a0fca42ade","ssdeep":"","tlshash":"7941f9fb12e5886e06f0bdc874cf582cd81b31039449ad4a470dffd948a96d9106b5bf","first_seen":"2026-03-18T10:50:28.63414Z","last_seen":"2026-03-18T11:40:26.635263Z","times_seen":3,"resource_available":false,"data":null}},"time_used":967,"timings":{"blocked":-1,"dns":35,"connect":186,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/config.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:02.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /config.js HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 76\r\nlast-modified: Tue, 17 Mar 2026 14:27:15 GMT\r\netag: \"69b964c3-4c\"\r\nexpires: Wed, 18 Mar 2026 22:50:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"eae7253c755466343af5ca9b798f0105","sha1":"4509e0466b3f07e14bc2792f9ec332e2f606ce78","sha256":"d0149152a433dcc9524d2180db2480815fde46dd152eb0b83f4ae28970aac7b9","sha512":"aab32afd3348119c2c10c7371b183196dbff7a3cb1ffa4b247a337142039854f3d953e80714da9bb3613168d35f11b0406da1a68efd7a4b6e93799977cd187c0","ssdeep":"","tlshash":"d1a024f70170531504d03440454f3c00f51314444c4d044430455ccc1d474d5140c17c","first_seen":"2026-03-18T10:50:28.635896Z","last_seen":"2026-03-18T11:40:26.636448Z","times_seen":3,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/js/app.5e5a2e07.js","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:02.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/js/app.5e5a2e07.js HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-36be5\"\r\nexpires: Wed, 18 Mar 2026 22:50:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":224229,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"5304016db9059d2b63fab844ef863bb5","sha1":"027414673ec0b8a356dc614ccc0daf34e4d6a2c5","sha256":"fb27ce09c11769182bfb569addac18b09919444de420808f7009fffde82becb8","sha512":"4f0d0687cba04dde7205f1c183106e98532fa86182b6566a8d7274016a211629a006ba3372408222ef2b65cc168cd8293f99083eb03128f441868bf056b4d8e1","ssdeep":"3072:X9g7hDkViK2lB0IGZWUdomRj+OSQUpXUqw4hX99vDOehg/msr7K6EZZc4sCWC:X90IiK2D0dGmV+O7UDNlqehg/ms4ZZF","tlshash":"73248c5eb9c6299d04e2819970cb7025e2ee2cc2d60dd3b095efc53239f1649d3aad7c","first_seen":"2026-03-18T10:50:28.637541Z","last_seen":"2026-03-18T11:40:26.645803Z","times_seen":3,"resource_available":true,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":795,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-h5.spys1010.vip/static/css/app.12bf981c.css","fqdn":"tk-h5.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:02.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-h5.spys1010.vip","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:27:03 GMT","end":"Mon, 15 Jun 2026 13:27:02 GMT"},"fingerprint":{"sha1":"BD:6E:CF:6B:AB:9E:FC:47:57:25:87:E6:FC:40:72:1B:74:0D:3F:76","sha256":"8D:5F:D6:8C:9B:CB:4F:CF:2A:E3:A5:83:16:9F:09:AE:C6:CB:C7:EC:48:E9:36:1B:DF:4C:EA:BA:8F:48:C5:FF"}}},"request":{"raw":"GET /static/css/app.12bf981c.css HTTP/1.1\r\nHost: tk-h5.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tk-h5.spys1010.vip/\r\nCookie: server_name_session=ea16ff5c0896fbe3f645d5585c67a698\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 16 Mar 2026 16:49:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b834a2-3c06\"\r\nexpires: Wed, 18 Mar 2026 22:50:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15366,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15366), with no line terminators","md5":"ab09ee677c01705405a52c81e704267e","sha1":"e35740c036fb967e8cc990708dcc6bf5c986a07f","sha256":"2bf1fcb28e06128819e9f6f68e139ad1e77d34882e8b8b1dae899fbde7a863e0","sha512":"e26bae17cd986e19a70aadf5ac32f411eaefe4d14f20872e9fd8a5709a96b46fda33aff6508e8b2a28b278c69e56c671d82318f95eaf92ee67599122e782752c","ssdeep":"384:zPBQsj1fJszKlT+D1zAEll0DHK9mLecQFQOfi26:zPBpj1fJszKlT+D1zAcl0DHK9mLecQF8","tlshash":"11620030b78c6418d32bd37874d2e6dc463aa66397011f6be71676364e932c33122a9b","first_seen":"2026-03-18T10:50:28.639757Z","last_seen":"2026-03-18T11:40:26.646412Z","times_seen":3,"resource_available":false,"data":null}},"time_used":794,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":794,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk-h5.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk-h5.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk.spys1010.vip/index/user/common_parameters","fqdn":"tk.spys1010.vip","domain":"spys1010.vip","tld":"vip"},"ip":{"addr":"38.55.97.60","port":443,"asn":42960,"as":"VH Global Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tk-h5.spys1010.vip/","date":"2026-03-18T10:50:03.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk.spys1010.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 13:26:33 GMT","end":"Mon, 15 Jun 2026 13:26:32 GMT"},"fingerprint":{"sha1":"D2:05:EE:B4:92:45:5E:5C:2C:36:75:F6:9F:1D:FD:E1:86:AF:BC:39","sha256":"91:96:2C:23:11:F0:25:F0:3D:1D:77:21:AC:A0:4B:49:BA:9B:92:28:34:C9:C0:0E:F0:76:60:93:4C:10:AB:EF"}}},"request":{"raw":"OPTIONS /index/user/common_parameters HTTP/1.1\r\nHost: tk.spys1010.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: access-control-allow-credentials\r\nReferer: https://tk-h5.spys1010.vip/\r\nOrigin: https://tk-h5.spys1010.vip\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 10:50:04 GMT\r\naccess-control-allow-origin: https://tk-h5.spys1010.vip\r\naccess-control-allow-methods: GET,POST,PATCH,PUT,DELETE\r\naccess-control-expose-headers: User-Token-Csrf\r\nset-cookie: server_name_session=3e1efed906ada8ce3e3f84cc0ad67e1c; Max-Age=86400; httponly; path=/\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With, language,token,access-control-allow-credentials,access-control-allow-origin\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-17T09:31:00.786811Z","times_seen":16480402,"resource_available":true,"data":null}},"time_used":1121,"timings":{"blocked":416,"dns":33,"connect":189,"send":0,"wait":285,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"tk.spys1010.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"tk.spys1010.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}