{"report_id":"064510fe-1d3d-49d7-91c4-6cd7c070ca78","version":6,"status":"done","tags":[],"date":"2025-12-14T14:55:28Z","url":{"schema":"https","addr":"cn.mxcmer.com/home/forbidden/","fqdn":"cn.mxcmer.com","domain":"mxcmer.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.mxcmer.com/home/forbidden/","fqdn":"cn.mxcmer.com","domain":"mxcmer.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":5375,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (439)","md5":"209ac5f374853113caa4026d9b5b220d","sha1":"9aced46144272575cd471b27737b86dc3a8d3cbf","sha256":"9e9a366c112bdab53db2afb1c2565f2bbb0e24925cd6cd70af343bb1acd58278","sha512":"8d669252ea1f4f2f2c44981f99799e951e43e00e4e0ae6981f7947e1b16ec7bdd7aa04692ad78366e4581cd49c0efd81f25ddad6e46a904f7f5ccecdf445b887","ssdeep":"96:qKQW27urXDurRTcTurpurhd2Mzcureq2cV59ur0urGurG1LM9ptikS6CSy:qKQL7mDgQcYzctq9LjdpLMU16+","tlshash":"00b1d7ba61d6500f32f3c388b9477b7c8117c113ca6fca99b6550ac6b7dc697161e30a","dom_hash":"domhash4cc410159beb4771ba53d2f8e92e9933","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"cn.mxcmer.com/home/forbidden/","fqdn":"cn.mxcmer.com","domain":"mxcmer.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-18T14:55:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-14","alert":"Phishing Block","trigger":"cn.mxcmer.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-12-14","alert":"Phishing - ManBetX","trigger":"cn.mxcmer.com","verdict":"phishing","severity":"medium","comment":"ManBetX","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2025-12-09T15:43:33.109428Z","alert_count":0,"request_count":5,"received_data":371311,"sent_data":2366,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.mxcmer.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-24","domain_rank":0,"first_seen":"2019-11-24T13:40:56Z","last_seen":"2025-12-10T04:36:50.557114Z","alert_count":6,"request_count":1,"received_data":6468,"sent_data":497,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/forbidden/bg.jpg","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.mxcmer.com/home/forbidden/","date":"2025-12-14T14:55:07.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/forbidden/bg.jpg HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.mxcmer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:08 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 306659\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4ade3\"\r\nServer: gocache\r\nExpires: Mon, 15 Dec 2025 14:55:08 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9f7d0ce5dfc59f56743c546426a5de66\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":306659,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"d556fd3295c24df91405e2d64278c45c","sha1":"6a516541ba37dd2bfaa166e35b0a61fdec8d309f","sha256":"29249e2ab68bef56f5cf8fd00d975c2ad4841238b9ef5f72b3b939cac9ca93b3","sha512":"031f990f38fdeefeb6515b3125d8ed2ec64b86dcc8a68e5cbc41feec117669d57063341a3498ffd20556938d7708ca51ee59343045df981f883956c26752c013","ssdeep":"6144:PpEDYEWYfTvPYqseHvQsLm/vCj1rWyno/EzeScL7zmO/zBflwkyh5y:RRYzboswvOoiezHzmgVaBy","tlshash":"116423f12310be97c7e60735cdaf038b9921063da52b8520a64d7a66d8fde30791b87d","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-03-29T02:44:50.232989Z","times_seen":40,"resource_available":false,"data":null}},"time_used":2958,"timings":{"blocked":1186,"dns":739,"connect":2,"send":0,"wait":218,"receive":366,"ssl":442},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/forbidden/bg.jpg","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.mxcmer.com/home/forbidden/","date":"2025-12-14T14:55:07.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/forbidden/bg.jpg HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.mxcmer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:08 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 38732\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-974c\"\r\nServer: gocache\r\nExpires: Mon, 15 Dec 2025 14:55:08 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f55529ea01d21372918a63d031f4ac5c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38732,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"85061edcaa6b6bd97205154d9f04ce72","sha1":"81ccca6e1403c89a84e5c19355bb1211e17eb8c6","sha256":"a98e8ce3baf05bb89866445e5e46d3dcb4184b21595a90eaad53acd042feadfe","sha512":"bdc8dabb1aba7d6c41750c75419622b54acb066b3271aa57e459c1f753acd04ba3dfaa70f977236f9260bc6835b3153e06a9b4aab9da3e5734e83dea0f235969","ssdeep":"384:lrB3mlUFuiWTUUw0Mo395R8z+La8tVXlAIMyKbvPLww1oEw0A2a6UjAU9IuwiQDU:xNHuiWTPF3na8tEnF3wgoEw0AV+U9Kzg","tlshash":"c103d1ee8f509988c6e0273446a9fe3df6e6225e56d3824017117505b1a47a83cffb71","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-03-29T02:44:50.23353Z","times_seen":40,"resource_available":false,"data":null}},"time_used":2603,"timings":{"blocked":1187,"dns":738,"connect":1,"send":0,"wait":221,"receive":6,"ssl":448},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/forbidden/icon_lock.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.mxcmer.com/home/forbidden/","date":"2025-12-14T14:55:07.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/forbidden/icon_lock.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.mxcmer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:08 GMT\r\nContent-Type: image/png\r\nContent-Length: 5220\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1464\"\r\nServer: gocache\r\nExpires: Mon, 15 Dec 2025 14:55:08 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 801d4257ca2a7a147c27e9346aa42794\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 58 x 121, 8-bit/color RGBA, non-interlaced","md5":"ab4de69584ef345a2b2e29b16a3a86a1","sha1":"f20ea8cedeb72d30e6fbef712b5dbcdc41fbb383","sha256":"bf0b2c3b8ed74ed5208fc483c72d11a32cf3dcdb24d8c8f1330137ebb7978c36","sha512":"d7f50057c2cf01a16a423ee28881f89e0c8fe09d3486d3def1e4234efab67537ee711e3f9d01a46a3eb1bfa2f9f251906d35a45e119aad9da476ebd0fa776a26","ssdeep":"96:O2SQG9c/7mC40x1E9OFkA6hMc76BMeJ2VOeT0J+5af6NN7fqD/m+Qz9:3SQGAmC77owKhV7X9OeTU+EfAN7fqDOd","tlshash":"55b18f97d4c08913de1706b781a4057558ab045f7e7247f7d7827dceca8189a2db8e33","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-04-04T09:00:33.818271Z","times_seen":88,"resource_available":false,"data":null}},"time_used":2734,"timings":{"blocked":1249,"dns":737,"connect":3,"send":0,"wait":232,"receive":1,"ssl":506},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.mxcmer.com/home/forbidden/","fqdn":"cn.mxcmer.com","domain":"mxcmer.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-14T14:55:05.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.mxcmer.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Sat, 24 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:AB:62:04:1A:A0:D6:64:16:C8:60:F4:BE:17:CB:36:13:69:52:42","sha256":"16:22:A8:67:29:DE:39:52:2E:89:7A:DD:F7:CA:ED:4A:54:E0:41:27:3E:42:A8:51:B4:8D:71:08:99:B9:5E:BE"}}},"request":{"raw":"GET /home/forbidden/ HTTP/1.1\r\nHost: cn.mxcmer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:07 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=mxcmer.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=mxcmer.com\nPHPSESSID=6h2geena59l68t6gi9hp9s3qcn; path=/\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: cf24075696053fad2ba6e3baba6d80d5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5510,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (439)","md5":"673612cee5c07dc13d82271a39d01995","sha1":"00b53136555c0a396a76c20c84d9f62e86980780","sha256":"e548874094fde412c46db307eea016fee2fd13f06656ca48fb68520e5d81e393","sha512":"5c5631b84b877840034f3a252ebd690b461c7b1494df4d56091b369a25fc80e5561c8ed5d20489abcb91da2c5a1a3044ec8984a65dbdf26bb39ed0930bf6ec1f","ssdeep":"96:xeHQW2IurXDuriTcTurpurhd2Mzcureq2cV59ur0urxurG1mN9ptMkS6CcA:8HQLImDbQcYzctq9Lj8pmNO16u","tlshash":"e8b1e77ab1d6510f32f3c388b647bb3c8117c103ca6f8a9cb66509c6a7cc697161e34a","first_seen":"2025-11-28T03:04:42.085Z","last_seen":"2025-12-14T14:55:29.914076Z","times_seen":10,"resource_available":false,"data":null}},"time_used":2666,"timings":{"blocked":978,"dns":525,"connect":1,"send":0,"wait":706,"receive":0,"ssl":454},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-14","alert":"Phishing Block","trigger":"cn.mxcmer.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-12-14","alert":"Phishing - ManBetX","trigger":"cn.mxcmer.com","verdict":"phishing","severity":"medium","comment":"ManBetX","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-14","alert":"Sinkholed","trigger":"cn.mxcmer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/forbidden/banner.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.mxcmer.com/home/forbidden/","date":"2025-12-14T14:55:07.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/forbidden/banner.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.mxcmer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:08 GMT\r\nContent-Type: image/png\r\nContent-Length: 10901\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-2a95\"\r\nServer: gocache\r\nExpires: Mon, 15 Dec 2025 14:55:08 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a86ce5f487b5820292ef0529e026c0bc\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10901,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 228, 8-bit/color RGBA, non-interlaced","md5":"e545aeb55efedd27448d1205ec4c2246","sha1":"951363f0835017a6d96ec7551ac945aefa6417db","sha256":"eb58d821dab31a7772b7e3ece15efa63b34eba9e11a1a8268523c23f7202d39e","sha512":"905ba3bbe736c140f255cb086a72feea4b71c873aacc42634a88a02e0a87c04c824fab68f79f8e1428fe5e43e2c7ecf6a25b310d50b665ed1fd644e0d6a2681c","ssdeep":"192:9LlIUrbdoMYIKlQXoNnbAPuuVNklNR8RS920EB/x8GJ0fKfBz92oConuUFwDe:9lrBo/VDuVENGCEY5SL2oruoue","tlshash":"0322bf819e50c0caa76511fafffbd210b865c0a8f0756f24959e9c468a354650f7e1c5","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-03-29T02:44:50.232379Z","times_seen":40,"resource_available":false,"data":null}},"time_used":2605,"timings":{"blocked":1190,"dns":745,"connect":3,"send":0,"wait":219,"receive":2,"ssl":437},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/forbidden/logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.mxcmer.com/home/forbidden/","date":"2025-12-14T14:55:07.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/forbidden/logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.mxcmer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 14 Dec 2025 14:55:08 GMT\r\nContent-Type: image/png\r\nContent-Length: 7587\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1da3\"\r\nServer: gocache\r\nExpires: Mon, 15 Dec 2025 14:55:08 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8de3b173d76588f55acd498dbd3b7a7e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7587,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 175 x 88, 8-bit/color RGBA, non-interlaced","md5":"2abfdbf1e4ea780b1f14eddcc4e34d34","sha1":"971e8e010ab74558b9db8cbcc8ac70b6cf7a4067","sha256":"785cf76bcdcfb73b9b8f807210e2ed071d4899ee09df589993afed1ae0baf2f0","sha512":"4a72ec9a7d853b50a98be896646d7742f5f69a3dbc323bc1d6249d538036941495c85e0a8e00417c21e880835cd0134d139caa9e3cf9ac442644ffa5ecf27a93","ssdeep":"192:JBhTvUZhv+BkA1yOWykiGPnsiM5t8Z/nr5PKq5ogU3s:JBEyk+prGnzM5t8NMq5DU8","tlshash":"7bf18eccd080c5fa9b5c6c3d4571af59ad0acd067da4d86d2a162af59f46be40021f1c","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-03-29T02:44:50.235262Z","times_seen":40,"resource_available":false,"data":null}},"time_used":2672,"timings":{"blocked":1225,"dns":746,"connect":3,"send":0,"wait":217,"receive":1,"ssl":472},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}