{"report_id":"07ce57c6-04d2-46e3-9cd7-0b68d5ff8315","version":6,"status":"done","tags":[],"date":"2025-10-10T06:20:06Z","url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"title":"本月热播-大陆微电影"},"submit":{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-14T06:20:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:19:45Z","timestamp":1760077185,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.2","port":53772,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-10-10T06:19:45.073916+0000\",\"flow_id\":1620124570257445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":53772,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-10-10T06:19:44.755749+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:19:45Z","timestamp":1760077185,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.2","port":53772,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-10-10T06:19:45.073916+0000\",\"flow_id\":1620124570257445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":53772,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-10-10T06:19:44.755749+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"files.catbox.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"cdn.yyzyw-tucdn-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"cdn.yyzyw-tucdn-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"biu47.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"v.ddnew10.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"jpgjingpinx1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"v.ddnew10.com","ip":{"addr":"173.231.12.51","port":443,"asn":18450,"as":"WEBNX","country":"United States","country_code":"US"},"domain_registered":"2025-09-11","domain_rank":0,"first_seen":"2025-10-08T03:32:52.205292Z","last_seen":"2025-10-08T03:32:52.205292Z","alert_count":1,"request_count":1,"received_data":10851,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"jpgjingpinx1.top","ip":{"addr":"204.188.235.18","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"domain_registered":"2025-03-13","domain_rank":172398,"first_seen":"2025-04-02T05:04:02.716789Z","last_seen":"2025-10-09T02:04:30.926228Z","alert_count":1,"request_count":1,"received_data":44147,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.5","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2025-10-06T03:33:36.947933Z","alert_count":0,"request_count":1,"received_data":118365,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"biu39.xyz","ip":{"addr":"209.141.40.239","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"domain_registered":"2025-01-06","domain_rank":834324,"first_seen":"2025-06-24T00:30:03.656683Z","last_seen":"2025-10-10T06:08:14.86989Z","alert_count":0,"request_count":1,"received_data":12373,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"files.catbox.moe","ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"domain_registered":"2015-04-06","domain_rank":519029,"first_seen":"2015-06-29T23:27:11Z","last_seen":"2025-10-07T09:12:51.65845Z","alert_count":1,"request_count":1,"received_data":39925,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"biu47.xyz","ip":{"addr":"209.141.48.213","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-09-28T16:56:30.532824Z","last_seen":"2025-09-28T16:56:30.532824Z","alert_count":3,"request_count":3,"received_data":239787,"sent_data":1398,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"poweredby.jads.co","ip":{"addr":"92.222.100.139","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2012-05-17","domain_rank":172301,"first_seen":"2019-12-04T10:34:12Z","last_seen":"2025-10-06T17:31:45.254744Z","alert_count":0,"request_count":1,"received_data":4009,"sent_data":411,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"user-images.githubusercontent.com","ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":70744,"first_seen":"2017-06-06T20:44:17Z","last_seen":"2025-10-06T18:16:08.360721Z","alert_count":0,"request_count":1,"received_data":107654,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"xemean.net","ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-12-05","domain_rank":690751,"first_seen":"2025-10-10T06:20:07.578004Z","last_seen":"2025-10-10T06:20:07.578004Z","alert_count":0,"request_count":5,"received_data":182292,"sent_data":3336,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"thumbs4.imagebam.com","ip":{"addr":"212.63.223.227","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"domain_registered":"2006-09-22","domain_rank":1507442,"first_seen":"2021-05-23T15:28:49Z","last_seen":"2025-10-07T22:51:36.473565Z","alert_count":0,"request_count":4,"received_data":3566827,"sent_data":1788,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"images2.imgbox.com","ip":{"addr":"212.63.223.225","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"domain_registered":"2009-02-09","domain_rank":384284,"first_seen":"2017-10-24T18:55:51Z","last_seen":"2025-10-05T02:02:07.27827Z","alert_count":0,"request_count":3,"received_data":747925,"sent_data":1329,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"m2.cffpic.com","ip":{"addr":"172.67.206.194","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-27","domain_rank":0,"first_seen":"2025-09-22T16:19:53.398399Z","last_seen":"2025-10-08T03:32:53.340611Z","alert_count":0,"request_count":1,"received_data":1059813,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-10-05T22:12:07.052692Z","alert_count":0,"request_count":1,"received_data":425474,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"m1.cffpng.com","ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-23","domain_rank":6560888,"first_seen":"2025-07-24T04:18:42.68678Z","last_seen":"2025-10-07T10:14:59.427925Z","alert_count":0,"request_count":5,"received_data":1276432,"sent_data":2213,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-10-05T22:15:09.164871Z","alert_count":0,"request_count":6,"received_data":315642,"sent_data":2845,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.yyzyw-tucdn-1.top","ip":{"addr":"172.67.168.80","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-05","domain_rank":0,"first_seen":"2025-02-10T22:48:20.643429Z","last_seen":"2025-10-08T12:51:52.940159Z","alert_count":2,"request_count":1,"received_data":874,"sent_data":484,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:19:45Z","timestamp":1760077185,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.2","port":53772,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)","source":"{\"timestamp\":\"2025-10-10T06:19:45.073916+0000\",\"flow_id\":1620124570257445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":53772,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038639,\"rev\":1,\"signature\":\"ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_08_29\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_08_29\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-10-10T06:19:44.755749+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:19:45Z","timestamp":1760077185,"ip_dst":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.2","port":53772,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2025-10-10T06:19:45.073916+0000\",\"flow_id\":1620124570257445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":53772,\"dest_ip\":\"108.181.20.35\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"files.catbox.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":305,\"start\":\"2025-10-10T06:19:44.755749+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"40f5d4e5649c039f27951208a7e17376","sha1":"1110881cdc813deffc8638eb61ce08a5fadc8896","sha256":"7f3fc0689f9e2d5a492eb2b290ec78cbc3d2305ca5fcd035cb7652bb41637bf3","sha512":"f271748f5342b491243dddaa4d38756ebc54e0478991408f78c364585e242f7ae8e94b04587f71c5be40a7dc703cb05a63c7d594d28bee53dd73b657534636e0","ssdeep":"","tlshash":"b7a002b7b582603c442271b41729758df9bf0954c790285957016a31a0b13d77615049","size":64,"data":"","first_seen":"2023-03-13T05:35:00Z","last_seen":"2026-03-28T15:57:02.187559Z","times_seen":249,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-LFDMM5L089","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"490268cc800a1efd47c3e331b4ce34dc","sha1":"abfaedb5f12998f857825042ca94e9c6d59a2aa8","sha256":"87e843da01c1afc00a8ba246562374f215a50994877f159c88ab041e48bdd19a","sha512":"9fe1c97c3f3343817b38a6903253d06dfe6eefced1c50b350e537d7d0fd80cd7ea33f6b8ab36ab4692e9d43fc802e50b3d410f56cc2c77943610763e38d457a0","ssdeep":"6144:PBo/yp2a4tk0uwbWZJT+Nju5204O0NsYXdXAQY:5FYJm0KZJu0O8","tlshash":"4f941ade73d674225396f078503f018ba57b28a2b44cc89af189cde42e74a9a4177f7c","size":424870,"data":"","first_seen":"2025-10-10T06:20:13.995406Z","last_seen":"2025-10-10T06:20:13.995406Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T11:47:06.822961Z","times_seen":292936,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","size":97163,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T10:49:51.496518Z","times_seen":67413,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","size":37045,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T11:46:19.982275Z","times_seen":75465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5cfca8cc32ff91e6676334b62017b2e5","sha1":"57dbe19c70463f16e24af579712b2cb0c778d30a","sha256":"9fa56aa2ff5bde602a6613886114bc8ffc629dbd949c82892108bb82bd850943","sha512":"62e6294471cbd76aa7d8c4ad45dc061e9420f90800042ee508d85544eb092ce1ad8aeb2a4333e1d3bba26093b58cf34dde2c0e7572d7efdb44b99f26627acdae","ssdeep":"","tlshash":"e261634c7080da2990f27561996f700c259b7e89370ac805b00d74e69fe99f87967fbe","size":3404,"data":"","first_seen":"2024-12-03T11:45:46.346417Z","last_seen":"2026-04-01T20:56:36.842983Z","times_seen":224,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d6144aba5211048ad27c8e4f58648879","sha1":"50dd5659264d3c2074c3aa20c9b3f60b57eba306","sha256":"618d4dd3fd216bbfeeda1cc59973986c101494a70fb288082f12e4cbf9e3ff4b","sha512":"b55c84098a594f2024ac2672ea109b57b1be5475439bdcb595a80e114cbec3b104f0bfd5559dc1c2fd3c3f9d5c80d2db788ebfc67ee4a27f10ae2d315818dce6","ssdeep":"","tlshash":"0b2100ac358a9d2d81322f72699b039d7c756e14b262a085904cd5b12960e366c17efb","size":1128,"data":"","first_seen":"2023-11-05T11:28:18Z","last_seen":"2026-04-01T20:56:36.846789Z","times_seen":233,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"920f568e381f3b0b4d0866553eefc602","sha1":"c6fe351d914b3534d26fb1dfd6835fc31768e134","sha256":"efb960dabbc0ffa4c799030a89ce29ef22a1e0a63bb571baae9fc9f2744291f0","sha512":"76d09fa65bfcb634faafc92240fbbd314938ab1985b3dda9fb5200adc87cd4a11d1b456fda0b61e8f3185e71d9b7ac05c3517b15fc754b61cb71245877c7c815","ssdeep":"","tlshash":"68e068d51447cd214fdaa4c6b9faf3ccb932af2936002e42f04c65014288ea93032e5c","size":381,"data":"","first_seen":"2025-10-10T06:20:14.013047Z","last_seen":"2025-10-10T06:20:14.013047Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e6414ce546e4a4a4c7c0ab76925749fe","sha1":"c9097d4e26968060cedfde84f25ed06a1f1205a5","sha256":"93fa875b21816a6d86b99d14414718121717fe85f51b35ae97dcb707fecdfb36","sha512":"01f0fbfb83ed0cb7b9f72f98968be712bd8e889879c59f7678b80ba6e433b44665763ac426a6783afe8bba62ff0158d778fe72f003412d4febadff5e2916e091","ssdeep":"","tlshash":"61c02b9c22030c7017f73b440bafb300b011321094941c31081133845531c03a705810","size":144,"data":"","first_seen":"2024-10-23T23:24:44.624106Z","last_seen":"2026-04-02T05:54:53.049138Z","times_seen":331,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"5e543256c480ac577d30f76f9120eb74","sha1":"d5d4cd07616a542891b7ec2d0257b3a24b69856e","sha256":"eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c","sha512":"16a332e891e86030aa9d08ab032fe026c4d4857b64902c386f3ede705373ecf9206f58d712a91a07a63dcbd14f133ab48571bfeb88927995224b299916af8fa5","ssdeep":"","tlshash":"565000000c000000003c0000000c00000000cc33030000f0c0000c0c0c0000003c0000","size":9,"data":"","first_seen":"2023-03-07T01:02:05Z","last_seen":"2026-04-05T10:53:20.926171Z","times_seen":78425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd875341c348d6263d30f7ff88aa572e","sha1":"ba761446722b181f40944548970b89f7864d008e","sha256":"5d13a7d2dbc48b683a2bc41dd4a2c34f723bd5be966712964cfde9b5dbe98df9","sha512":"2e523d7ce7c5b1dfb1bfbd07d8e4202f077cacf2983fe515b5415df7f4bd9ca22905d96efc42eacfd44262f532c380aeef22ed4eb5436274170b13a54bf5af3b","ssdeep":"","tlshash":"88f04c18236067a8717f15eff97dd04d1f0984e85384ace2e0d564184f938c02927f5e","size":593,"data":"","first_seen":"2024-04-30T10:43:31Z","last_seen":"2026-03-19T08:03:14.31532Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"poweredby.jads.co/js/jads.js","fqdn":"poweredby.jads.co","domain":"jads.co","tld":"co"},"ip":{"addr":"92.222.100.139","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"c344215f7f4c4339ef3ec474fab1d5d2","sha1":"56ae62e74a9560413819f5c829a689f11e0e8d4b","sha256":"4a80819c5ee89f3ea534b99fe485991302abc498d994ba29d5c893ac5d795f79","sha512":"77cb331606c75be717c9e04c1836c9b5c0e8011639b4063784f1159972e826b75c3d46625ca2b9e931e9934fb7febce6b9820cb0ac6692b108ff35de97f5a6e6","ssdeep":"","tlshash":"d971627733557879889b966f10ef6a18317faa310f0688025b9ce864987cdcb057fd84","size":3769,"data":"","first_seen":"2025-02-19T04:42:15.317534Z","last_seen":"2026-04-05T05:53:05.689154Z","times_seen":2179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/layer/3.1.1/layer.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"060444af631570264c5b3f957e26f5e3","sha1":"8278c4d47ac985481da0e5efb922457eaaf1dc0c","sha256":"7ed41c1149adf244bf700213886bfe8648d164942eb68527a7476bb7955c5af9","sha512":"d18a2c4bc192c90219776b9658d1c6f7942037c90f37a5819a38f36a4a1345f742b74602989b361c78a217ab661b09e037f7d9f891fddf3152916d9cbf9b865b","ssdeep":"384:qefWYREmwZAxlh2K1mM+8leJLCgO7TKVJO7:ffBuF0lh2smMNeP4","tlshash":"1da2b46a314035a7621390a9d14fbe0f71b21d24e7174128f12af4bc1dbdda9a2b7f4b","size":21713,"data":"","first_seen":"2023-03-07T15:24:24Z","last_seen":"2026-04-04T23:48:32.037502Z","times_seen":379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"31e4ac9710eccc509bff1470f2139d1d","sha1":"1a07361c30caa3047ee91f01fd5532ec16342a21","sha256":"244785ff7915c1dcc1abb876e99dcb166b4e2d06662e0262da9f8160a4f70131","sha512":"354d116c82960ea87fe50d4f6a03f3135a91dce8892ba50e4c507fe94b9f8bf2bce55d1081c472aabc5482c8b7ce512adbb938c3a70b6d9273b0cd7ce1368f1c","ssdeep":"","tlshash":"b511ce1cfc52776e517a38a4247ba10898ed2479fb619f11507d498d0b7dce038af93b","size":1015,"data":"","first_seen":"2024-12-05T14:48:40.74111Z","last_seen":"2026-03-19T08:03:14.315815Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xemean.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemean.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 14:39:17 GMT","end":"Thu, 18 Dec 2025 15:37:56 GMT"},"fingerprint":{"sha1":"32:98:F4:7C:DB:50:E9:6F:A5:2A:CB:54:37:AC:12:6C:EE:5B:33:81","sha256":"EA:22:7F:F7:A9:CF:A0:2A:C5:2D:B7:6D:72:1E:E1:10:8D:4D:E9:98:FD:FA:4C:76:67:13:0F:C0:7E:AC:2F:77"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: xemean.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xemean.net/vodlist/---monthhits-1.shtml\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=k38dZlEq5Ii2AgssGf0D_cCBWpAu0cNs2vPJrgiY; wxxu=QlU9P1luV0txcQVyTwlEcniyUH2nRvHrPQpuaFN_tl5sukVftkWlslFLZlO4Z6JPS4umD92mn5NcrQET6U-cvVWV-eHO-ZeIseI\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: application/javascript\r\nexpires: Fri, 10 Oct 2025 07:07:44 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2r63888VRYpnOwodQdxiE9UqQTLNLXrhHC9CzuQqOuhbTkhHLQpdF5y1QoqU7KcWaFLJDefi%2FdgF%2BoyskGr11%2Ba0F7u698DV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 98c40201efad7129-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T11:47:06.822961Z","times_seen":292936,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_192227372_uMG.jpg","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 12:55:51 GMT","end":"Fri, 19 Dec 2025 13:55:49 GMT"},"fingerprint":{"sha1":"F6:5E:93:B0:B1:16:C2:96:5B:E5:1F:B1:C1:D9:73:B9:F8:86:C0:5B","sha256":"CE:97:A7:27:08:B8:B1:BC:D4:FD:40:CE:00:B5:B2:54:2D:B9:24:32:DA:A7:5B:EF:DE:F5:4B:F4:B6:13:B7:D1"}}},"request":{"raw":"GET /20250604_192227372_uMG.jpg HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12093\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D5%2BxjjuFyEFEjVZowWwvvf5oGFNu858Lh8n73jsqVJITXnnze72TNcQny8tNWRfdR2M3a6utPBBuNuTE0994joyvU8vNvlinoaZpoBU%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"802d0785aa99bbfcf02f1a3c75ab14d1\"\r\nlast-modified: Wed, 04 Jun 2025 11:22:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nage: 1187\r\ncache-control: max-age=14400\r\ncf-ray: 98c402061cf821fe-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12093,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3","md5":"802d0785aa99bbfcf02f1a3c75ab14d1","sha1":"b989c243ebd5e2e80f46b8b13861b7ca0cabc3b3","sha256":"a5da169cd311131169b3b4d92941043feb6527c0e600f952d920bf7184ad0a80","sha512":"1b4eeb353200785c1bc9cc1f4bfd22f23baf429ba6e2d0306e8b25280962b53277a5e4959fc29f7d37ea9c70feb3f3a9e0db981c881c55d0e1ed9dc763b7fd26","ssdeep":"192:4uohjhSuHpMbe4Fvq5Ix+7sBophViLyoYwfKLZBYRNSpd2iT/rdvG54vlM9i3tqz:4uolMuH4FkI4VphOyoYOKtBYNSpU6hFk","tlshash":"8342cf640853518be8df2ceb0ffabb98dd69fa32515b4754b886db927cc16584743301","first_seen":"2025-06-04T21:56:59.34556Z","last_seen":"2026-04-02T06:37:28.072773Z","times_seen":253,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thumbs4.imagebam.com/bd/8f/88/MEPKG19_t.gif","fqdn":"thumbs4.imagebam.com","domain":"imagebam.com","tld":"com"},"ip":{"addr":"212.63.223.227","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagebam.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B3:7B:BD:C4:71:57:E9:3A:FB:A2:EF:CD:8A:85:14:1C:0C:6C:70:D5","sha256":"FA:BD:AE:0C:A2:F4:BA:CF:95:89:41:83:C6:E0:11:24:51:D3:F7:1D:C5:B2:12:B6:BE:A4:34:EB:EE:FA:06:30"}}},"request":{"raw":"GET /bd/8f/88/MEPKG19_t.gif HTTP/1.1\r\nHost: thumbs4.imagebam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx/1.22.1\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 95804\r\nvary: x-s-token\r\nlast-modified: Wed, 18 Oct 2023 21:46:01 GMT\r\netag: \"1763c-6080490b83af4\"\r\nx-cache: HIT\r\nx-whom: srv1535\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95804,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"09687136eb1b102af050ea7f6e2cbaf1","sha1":"7e1337ea1cee457058b384b81e7fef51c12eae4e","sha256":"598fa5256920c4fffee36ea3f1208ca6a0a1a85c03dcf9d8ffaa0b8ae84183c3","sha512":"957cab6e3fcb236894ac97ae561d989099e2cf6c42242b3ec5896d2214a7ae31eceea97860f54559037b994d7a20b7064fbc68c757801981d55a873f27e7eb42","ssdeep":"1536:uFZ5Mymj+nDCYgHUrdBpWLWcPXJQDkcmfgqHlqfIV+KtoPnNprNvs8NW3F/XZLg5:uFZS/ynulUjpOPXJEhmfJMfIV+Kto/Nz","tlshash":"959312a2d548140ef5a25af1100921a0dacf524b8f3eef3b5603a7e378ff1f520e6918","first_seen":"2023-11-05T11:28:18Z","last_seen":"2026-01-15T10:46:11.038642Z","times_seen":267,"resource_available":false,"data":null}},"time_used":676,"timings":{"blocked":65,"dns":1,"connect":25,"send":0,"wait":48,"receive":241,"ssl":291},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"biu39.xyz/20250101/945372020076445696/945372020076445696.jpg","fqdn":"biu39.xyz","domain":"biu39.xyz","tld":"xyz"},"ip":{"addr":"209.141.40.239","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"biu39.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 02:19:24 GMT","end":"Tue, 02 Dec 2025 02:19:23 GMT"},"fingerprint":{"sha1":"14:3C:4D:2D:48:3C:2B:96:2C:90:B6:B2:A5:85:30:42:C3:07:A6:D3","sha256":"A8:E1:B0:DF:26:84:21:0D:CE:AA:6A:52:C6:D2:79:A9:83:59:88:F6:2D:CA:A9:C5:0F:27:B8:9D:36:FB:5A:1F"}}},"request":{"raw":"GET /20250101/945372020076445696/945372020076445696.jpg HTTP/1.1\r\nHost: biu39.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 06:16:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11979\r\nlast-modified: Wed, 08 Jan 2025 08:15:05 GMT\r\netag: \"677e3409-2ecb\"\r\nexpires: Thu, 30 Oct 2025 06:16:29 GMT\r\ncache-control: max-age=1728000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11979,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", progressive, precision 8, 352x198, components 3","md5":"a5084e351dc9a332d4f8e8854f5bbd21","sha1":"c482f911b7425ff10f9aed245ec04230ab47f6b4","sha256":"2fa2b4861738b684db4803cad50850277da12a1c7d7375a3133c443050860ebc","sha512":"52b84809ae1f2e572175c63e71c2e806f87ea36579d06ed714e5362af913814e8bcc7107bf7e8fd83152ea11c54d74cb06d37faefe1e79c8c5b6099ae3f94257","ssdeep":"192:vVIj/OmHudwbqEB0IOpXbCuKi58WQ7lC8ALjwEgNm+ZSFWQBfhlXYPts6kn5vdkK:9Ij/TOdwFLOBbNqWQ7pmjwEp+ZgWG7IY","tlshash":"3032bfbab2e58249f53c41fab0c415e2736dded22f19d2c563f369bc2d6b0e2189448d","first_seen":"2025-10-10T06:20:13.979645Z","last_seen":"2025-10-10T06:20:13.979645Z","times_seen":1,"resource_available":false,"data":null}},"time_used":626,"timings":{"blocked":89,"dns":0,"connect":140,"send":0,"wait":145,"receive":20,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 16149\r\ncf-ray: 98c402020ba84e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb04010-1d970\"\r\nlast-modified: Mon, 04 May 2020 16:17:20 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 439423\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=u0L3LHxAs7gkNIjZq6bBykd3c99SVZqF7xQ%2F0%2FStoLCdpgNZuyDaDD5yqq%2ButvF9IUfRPbHE1YPtkLd%2FJa5wqYWNdsG%2BfAv27HqjZbI6bqmg4P5uEfyDN5DkdO%2FbdJF2XMN7nque\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121200,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65371)","md5":"ec3bb52a00e176a7181d454dffaea219","sha1":"6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68","sha256":"f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c","sha512":"e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b","ssdeep":"768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh","tlshash":"2cc3c7a0f21031ea7333c55a75d0ed872219a153e56a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-05T10:52:35.945808Z","times_seen":56336,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":17,"receive":1,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/g92Ppfv/w-SSw-Ht0-DD3v-Ilqz4p-AZp.gif","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.5","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 Aug 2025 07:17:47 GMT","end":"Sun, 16 Nov 2025 07:17:46 GMT"},"fingerprint":{"sha1":"30:62:E2:16:F0:8D:8F:C4:30:EF:67:44:60:2F:45:29:D1:5B:AF:94","sha256":"EE:AB:93:C9:6B:44:94:94:F6:EE:CA:98:DE:CE:BF:A6:25:9F:C8:76:A5:43:59:77:38:DD:D2:23:F7:9C:B1:70"}}},"request":{"raw":"GET /g92Ppfv/w-SSw-Ht0-DD3v-Ilqz4p-AZp.gif HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 118001\r\nlast-modified: Mon, 18 Mar 2024 14:11:54 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118001,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"031925005d01a807624df9b1458355b2","sha1":"7115b1929f1225700bb46604c1e83624f375f4bd","sha256":"cba815444b9d210a99635e2fbdcbe2bd5d7764823366ae276b5b0031a5841706","sha512":"0a1d8d910e668c64ff591f6b7d6cbb624cdf7e3ad3fd6b8b25e48759c1170452b1a62cda5d054a6b0359b25c772a86180b9eb13cf246eb9c5966aaec84dc901f","ssdeep":"3072:VLLWonpHwqv2D4OSjO1bmsJgUpeMzvIZ6J:VWKHwN4jjO1bmcgUPIZ6J","tlshash":"0ab3f11f9a587d029188fee859e74cfb6be604c0d9a4e859dc8cc0265f21276cb591cf","first_seen":"2024-08-19T20:36:38.845477Z","last_seen":"2025-11-20T11:17:31.978039Z","times_seen":121,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":32,"dns":0,"connect":21,"send":0,"wait":21,"receive":71,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.catbox.moe/slby5v.gif","fqdn":"files.catbox.moe","domain":"catbox.moe","tld":"moe"},"ip":{"addr":"108.181.20.35","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catbox.moe","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 Aug 2025 22:38:20 GMT","end":"Fri, 14 Nov 2025 22:38:19 GMT"},"fingerprint":{"sha1":"3C:AB:3C:2D:1C:35:C9:9D:9C:C0:6E:EA:95:4B:2C:D4:AB:1F:D4:0B","sha256":"1D:FE:BE:E7:E9:E9:E4:48:51:AD:2A:42:D9:5A:CD:EE:5C:F5:0B:37:7B:D8:81:89:15:E6:97:C5:62:F9:8E:AE"}}},"request":{"raw":"GET /slby5v.gif HTTP/1.1\r\nHost: files.catbox.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 39392\r\nlast-modified: Mon, 04 Aug 2025 06:04:19 GMT\r\netag: \"68904d63-99e0\"\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39392,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"c717ce787cef4052cc98b7b12e42f5c1","sha1":"8e724ee49e578fc998907b4cf555ba0c1395c0cf","sha256":"b854440ee1deef4dbae478bfb53b79a4fe303c7e257274f6a280094c19f22c18","sha512":"ed7ba482cbaa2373178b1c3533b5bf0c77f84ef95806a82709abcd29793ee4f28f436ce5ec2f9f2a8d0de7cf6237c885aa9663b044073f85846e259c247ca813","ssdeep":"768:4ezmJoabdOvzH7eBU3XzWPpY3zVIDwEwV4FXBj8X0x00+4SFoCs:vwNditSPpY3zqCV4/8X0Kvds","tlshash":"3903e1cea772b89bfc0c68332fa615441b91dfdbd8528a854eb20e1f7f00da4b0715a5","first_seen":"2023-05-20T12:50:37Z","last_seen":"2025-11-10T21:00:51.104148Z","times_seen":126,"resource_available":false,"data":null}},"time_used":1597,"timings":{"blocked":558,"dns":17,"connect":151,"send":0,"wait":151,"receive":300,"ssl":413},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"files.catbox.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images2.imgbox.com/fb/29/QxzvMOV6_o.gif","fqdn":"images2.imgbox.com","domain":"imgbox.com","tld":"com"},"ip":{"addr":"212.63.223.225","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imgbox.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5A:6B:D2:2E:15:1B:62:D6:8E:55:AD:38:B3:95:0A:EB:B9:C5:52:86","sha256":"D2:B7:6A:32:B9:55:A8:DD:A8:54:56:C5:ED:5B:DE:60:F1:7B:D2:30:B0:AC:51:21:58:2B:B8:DA:2D:36:D5:25"}}},"request":{"raw":"GET /fb/29/QxzvMOV6_o.gif HTTP/1.1\r\nHost: images2.imgbox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 10 Oct 2025 06:19:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 675874\r\nvary: x-s-token\r\nlast-modified: Wed, 27 Nov 2024 06:03:59 GMT\r\netag: \"a5022-627debb4ef1c0\"\r\nX-Cache: HIT\r\nX-Whom: srv1535\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":675874,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"d455ada9d08cdc3769ac6eba64258579","sha1":"398ab82e3092b46f489c3f01178ec2142458c183","sha256":"8c8ce7747169f408c7b2e0a3a0da5275d975e7c2571d8843702bce0e7d2c9b56","sha512":"3a2868334389d109715a5ee8b9333db8aae5eb7348fc7ab772f6f66d17da49b5249638eab24a788fcbe9355d6951ab11386cc5da7b8188712c61adab89fb012d","ssdeep":"12288:0cPdHxx+cldk3bj2Ib0yxddXbNMyHnrpNRVe9jBk1ynlsGLO2tIZrHXjPQCCs+K5:0cPR96j2Ib0SjHnHe9j8ynlsGLtt4HBx","tlshash":"4ae43334a3ea569d14d0d6a6c0e5f54e0380b4233b1bf7c3369a2ca6a98e07f56d0f71","first_seen":"2024-12-01T08:51:18.653526Z","last_seen":"2025-11-10T21:00:51.108415Z","times_seen":248,"resource_available":false,"data":null}},"time_used":935,"timings":{"blocked":54,"dns":0,"connect":25,"send":0,"wait":48,"receive":508,"ssl":300},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yyzyw-tucdn-1.top/upload/vod/20250221-1/dd588d8676202974dab7977f1262b6eb.jpg","fqdn":"cdn.yyzyw-tucdn-1.top","domain":"yyzyw-tucdn-1.top","tld":"top"},"ip":{"addr":"172.67.168.80","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.yyzyw-tucdn-1.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Sep 2025 14:33:54 GMT","end":"Sun, 28 Dec 2025 15:33:52 GMT"},"fingerprint":{"sha1":"6A:D5:9A:45:CA:15:9D:8D:82:AE:EA:3D:0B:88:29:9E:6C:7D:CD:C3","sha256":"45:2C:E0:7A:75:17:BB:FD:B9:78:0C:03:B0:46:E6:1D:E0:32:F5:46:51:24:12:E9:44:15:11:A8:B2:77:C4:4F"}}},"request":{"raw":"GET /upload/vod/20250221-1/dd588d8676202974dab7977f1262b6eb.jpg HTTP/1.1\r\nHost: cdn.yyzyw-tucdn-1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=86400\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K3cxcrVNIXj4UVRhrwgnsQhLrY7MhMWs46NLGa%2BUhDmWccgX20cBsr%2BbH6ix0tlflbeLy2J7IgqIxxGUPOHXQVEr72ZuSMJ1D8Uio9DSMlbQCXs%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 98c4020a0ff55690-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":1006,"timings":{"blocked":77,"dns":655,"connect":1,"send":0,"wait":197,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"cdn.yyzyw-tucdn-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"cdn.yyzyw-tucdn-1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"biu47.xyz/20250819/1028479661467762688/1028479661467762688.jpg","fqdn":"biu47.xyz","domain":"biu47.xyz","tld":"xyz"},"ip":{"addr":"209.141.48.213","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"biu47.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 04:36:36 GMT","end":"Sat, 27 Dec 2025 04:36:35 GMT"},"fingerprint":{"sha1":"AA:EE:73:0B:97:2F:18:CE:91:58:17:F7:B4:BD:60:4C:9C:13:EE:33","sha256":"67:F8:F8:B5:94:03:0D:33:E2:B4:79:7F:88:70:D1:32:C2:9D:B0:05:34:D3:71:5C:E1:12:66:15:DA:89:B2:70"}}},"request":{"raw":"GET /20250819/1028479661467762688/1028479661467762688.jpg HTTP/1.1\r\nHost: biu47.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 06:18:51 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25208\r\nlast-modified: Mon, 18 Aug 2025 17:30:59 GMT\r\netag: \"68a36353-6278\"\r\nexpires: Thu, 30 Oct 2025 06:18:51 GMT\r\ncache-control: max-age=1728000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25208,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x740, components 3","md5":"288f6d58bb778164c1398aab291c5efd","sha1":"d43d43ce53bc861ad85bded65d0f0779fd943335","sha256":"2a973352a3a7ba2f7541c454ede3e45db23e82a64953219862151962308a14b0","sha512":"68e4f118251931fdb82d49c40e1c0dcb836fc561adb56b1aef4c2ca358fee4d66848a11f0ab4644a26b896f11f9f5aff2993d4b4cd74a42b75906e2f55a8cf2d","ssdeep":"384:8x7bmoBF22OmfZ98C0fhHFSXZ1DRHhvuOThOa2q7N5I1SKAJ0kDeLGx:8x7bmMmY98C0frStHhvhkxAa8V","tlshash":"f5b2d0165446262ede5ff3340f00ab2ab27bece7ae52631fea939b61273d1f104140d8","first_seen":"2025-10-10T06:20:13.988282Z","last_seen":"2025-11-24T20:52:33.357151Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1028,"timings":{"blocked":-1,"dns":29,"connect":142,"send":0,"wait":290,"receive":134,"ssl":433},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"biu47.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"biu47.xyz/20250818/1028115732098973696/1028115732098973696.jpg","fqdn":"biu47.xyz","domain":"biu47.xyz","tld":"xyz"},"ip":{"addr":"209.141.48.213","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"biu47.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 04:36:36 GMT","end":"Sat, 27 Dec 2025 04:36:35 GMT"},"fingerprint":{"sha1":"AA:EE:73:0B:97:2F:18:CE:91:58:17:F7:B4:BD:60:4C:9C:13:EE:33","sha256":"67:F8:F8:B5:94:03:0D:33:E2:B4:79:7F:88:70:D1:32:C2:9D:B0:05:34:D3:71:5C:E1:12:66:15:DA:89:B2:70"}}},"request":{"raw":"GET /20250818/1028115732098973696/1028115732098973696.jpg HTTP/1.1\r\nHost: biu47.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":971,"timings":{"blocked":78,"dns":0,"connect":141,"send":0,"wait":421,"receive":0,"ssl":330},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"biu47.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"poweredby.jads.co/js/jads.js","fqdn":"poweredby.jads.co","domain":"jads.co","tld":"co"},"ip":{"addr":"92.222.100.139","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jads.co","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 11 Feb 2025 00:00:00 GMT","end":"Thu, 27 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"24:45:97:41:80:9C:3B:CE:BB:C3:B5:53:C5:0D:8C:BB:21:C9:56:20","sha256":"5F:96:09:03:1A:50:90:73:9C:60:3F:2D:35:D7:F2:4D:95:02:C6:38:BC:AB:88:FA:78:A4:8B:85:16:CB:F0:57"}}},"request":{"raw":"GET /js/jads.js HTTP/1.1\r\nHost: poweredby.jads.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 10 Oct 2025 06:19:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3769\r\nLast-Modified: Fri, 07 Mar 2025 18:31:37 GMT\r\nConnection: close\r\nETag: \"67cb3b89-eb9\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3769,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3769), with no line terminators","md5":"c344215f7f4c4339ef3ec474fab1d5d2","sha1":"56ae62e74a9560413819f5c829a689f11e0e8d4b","sha256":"4a80819c5ee89f3ea534b99fe485991302abc498d994ba29d5c893ac5d795f79","sha512":"77cb331606c75be717c9e04c1836c9b5c0e8011639b4063784f1159972e826b75c3d46625ca2b9e931e9934fb7febce6b9820cb0ac6692b108ff35de97f5a6e6","ssdeep":"","tlshash":"d971627733557879889b966f10ef6a18317faa310f0688025b9ce864987cdcb057fd84","first_seen":"2025-02-19T04:42:15.317534Z","last_seen":"2026-04-05T05:53:05.689154Z","times_seen":2179,"resource_available":true,"data":null}},"time_used":549,"timings":{"blocked":254,"dns":1,"connect":35,"send":0,"wait":34,"receive":0,"ssl":220},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thumbs4.imagebam.com/17/19/88/MEPEDLU_t.jpg","fqdn":"thumbs4.imagebam.com","domain":"imagebam.com","tld":"com"},"ip":{"addr":"212.63.223.227","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagebam.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B3:7B:BD:C4:71:57:E9:3A:FB:A2:EF:CD:8A:85:14:1C:0C:6C:70:D5","sha256":"FA:BD:AE:0C:A2:F4:BA:CF:95:89:41:83:C6:E0:11:24:51:D3:F7:1D:C5:B2:12:B6:BE:A4:34:EB:EE:FA:06:30"}}},"request":{"raw":"GET /17/19/88/MEPEDLU_t.jpg HTTP/1.1\r\nHost: thumbs4.imagebam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx/1.18.0\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6188\r\nvary: x-s-token\r\nlast-modified: Tue, 10 Oct 2023 02:22:02 GMT\r\netag: \"182c-607535f41a344\"\r\nx-cache: HIT\r\nx-whom: srv1535\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6188,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3","md5":"155fcc2c1bf1fe24594aa854fc36f3d5","sha1":"6bf018a247ce46063f98b28979a6e96a5aa28b5b","sha256":"2657b71deb167f1afd3c56aaf2c67bcc1c3704b368bd6fce5e9b89cb464e50c7","sha512":"7701925dd4a2f738be8dfbedaf33078b568f1c9fe5c9360dfe0259a87542f685755b94cf502f9a749810729cfe121e54bdd0564d5d8bc96a54b5c83061f53e2f","ssdeep":"192:RNfRCIQv+F1keP90/JXHcCfFYib0/t+Zlusv5nqqh3l:RTRlBmlcwYJAZ8sRf3","tlshash":"a2d19e00ef14ea0eda70e4b3a21f63f8951edd12ef5947b593d89231552a0c22a79a0c","first_seen":"2023-11-05T11:28:18Z","last_seen":"2026-04-02T06:37:28.071668Z","times_seen":375,"resource_available":false,"data":null}},"time_used":848,"timings":{"blocked":391,"dns":0,"connect":29,"send":0,"wait":26,"receive":1,"ssl":396},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_192928793_fIn.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 12:55:51 GMT","end":"Fri, 19 Dec 2025 13:55:49 GMT"},"fingerprint":{"sha1":"F6:5E:93:B0:B1:16:C2:96:5B:E5:1F:B1:C1:D9:73:B9:F8:86:C0:5B","sha256":"CE:97:A7:27:08:B8:B1:BC:D4:FD:40:CE:00:B5:B2:54:2D:B9:24:32:DA:A7:5B:EF:DE:F5:4B:F4:B6:13:B7:D1"}}},"request":{"raw":"GET /20250604_192928793_fIn.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 157404\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R3JY7ZOR4pvr6lNaXnjjq3p%2FXKilwBIQCmd7m0m5jkWQFJ%2B5wIambGGixxYDUdXcyrJyGPhcxaA3G2dpAZ5eo4hvQvqGnqI2OBCj76U%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"f9a75a1d599b59be1b9b5ce608ffe4c4\"\r\nlast-modified: Wed, 04 Jun 2025 11:29:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nage: 1187\r\ncache-control: max-age=14400\r\ncf-ray: 98c402061cfc21fe-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":157404,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 120 x 119","md5":"f9a75a1d599b59be1b9b5ce608ffe4c4","sha1":"7d893a9c61e467b4eb3d7b00b308aa64a478a33c","sha256":"e5ec3be2124ad6d741737832bc35f1c28bf60e1c8611e76470be815a997437b9","sha512":"71077d697c0b0f611c30e2267a052f616c15f78f73d445c762f06dc507d2aa1e5d41c1945b1bad1032f811165fbe3f4e96e52c0eca616726e4486d3487a20f7f","ssdeep":"3072:EkLO9oiB16DdYsD8e2LNpmf8k1ay9TtZaTitE04L2j:TOjBkREN091aqTHsie0Zj","tlshash":"7af32348d05c048ce5f61e3c75ae7a2196ca9547f37e72912de3d8a3d97301ba43af22","first_seen":"2025-01-16T04:21:32.477183Z","last_seen":"2026-02-14T13:26:31.422779Z","times_seen":466,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":192,"dns":0,"connect":0,"send":0,"wait":5,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m2.cffpic.com/20250916_190055621_ZdY.gif","fqdn":"m2.cffpic.com","domain":"cffpic.com","tld":"com"},"ip":{"addr":"172.67.206.194","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"182a1e59.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 16:18:36 GMT","end":"Sun, 23 Nov 2025 17:18:32 GMT"},"fingerprint":{"sha1":"6F:61:A7:81:FE:CB:A9:83:CB:97:5A:64:35:08:DF:61:69:B8:A3:87","sha256":"7C:01:62:0A:31:56:70:CE:C2:98:D0:33:B9:81:2E:5C:61:05:FE:D4:4E:25:F1:4F:9E:28:15:5B:80:6E:B8:8A"}}},"request":{"raw":"GET /20250916_190055621_ZdY.gif HTTP/1.1\r\nHost: m2.cffpic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1059138\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kt2OQNi3%2Fe%2B9Kjs%2Fz4KFY45FxNbGrBi45K2aaijy7x1ZAZKPnwAYF%2BUFb6dv9qU0yyoB36oLAZXIuZVgll%2BT%2FOgMgsTveP%2FRT8n%2Fx4o%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"9ba43068ff25f96b5cc668d7265dc839\"\r\nlast-modified: Tue, 16 Sep 2025 11:00:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 1188\r\ncache-control: max-age=14400\r\ncf-ray: 98c4020849d6c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1059138,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 450 x 450","md5":"6e422b46cf7ef0922dda2f2047fec62d","sha1":"978ed1d7bf0301b87cce3affe6a1a5e94bff75e2","sha256":"10c6b07f3728101a185cb9f856b2616763b8ea7b3fd2c356d003f231a6c54f1b","sha512":"1f7e39c17c25263489f1c436ee0dbc32fc564c39a16f3488a508b04e66ce2e6ee75f48171da5679a04ed87b0399c56b993d22918d6724eae7ab12102acd2d80d","ssdeep":"24576:6BoNXGyrLloPKI7agka5asK0E+dmZrwolwqB6ufgQYT2/cV:6VWlojw0E+sZrhwZufphk","tlshash":"2a253361d51681489e58889e7e9ccd8e7729d0328fe2591b5afcd2be13dbd3bf800306","first_seen":"2025-09-20T11:55:23.579389Z","last_seen":"2025-10-15T08:40:04.114543Z","times_seen":34,"resource_available":false,"data":null}},"time_used":684,"timings":{"blocked":42,"dns":1,"connect":1,"send":0,"wait":7,"receive":138,"ssl":494},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/user/srcd.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemean.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 14:39:17 GMT","end":"Thu, 18 Dec 2025 15:37:56 GMT"},"fingerprint":{"sha1":"32:98:F4:7C:DB:50:E9:6F:A5:2A:CB:54:37:AC:12:6C:EE:5B:33:81","sha256":"EA:22:7F:F7:A9:CF:A0:2A:C5:2D:B7:6D:72:1E:E1:10:8D:4D:E9:98:FD:FA:4C:76:67:13:0F:C0:7E:AC:2F:77"}}},"request":{"raw":"POST /user/srcd.shtml HTTP/1.1\r\nHost: xemean.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xemean.net/vodlist/---monthhits-1.shtml\r\nContent-Type: application/json\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 2\r\nOrigin: https://xemean.net\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=k38dZlEq5Ii2AgssGf0D_cCBWpAu0cNs2vPJrgiY; wxxu=QlU9P1luV0txcQVyTwlEcniyUH2nRvHrPQpuaFN_tl5sukVftkWlslFLZlO4Z6JPS4umD92mn5NcrQET6U-cvVWV-eHO-ZeIseI; srcd=false-pf-Win32-h-1024-w-1280\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-length: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5xsp2P%2FMtluxWXSNc9AH4dZkdJdzvQfrWoY63YhXw%2FwuroMTifWmTJJbNWw6NFDcJ2%2FEJy6PxERTaN4p29KLS0c1ZPHrYiXI\"}]}\r\ncf-ray: 98c402053d95b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/static/images/load.jpg","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemean.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 14:39:17 GMT","end":"Thu, 18 Dec 2025 15:37:56 GMT"},"fingerprint":{"sha1":"32:98:F4:7C:DB:50:E9:6F:A5:2A:CB:54:37:AC:12:6C:EE:5B:33:81","sha256":"EA:22:7F:F7:A9:CF:A0:2A:C5:2D:B7:6D:72:1E:E1:10:8D:4D:E9:98:FD:FA:4C:76:67:13:0F:C0:7E:AC:2F:77"}}},"request":{"raw":"GET /static/images/load.jpg HTTP/1.1\r\nHost: xemean.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xemean.net/vodlist/---monthhits-1.shtml\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=k38dZlEq5Ii2AgssGf0D_cCBWpAu0cNs2vPJrgiY; wxxu=QlU9P1luV0txcQVyTwlEcniyUH2nRvHrPQpuaFN_tl5sukVftkWlslFLZlO4Z6JPS4umD92mn5NcrQET6U-cvVWV-eHO-ZeIseI\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18341\r\nserver: cloudflare\r\nlast-modified: Thu, 31 Oct 2024 11:46:58 GMT\r\netag: \"67236e32-47a5\"\r\nexpires: Sat, 01 Nov 2025 08:58:08 GMT\r\ncache-control: max-age=2678400\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 681699\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bImxMCOPfM6%2FamF0Ykw%2F2M5tcObIOCB2cXhQHfykBGQumRniXYY6ak9MjkePHAzXS3LmDfcqMmk4yZnT8P%2F6C2NcTlBfY19J\"}]}\r\ncf-ray: 98c40201efab7129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18341,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 600x389, components 3","md5":"b84934511a97331b49e2b6d768501bc0","sha1":"95743d245d8caa2ef10a461c95ae2c2e86fa4b85","sha256":"9229125f9b07014aa5d3b8292bb55320c14a516688e6f918fd55fc80b181ff35","sha512":"3e6c990b064601da36e5e0678e6f1e5dfc9ec4ccb60d8cfbaf8212cb16792a19daa2e13758e792006fc371cee5632a0e06e9d6f8b0c697ab4313eea402dedd36","ssdeep":"384:YfOrhuJyAdIJcmBqj46101GxTDBeq12JCci8/yRdV/DHjGOx3:bhutIJTqc61CGxTd59ci8/yRdBjCOx3","tlshash":"e582d1738aad6fa793e16cf8453e85b1a7c8ac5354c8a70fe08604777a3a42f474d391","first_seen":"2023-05-22T17:27:11Z","last_seen":"2026-04-02T05:54:53.02966Z","times_seen":380,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 8722\r\ncf-ray: 98c402024c0b4e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb04010-90b5\"\r\nlast-modified: Mon, 04 May 2020 16:17:20 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 215299\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yXXOZvN1Ryk%2FpnUynajOfbwshoyGz%2Fqbyeu%2Frb8W4Q7HwYwQJ9K1PeTHS40AFrzEcm6%2BZQH5j4O%2B3w5OJH1493I047ILaUr22QjOtb4cFUSBhbMtPUvDm2rWUQHWKLqW7RLeLTgr\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T11:46:19.982275Z","times_seen":75465,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":46,"dns":1,"connect":4,"send":0,"wait":9,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-LFDMM5L089","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /gtag/js?id=G-LFDMM5L089 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\nexpires: Fri, 10 Oct 2025 06:19:44 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 141287\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":424870,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"490268cc800a1efd47c3e331b4ce34dc","sha1":"abfaedb5f12998f857825042ca94e9c6d59a2aa8","sha256":"87e843da01c1afc00a8ba246562374f215a50994877f159c88ab041e48bdd19a","sha512":"9fe1c97c3f3343817b38a6903253d06dfe6eefced1c50b350e537d7d0fd80cd7ea33f6b8ab36ab4692e9d43fc802e50b3d410f56cc2c77943610763e38d457a0","ssdeep":"6144:PBo/yp2a4tk0uwbWZJT+Nju5204O0NsYXdXAQY:5FYJm0KZJu0O8","tlshash":"4f941ade73d674225396f078503f018ba57b28a2b44cc89af189cde42e74a9a4177f7c","first_seen":"2025-10-10T06:20:13.995406Z","last_seen":"2025-10-10T06:20:13.995406Z","times_seen":1,"resource_available":true,"data":null}},"time_used":531,"timings":{"blocked":212,"dns":9,"connect":22,"send":0,"wait":43,"receive":58,"ssl":182},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xemean.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 18028\r\ncf-ray: 98c40203ba36dfec-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"5eb04010-466c\"\r\nlast-modified: Mon, 04 May 2020 16:17:20 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 233846\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=h7EqCrkjeHdw6G%2BHM%2BR%2BSGaJz4u8MmHX%2Be%2F1YPQiVsOIhZLzgMAcCr4wnVfNPfnLAoz5w0jdJjDFfiOc0eMMQhNb%2Fu%2FyHpS0InKJ6Te%2BK%2BPTd%2BcloDAdAcAXzuhtpGfBbifr9wTP\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18028,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 18028, version 1.589","md5":"448c34a56d699c29117adc64c43affeb","sha1":"ca35b697d99cae4d1b60f2d60fcd37771987eb07","sha256":"fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c","sha512":"3811804f56ec3c82f0bef35de0a9250e546a1e357fb59e2784f610d638fec355a27b480e3f796243c0e3d3743be3eadda8f9064c2b5b49577e16b7e40efcdb83","ssdeep":"384:Y22oezK7jlf4flnEPn9+1z2DIH6r3lEsNgV:Y22oeKjlCnm9+1y8gA","tlshash":"d082d0f4ea92999085b01c37d19acb48dc87b9cef5a4d01611e4e13eb5ff8ad684c6c8","first_seen":"2023-04-05T16:42:51Z","last_seen":"2026-04-05T10:54:11.151687Z","times_seen":36838,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":28,"dns":10,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thumbs4.imagebam.com/e9/38/e7/MEXPKC0_t.gif","fqdn":"thumbs4.imagebam.com","domain":"imagebam.com","tld":"com"},"ip":{"addr":"212.63.223.227","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagebam.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B3:7B:BD:C4:71:57:E9:3A:FB:A2:EF:CD:8A:85:14:1C:0C:6C:70:D5","sha256":"FA:BD:AE:0C:A2:F4:BA:CF:95:89:41:83:C6:E0:11:24:51:D3:F7:1D:C5:B2:12:B6:BE:A4:34:EB:EE:FA:06:30"}}},"request":{"raw":"GET /e9/38/e7/MEXPKC0_t.gif HTTP/1.1\r\nHost: thumbs4.imagebam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx/1.22.1\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2862307\r\nvary: x-s-token\r\nlast-modified: Tue, 26 Nov 2024 18:40:22 GMT\r\netag: \"2bace3-627d52e8f80d8\"\r\nx-cache: HIT\r\nx-whom: srv1535\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2862307,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 180 x 180","md5":"a76d3ae0a8da9dbd902f6336bb854898","sha1":"7218b0508eac4e50951c2683335584c3567cf0d8","sha256":"479daa5a148cefade349391d8e1667f1d2e1a05375305ef9f0603d4b02542e7c","sha512":"c0e0a81db20b9eed177e45fc0374824e7c73fe0aafee57c10efb4dfcc75f5af2d1d62c3c21c2b1c1242c8643b1489a7715cc4e6467b362ad3df5bcdc23f68fa4","ssdeep":"24576:sYKNTRhF2VsQlnnThsZ7xxmX68HsgOQqnGzuV5InsL:+58VRnNsXxgRHnaKA","tlshash":"db253336c6ab5649c3f3413ac89e852c8ff2fc5dee2054562a07caa4f1f35af14851e6","first_seen":"2025-07-29T23:56:11.981284Z","last_seen":"2026-03-01T23:39:50.094147Z","times_seen":172,"resource_available":false,"data":null}},"time_used":3994,"timings":{"blocked":-1,"dns":4,"connect":32,"send":0,"wait":49,"receive":3542,"ssl":366},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/favicon.ico","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:46.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemean.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 14:39:17 GMT","end":"Thu, 18 Dec 2025 15:37:56 GMT"},"fingerprint":{"sha1":"32:98:F4:7C:DB:50:E9:6F:A5:2A:CB:54:37:AC:12:6C:EE:5B:33:81","sha256":"EA:22:7F:F7:A9:CF:A0:2A:C5:2D:B7:6D:72:1E:E1:10:8D:4D:E9:98:FD:FA:4C:76:67:13:0F:C0:7E:AC:2F:77"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xemean.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xemean.net/vodlist/---monthhits-1.shtml\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=k38dZlEq5Ii2AgssGf0D_cCBWpAu0cNs2vPJrgiY; wxxu=QlU9P1luV0txcQVyTwlEcniyUH2nRvHrPQpuaFN_tl5sukVftkWlslFLZlO4Z6JPS4umD92mn5NcrQET6U-cvVWV-eHO-ZeIseI; srcd=false-pf-Win32-h-1024-w-1280; _ga_LFDMM5L089=GS2.1.s1760077184$o1$g0$t1760077184$j60$l0$h0; _ga=GA1.1.770818649.1760077185\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 10 Oct 2025 06:19:46 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Thu, 31 Oct 2024 11:44:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Oct 2025 17:47:26 GMT\r\ncache-control: max-age=2678400\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\nage: 1427549\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\netag: W/\"67236d94-1083e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f2OK%2FBavq2AoV36UpB0kpA9v10UyxIyDt%2FwNX7atMNJZRylNcrN7SQH3QN134Pyp24oLwlf9%2BlHTRH%2BBuOjP%2FAnckc7ptZr2\"}]}\r\ncf-ray: 98c402115dd4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67646,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel","md5":"442f7210f6b618147c3e00e98274007e","sha1":"503266e86c13136efe81e761bc23348f5699bd88","sha256":"5b2a62fcea48c3d149b4ebf234643e6cb160144c726393b8a6308f168e648339","sha512":"e3a51aa8f7501743b5626e48c72dffb300b0108eed7a52cdd2db8bc0dbfc366fe0bd266be026167d1d2aa1f35f20ac372e8d7afb66a2ef26fd7a7ef86ea7f6be","ssdeep":"384:ypAhpNH6HGk1K2ylYliOd2C2ikd4OQSl2uVvFpHP0nKmTV:ZGHGb2WuiOd2S4V1lfVvvHPL2","tlshash":"4063ec81be90c88ee4251638c82dd6fc616e3c85ec4094037be7bfdfb872e92546a55d","first_seen":"2023-05-22T17:27:12Z","last_seen":"2026-03-19T08:16:17.946641Z","times_seen":373,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/layer/3.1.1/layer.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/layer/3.1.1/layer.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6591\r\ncf-ray: 98c402023c024e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5ed4d0d2-54d1\"\r\nlast-modified: Mon, 01 Jun 2020 09:56:34 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 233999\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=IXxgvfBbE8BtBBWLjymUrAs%2B0c9GCWe%2Bj9lSBfrwhmH7DxMjOIMPOiWpOnSJdKBmemJrT8lfGZ1AQr642OyOKxJUDeOjABH3e6gLZZMIo4dOAp1xu1XIvdp5JGtIG2INjANw3RNa\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21713,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21713), with no line terminators","md5":"060444af631570264c5b3f957e26f5e3","sha1":"8278c4d47ac985481da0e5efb922457eaaf1dc0c","sha256":"7ed41c1149adf244bf700213886bfe8648d164942eb68527a7476bb7955c5af9","sha512":"d18a2c4bc192c90219776b9658d1c6f7942037c90f37a5819a38f36a4a1345f742b74602989b361c78a217ab661b09e037f7d9f891fddf3152916d9cbf9b865b","ssdeep":"384:qefWYREmwZAxlh2K1mM+8leJLCgO7TKVJO7:ffBuF0lh2smMNeP4","tlshash":"1da2b46a314035a7621390a9d14fbe0f71b21d24e7174128f12af4bc1dbdda9a2b7f4b","first_seen":"2023-03-07T15:24:24Z","last_seen":"2026-04-04T23:48:32.037502Z","times_seen":379,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":38,"dns":1,"connect":4,"send":0,"wait":12,"receive":1,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"user-images.githubusercontent.com/138796159/281945527-621174f1-22c7-4f94-bdc8-6b86d3b7866c.gif","fqdn":"user-images.githubusercontent.com","domain":"user-images.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /138796159/281945527-621174f1-22c7-4f94-bdc8-6b86d3b7866c.gif HTTP/1.1\r\nHost: user-images.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Fri, 10 Nov 2023 03:27:50 GMT\r\netag: \"1b49814513dc1ad889d7edb8f0fe3783\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: null\r\ncontent-type: image/gif\r\ncache-control: max-age=3600\r\naccept-ranges: bytes\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\nvia: 1.1 varnish\r\nage: 196602\r\nx-served-by: cache-hel1410022-HEL\r\nx-cache: HIT\r\nx-cache-hits: 1200\r\nx-timer: S1760077185.817753,VS0,VE0\r\ncontent-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; sandbox;\r\nx-fastly-request-id: 66e13d550edc5af3a7c03e5d253a145d1953e0fc\r\nserver: GitHub Cloud\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: https://github.com\r\ncontent-length: 106825\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":106825,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"1b49814513dc1ad889d7edb8f0fe3783","sha1":"4bf8be06d4a92994d7406e4b8ee11575bf241ef9","sha256":"9646a6506f777102a0873a76e28dff82b3752e97306fa50d6a51e83ad1018119","sha512":"282831bbfe4de414ef8a157c3834ec8dfff51f1a4f294a2c2322a8d1e601453b7746a7bfc0e51461a00f96fb504a6dd5677c658d729cab0f2413fcedd8b5fc5b","ssdeep":"3072:Ufc6uHVwwDoOkapJy26fPJJRAqoNGebBsnmt4OJx:51wwcReJ96fPJObBnt4yx","tlshash":"cfa312dec21feb29941c5b78bffe64069d2b910b75906f780ea0e102ce2b5cf6995d10","first_seen":"2023-11-22T08:42:29Z","last_seen":"2026-04-02T06:37:28.084392Z","times_seen":358,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":48,"dns":0,"connect":31,"send":0,"wait":28,"receive":56,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"biu47.xyz/20250830/1032795282309382144/1032795282309382144.jpg","fqdn":"biu47.xyz","domain":"biu47.xyz","tld":"xyz"},"ip":{"addr":"209.141.48.213","port":443,"asn":53667,"as":"PONYNET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"biu47.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 04:36:36 GMT","end":"Sat, 27 Dec 2025 04:36:35 GMT"},"fingerprint":{"sha1":"AA:EE:73:0B:97:2F:18:CE:91:58:17:F7:B4:BD:60:4C:9C:13:EE:33","sha256":"67:F8:F8:B5:94:03:0D:33:E2:B4:79:7F:88:70:D1:32:C2:9D:B0:05:34:D3:71:5C:E1:12:66:15:DA:89:B2:70"}}},"request":{"raw":"GET /20250830/1032795282309382144/1032795282309382144.jpg HTTP/1.1\r\nHost: biu47.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 06:18:51 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 213789\r\nlast-modified: Sat, 30 Aug 2025 15:19:44 GMT\r\netag: \"68b31690-3431d\"\r\nexpires: Thu, 30 Oct 2025 06:18:51 GMT\r\ncache-control: max-age=1728000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":213789,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"af4f154d7ee3cc4dae456a43c171df5a","sha1":"22d222d465ed47dac2f581ee59ca4b60f9ae1512","sha256":"35b4793cd47b1962c6088013b8398934a222b57a5e51008934bed5f318a611a6","sha512":"8e8b3d5335eeab65853f38516f48f0f66a8b020a1dbcedae5dc63e33005d43f198fbdf7d8bdf9f44bf2634f55a5f250027b8cb2b3162c839418e97fd73e6d1c9","ssdeep":"6144:9PLBnQ2TGYsDC/i6si54Zj+DYBNvoW7y3KIa:BFneQ/hL5zDYly3KIa","tlshash":"c024233529176c035fac8b2c3447bbe1236aad17d1f9f7b1282d660ea67d062962740b","first_seen":"2025-10-10T06:20:14.000688Z","last_seen":"2025-10-10T06:20:14.000688Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1751,"timings":{"blocked":100,"dns":0,"connect":142,"send":0,"wait":461,"receive":738,"ssl":309},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"biu47.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v.ddnew10.com/20250924/kzcUmTTK/1.jpg","fqdn":"v.ddnew10.com","domain":"ddnew10.com","tld":"com"},"ip":{"addr":"173.231.12.51","port":443,"asn":18450,"as":"WEBNX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"v.ddnew10.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 13:17:35 GMT","end":"Wed, 10 Dec 2025 13:17:34 GMT"},"fingerprint":{"sha1":"17:66:ED:5D:1B:0C:86:68:92:52:14:DF:CC:C7:41:19:0F:3C:01:04","sha256":"94:D0:0E:22:0E:21:48:B9:84:81:53:BD:BD:8D:E6:79:1F:35:D4:54:93:E5:32:A3:99:7B:8A:8F:5C:46:82:BD"}}},"request":{"raw":"GET /20250924/kzcUmTTK/1.jpg HTTP/1.1\r\nHost: v.ddnew10.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: X-Requested-With\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\naccess-control-allow-origin: *\r\ncontent-disposition: attachment; filename=\"1.jpg\"\r\ncontent-type: application/octet-stream\r\ndate: Wed, 08 Oct 2025 17:34:35 GMT\r\netag: \"68d41aad-282e\"\r\nexpires: Mon, 31 Mar 2031 17:34:35 GMT\r\nlast-modified: Wed, 08 Oct 2025 17:34:36 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-cache: HIT, policy, disk\r\ncontent-length: 10286\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10286,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc61.3.100\", baseline, precision 8, 320x240, components 3","md5":"aa8381b99d39325d001dafada0624634","sha1":"eb51205ada8446085b3a9a5e18222dee82d6f797","sha256":"653a46b603de79c16ceef505eb6ad5ad1e489f37f87a611b1a222943fa20bb25","sha512":"691c742e5844c4c130d090ac2d3736e1a845040bb0a241fc5bbf15aca068e1df7f8c991460d4aa6097ae597e1a80e58a6737faad509a1f1dc2158701439cd83a","ssdeep":"192:2KVvJ0Tg06BqpV69s8l3Pol+hQRAWy8CZUK4k3AJ2pV0C8QMwg:bVvGc06M7es8dPqXXyxA0vkQhg","tlshash":"8022b057006c3553c280d3b466390c5fceee2fccadd9a568e3fa15200a757aeb8752ad","first_seen":"2025-10-10T06:20:14.002366Z","last_seen":"2025-10-10T06:20:14.002366Z","times_seen":1,"resource_available":false,"data":null}},"time_used":671,"timings":{"blocked":110,"dns":0,"connect":135,"send":0,"wait":143,"receive":135,"ssl":147},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"v.ddnew10.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/layer/3.1.1/theme/default/layer.css?v=3.1.1","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/layer/3.1.1/theme/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 2396\r\ncf-ray: 98c402047c6856c3-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5ed4d0d2-381f\"\r\nlast-modified: Mon, 01 Jun 2020 09:56:34 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1133166\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\npriority: u=2,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ItTRR5HVv%2FPQjTogpG%2BCwsPQupo1aZndCXNXd10Qwn8eYWToz6CLZorVsL1V09fpEwzN%2FQgtqQ%2FlIPmxQJazrKOBAbmFySuFugOh3aiEipykhdC7nKMwuGf1WEcV7oWkIhzUQO2e\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14367,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (14367), with no line terminators","md5":"3d2e0d91c5c0b96abb8dbdc2234aba77","sha1":"9d55e153b30fd7414fada5718e20918e9c7f65e7","sha256":"e3144d018a6a24f733c6fc2a2ee603fb583f0030585e9d4b71bec471b78e31fc","sha512":"42bf3eff281998d088ce012b9a5910f72951c91715595572bb968fbfc5fa2b1cddacef3ca683a1734eb41114b302b6a4dad8b7432c5877b3563a080a2547ae05","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:1WmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"2e5221e144811299b0278721d6dc7eba32f88d43e5630daef257381f874c6dba2b6647","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-04-05T11:27:49.06514Z","times_seen":5860,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xemean.net/vodlist/---monthhits-1.shtml","fqdn":"xemean.net","domain":"xemean.net","tld":"net"},"ip":{"addr":"172.67.158.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-10T06:19:43.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemean.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 14:39:17 GMT","end":"Thu, 18 Dec 2025 15:37:56 GMT"},"fingerprint":{"sha1":"32:98:F4:7C:DB:50:E9:6F:A5:2A:CB:54:37:AC:12:6C:EE:5B:33:81","sha256":"EA:22:7F:F7:A9:CF:A0:2A:C5:2D:B7:6D:72:1E:E1:10:8D:4D:E9:98:FD:FA:4C:76:67:13:0F:C0:7E:AC:2F:77"}}},"request":{"raw":"GET /vodlist/---monthhits-1.shtml HTTP/1.1\r\nHost: xemean.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbyAtBdKGWnIRlubGSHP0%2FDPZRKqHzNKU%2FapIfE5WDCM9BpFTtqmxSWEet6dfagb365FL7Dhm7z9sKfWEGtxMwFk7pWm0h%2Fe\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-language: en-US\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nset-cookie: JSESSIONID=k38dZlEq5Ii2AgssGf0D_cCBWpAu0cNs2vPJrgiY; Path=/\nwxxu=QlU9P1luV0txcQVyTwlEcniyUH2nRvHrPQpuaFN_tl5sukVftkWlslFLZlO4Z6JPS4umD92mn5NcrQET6U-cvVWV-eHO-ZeIseI; HttpOnly; Path=/; Max-Age=86400; Expires=Sat, 11 Oct 2025 06:19:43 GMT\r\ncf-ray: 98c401fdfd627129-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":91512,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (31924), with CRLF, LF line terminators","md5":"9447a0729b4d19001cc8cc6a6f30840e","sha1":"3d365fe5e6a41daca58c2819059655a3728fee04","sha256":"51cf7617d5852df9808be36335a790a011c37e4fb45e058332f15c53380b8133","sha512":"bc0ebe62227352f0569706365912c6994b2f7b3ef02f3bbe074ff0bf5054071680cefaec6fbbc23a89282d9295022e4460f3a4ac16740bf4ec875c65a03d52e8","ssdeep":"1536:rx+4R8I9iWTlXE+zhCZOqdZ1YCIHGWKbj7sgSeid9z/NY:rxFBFqdZ1YCIHGdbTSeid9LNY","tlshash":"19932c3592842e2fa1bbc7d195c1a7adf002b017c7524f99e4a1b1f1c78afd47a6720e","first_seen":"2025-10-10T06:20:14.004679Z","last_seen":"2025-10-10T06:20:14.004679Z","times_seen":1,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":56,"dns":8,"connect":1,"send":0,"wait":406,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images2.imgbox.com/cb/9f/XQGCkjQi_o.png","fqdn":"images2.imgbox.com","domain":"imgbox.com","tld":"com"},"ip":{"addr":"212.63.223.225","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imgbox.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5A:6B:D2:2E:15:1B:62:D6:8E:55:AD:38:B3:95:0A:EB:B9:C5:52:86","sha256":"D2:B7:6A:32:B9:55:A8:DD:A8:54:56:C5:ED:5B:DE:60:F1:7B:D2:30:B0:AC:51:21:58:2B:B8:DA:2D:36:D5:25"}}},"request":{"raw":"GET /cb/9f/XQGCkjQi_o.png HTTP/1.1\r\nHost: images2.imgbox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.14.2\r\nDate: Fri, 10 Oct 2025 06:19:45 GMT\r\nContent-Type: image/png\r\nContent-Length: 38441\r\nVary: x-s-token\r\nLast-Modified: Wed, 28 Dec 2022 22:01:20 GMT\r\nETag: \"9629-5f0ea82248c00\"\r\nX-Cache: HIT\r\nX-Whom: srv1535\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38441,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 207 x 204, 8-bit/color RGBA, non-interlaced","md5":"d9281b2d724078883a5b509d437e328a","sha1":"42c82fe1691afb5a8cf8413ae042372aecdaf9f0","sha256":"d66db76edd49e043926f3d85afb684c92cf6b6edb3145306c33d9b0f7c592829","sha512":"d014262f82c7076e242173b597f307fcbe56d17436fe205e088c5380bc7e42c89559d20b6649677c95c5dc7682f2b9bb4c51dc2d7b95ae4fa1d1c2de5d289db3","ssdeep":"768:SBjLVQgbAeiSzZHA0PmgJDmGVTkez2Lkiv2uatZ5vASDid+WvmF7:mPqg0eiS9g0OMDmGqQYatZ5qla","tlshash":"b803f1b64a37ed80732bd5c72043e051b6fc5a157ae5adab01a4a5e469103b3ec0ff70","first_seen":"2023-05-22T17:27:11Z","last_seen":"2025-11-10T21:00:51.117991Z","times_seen":293,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":49,"dns":0,"connect":25,"send":0,"wait":48,"receive":12,"ssl":308},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jpgjingpinx1.top/upload/vod/20251005-1/6bb1328507be38c9f879a6c1dfb76e98.png","fqdn":"jpgjingpinx1.top","domain":"jpgjingpinx1.top","tld":"top"},"ip":{"addr":"204.188.235.18","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jpgjingpinx1.top","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Tue, 09 Sep 2025 00:00:00 GMT","end":"Fri, 09 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C3:DB:9D:36:6B:CF:BC:20:26:A0:FD:81:4D:7E:BC:1A:D3:10:29:3E","sha256":"75:E7:41:57:8D:0F:68:3C:E2:47:83:FE:F1:B6:1B:F0:0E:66:9F:ED:99:2B:3E:6E:D6:9A:D6:4F:64:04:66:04"}}},"request":{"raw":"GET /upload/vod/20251005-1/6bb1328507be38c9f879a6c1dfb76e98.png HTTP/1.1\r\nHost: jpgjingpinx1.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=2592000\r\nContent-Type: image/png\r\nDate: Sat, 04 Oct 2025 16:30:04 GMT\r\nEtag: W/\"68e14b88-ab35\"\r\nExpires: Mon, 03 Nov 2025 16:30:04 GMT\r\nLast-Modified: Sat, 04 Oct 2025 16:30:04 GMT\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43829,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"266b73bb88bfbb0040efecb111bf089f","sha1":"7bcc50820352dd74b1c2751fae24b88754191e3e","sha256":"c4f681b26ed6c02355d44ecea4683c26672b56880a909bc17fb87246d4526be0","sha512":"60b748afec4ff24fb6f70f325365a66d9630dba8505d470145b741102af7437194a0a2f162e56f8546492d969fd2da5e49ff18e755287e16e07e6eedfae1604c","ssdeep":"768:+sYyXB5Kh5Eu7BeQivJ+8ZWKUDzm3gqD3YysvxY9d7hcnQIVvkFX+B80:+s+hbeQiR+8AzysysqMQ9FX+Bn","tlshash":"2113f1a49b673700ea3bc43128ec951322975aa61be87cdbdf695c7bce4509c240f0c6","first_seen":"2025-10-10T06:08:20.161881Z","last_seen":"2025-10-13T13:47:33.868496Z","times_seen":3,"resource_available":false,"data":null}},"time_used":849,"timings":{"blocked":121,"dns":0,"connect":110,"send":0,"wait":111,"receive":177,"ssl":330},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"jpgjingpinx1.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/2025020810f8tgt.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 12:55:51 GMT","end":"Fri, 19 Dec 2025 13:55:49 GMT"},"fingerprint":{"sha1":"F6:5E:93:B0:B1:16:C2:96:5B:E5:1F:B1:C1:D9:73:B9:F8:86:C0:5B","sha256":"CE:97:A7:27:08:B8:B1:BC:D4:FD:40:CE:00:B5:B2:54:2D:B9:24:32:DA:A7:5B:EF:DE:F5:4B:F4:B6:13:B7:D1"}}},"request":{"raw":"GET /2025020810f8tgt.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 557566\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yeENigYUgjTlRD2VzgMVwn8yizq1YCmKoIBOFjdYaB0jemswNgvJ8vmwqP4JXNojz4n1dL19N6RIzIY9aR%2F8RAm7BT7qwpECOSJgG00%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"08981705b3f3e7ab65a0ab29d4ae36b4\"\r\nlast-modified: Sat, 08 Feb 2025 10:22:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nage: 2640\r\ncache-control: max-age=14400\r\ncf-ray: 98c402061d0321fe-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":557566,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"08981705b3f3e7ab65a0ab29d4ae36b4","sha1":"e2471798756bb33438743f5f675ac3991b53aae0","sha256":"983e76151091387c558e5b0a32893295e332c4184aebe0a0987d96c9776fbe32","sha512":"7f8196eafd17fb6cc3a0e7bffb0e6a7d7d6a7120e26bb36932e2bfb58b219aab1c1a169ee88ab9955cbc583340a9ed362deffb561fbdc084de97303b2917fffd","ssdeep":"12288:yfowKmrvAjqID00HKc9SZf8tQC+smCFNemDPTgAUgUrBEOW:yfoQrIQlcaf83+smy8mrTXUgUri","tlshash":"05c4234bcc9ca8b4de18bf1664cecd4be202f0ca05759097dd4e91f593bb62ec4a944a","first_seen":"2025-02-12T11:40:48.696541Z","last_seen":"2026-04-02T06:37:28.104689Z","times_seen":353,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":196,"dns":0,"connect":0,"send":0,"wait":11,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 30360\r\ncf-ray: 98c402023bfc4e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ec4-17b8b\"\r\nlast-modified: Mon, 04 May 2020 16:11:48 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 217255\r\nexpires: Wed, 30 Sep 2026 06:19:44 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=2fDxQPO05OLg3wDisv3rY88kMmMoKW8dUcs4eUptcrGkKaj1xrP0xFZF6KRc1l8FqqApw1yejXQwbv%2FdH1FMA6wndrqO%2FFa9FfuJPTmAMhbZOZ5GUTILVZ1WqR54sfQqNU9FD1Ay\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":97163,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32077)","md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T10:49:51.496518Z","times_seen":67413,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":39,"dns":4,"connect":1,"send":0,"wait":11,"receive":2,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images2.imgbox.com/e6/fb/QV8SRr50_o.gif","fqdn":"images2.imgbox.com","domain":"imgbox.com","tld":"com"},"ip":{"addr":"212.63.223.225","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imgbox.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5A:6B:D2:2E:15:1B:62:D6:8E:55:AD:38:B3:95:0A:EB:B9:C5:52:86","sha256":"D2:B7:6A:32:B9:55:A8:DD:A8:54:56:C5:ED:5B:DE:60:F1:7B:D2:30:B0:AC:51:21:58:2B:B8:DA:2D:36:D5:25"}}},"request":{"raw":"GET /e6/fb/QV8SRr50_o.gif HTTP/1.1\r\nHost: images2.imgbox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 10 Oct 2025 06:19:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 32798\r\nvary: x-s-token\r\nlast-modified: Wed, 27 Nov 2024 06:06:35 GMT\r\netag: \"801e-627dec49b50c0\"\r\nX-Cache: HIT\r\nX-Whom: srv1535\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32798,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"39f9c3ddf152664c74f7d07571b2f3d1","sha1":"9f71c2b38a42bc5d5558f8228db7983239cb3ccd","sha256":"0ff71f227d4f57d2b89e8f6d175fc540c2f5e70f634b2814f2af3d5d939174b2","sha512":"4c770ed4a6b05bbf1b6840b25429f8fcf0c478908b30cf1b1a2956f70bae2d6695269f253627f873b3dac9d6ec2f0de540d899041c26d74e1803b04461764d21","ssdeep":"768:ZqRrGgxKkH4t0E5VZME6ycYwv8RHozLzfSvVSzcKNUATNVax+HqZAlvuo:Z3Ft0EXagwkRHozrzDj5VNmo","tlshash":"6fe2f161fb06ab32d637143cdf2b5c8b629fe473e35f4ad1402962e0612e76921268d6","first_seen":"2024-12-01T08:51:18.635316Z","last_seen":"2026-04-02T06:37:28.076628Z","times_seen":343,"resource_available":false,"data":null}},"time_used":886,"timings":{"blocked":395,"dns":4,"connect":26,"send":0,"wait":25,"receive":32,"ssl":391},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thumbs4.imagebam.com/c0/af/fc/MEP35MT_t.GIF","fqdn":"thumbs4.imagebam.com","domain":"imagebam.com","tld":"com"},"ip":{"addr":"212.63.223.227","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagebam.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B3:7B:BD:C4:71:57:E9:3A:FB:A2:EF:CD:8A:85:14:1C:0C:6C:70:D5","sha256":"FA:BD:AE:0C:A2:F4:BA:CF:95:89:41:83:C6:E0:11:24:51:D3:F7:1D:C5:B2:12:B6:BE:A4:34:EB:EE:FA:06:30"}}},"request":{"raw":"GET /c0/af/fc/MEP35MT_t.GIF HTTP/1.1\r\nHost: thumbs4.imagebam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx/1.18.0\r\ndate: Fri, 10 Oct 2025 06:19:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 601441\r\nvary: x-s-token\r\nlast-modified: Fri, 22 Sep 2023 04:14:13 GMT\r\netag: \"92d61-605ead75befd0\"\r\nx-cache: HIT\r\nx-whom: srv1535\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":601441,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 92","md5":"1cf9c89cf3066dcaec8120ac3d583fe2","sha1":"3bee0da5184ae911e425add7fbcc72f2127892e9","sha256":"ea9145f74bde32b8c641d3ac768e466cfba9cbc7a006d73a2b6aa084e0cd2b2a","sha512":"abba68020163dd3c873fbd530624daba909e1b25ba4dd5e88fa356307132399ad6c99135ab20823f51e8881d141c5eea199df864d27b4307db7ba6b61ffad6de","ssdeep":"12288:Nzfm7DOcqFy+zypnYop/XJEAiK1n8XQpfIN6Sc4Y3qNCO:Gr8gx3IN6SDPNCO","tlshash":"fad4230fc6598416fb7bc07cafa755558a8d1c2e27ae884cfe670aa5104c37c826ecd9","first_seen":"2023-11-05T11:28:18Z","last_seen":"2025-11-20T11:17:32.019664Z","times_seen":280,"resource_available":false,"data":null}},"time_used":3355,"timings":{"blocked":-1,"dns":0,"connect":27,"send":0,"wait":47,"receive":2881,"ssl":394},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_203434223_wiv.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 12:55:51 GMT","end":"Fri, 19 Dec 2025 13:55:49 GMT"},"fingerprint":{"sha1":"F6:5E:93:B0:B1:16:C2:96:5B:E5:1F:B1:C1:D9:73:B9:F8:86:C0:5B","sha256":"CE:97:A7:27:08:B8:B1:BC:D4:FD:40:CE:00:B5:B2:54:2D:B9:24:32:DA:A7:5B:EF:DE:F5:4B:F4:B6:13:B7:D1"}}},"request":{"raw":"GET /20250604_203434223_wiv.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 467090\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XSiClDdGzHLphNDl55Gi4xwt897Audve52%2BVZlTCIJdc7UvgtL9W464%2FN6mJ92wVLfvAXvZlsE3mfsttmDj0k3LGybcglaoi2ZYuI2E%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"57023ea55f533f6faa966410593b3692\"\r\nlast-modified: Wed, 04 Jun 2025 12:34:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nage: 1187\r\ncache-control: max-age=14400\r\ncf-ray: 98c402061cf621fe-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":467090,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"57023ea55f533f6faa966410593b3692","sha1":"efe3a1d4385abe83df97d6bd8c6a383951964fc4","sha256":"81fdbf1f34adca3c679133e9e472a9315bd7e8440df864d52ab6d40c1b316d2d","sha512":"6199433cb8c32d75f337dc79e107f9c4aa7081aa67a1fde1b0695672b80e15f126ec024eb94b0e44c5a4eb569d302120eed621830567c1c5f9501f77c92269df","ssdeep":"6144:Am8xOlWhPq8F4b2khydXdNILJWVQUqt4gJUhGvZHnbDaD77kYb3ooc2DPmpzFXGJ:AKohFFyydNmJaDgJz7DaXBDa4q18vc+","tlshash":"42a423a87843f254b01d55af07ae1f9a3fb1ca5a739da7220f88b51d239123b744163f","first_seen":"2025-05-21T16:57:41.187227Z","last_seen":"2026-03-14T08:58:42.711809Z","times_seen":319,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":4,"connect":4,"send":0,"wait":6,"receive":31,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_200445438_sxL.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"104.21.29.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xemean.net/vodlist/---monthhits-1.shtml","date":"2025-10-10T06:19:44.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 12:55:51 GMT","end":"Fri, 19 Dec 2025 13:55:49 GMT"},"fingerprint":{"sha1":"F6:5E:93:B0:B1:16:C2:96:5B:E5:1F:B1:C1:D9:73:B9:F8:86:C0:5B","sha256":"CE:97:A7:27:08:B8:B1:BC:D4:FD:40:CE:00:B5:B2:54:2D:B9:24:32:DA:A7:5B:EF:DE:F5:4B:F4:B6:13:B7:D1"}}},"request":{"raw":"GET /20250604_200445438_sxL.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xemean.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 06:19:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 78972\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DoaRqo8cnI4rDTCMWPuyklz8HDXbEvz4Ojlu9oohSg2iijla%2FKmgvv6tJFJErBiszE0KyXxMd%2FOrExe3E7%2FruRJN1sXgdGeAxNLRsoI%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"1026b75f8e66c1d0646775831f9ad0b1\"\r\nlast-modified: Wed, 04 Jun 2025 12:04:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nage: 5497\r\ncache-control: max-age=14400\r\ncf-ray: 98c402061cfa21fe-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78972,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"1026b75f8e66c1d0646775831f9ad0b1","sha1":"36cd55d7b20cabb2ea072fd686b544a006dcdab7","sha256":"fdbce3d2dab489d85ba4efa6efb206f78df802f8a9cd83e4b5ddb05dfc571c2f","sha512":"bf7522b6f6925c00a46076cc13f30ec61bfabc4cd8ac433e3afc7a08b65afd904c543ba2dc011fc06a4145726121879fd0a5138e668ece38499872ee940434ae","ssdeep":"1536:w8zUaFD42xLOWztfOhaPkPZFsZSdctq91M3atk2lq76dX4i9G:1LCWho5PTsZSdqqKatrlq76dIi9G","tlshash":"d973120149e8d387f40f9d986e01bab2b1e106928e12747b954759d0b20e44adefbfdd","first_seen":"2025-06-04T21:56:59.338113Z","last_seen":"2026-04-02T06:37:28.079808Z","times_seen":255,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":195,"dns":0,"connect":0,"send":0,"wait":9,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}