{"report_id":"0a898de7-6b19-4e42-b93f-a47bc0f020c5","version":6,"status":"done","tags":[],"date":"2026-02-05T00:53:52Z","url":{"schema":"http","addr":"m.hscof5hrwtco.com","fqdn":"m.hscof5hrwtco.com","domain":"hscof5hrwtco.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":118012,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1771)","md5":"283a349396436520051f1e95a7852575","sha1":"c5682b3bf3a0783ff8b94e3c1d9f81a8d641f214","sha256":"d36b263e5cc8413f44cb2b0055cbd9a11df7b2cf4cbfff2e3fa78ab698edaf4e","sha512":"a430a7c116fdef26719dc5f24bcf79db732ff14d6d91034b19e22f34f2bccf14f134ba5ceb44415ac1b9784f7c22968c33bc6382f59076c59b9bcf334b2a6c8e","ssdeep":"1536:wqTYogSwCXa2exi2Ew2oHenf+MuqvkzXSVKm2xVUpGHCSL8vbkst5cdbSaOjQvvL:N62FmMuGKtkTw+WbSaZXWyzwbRWD","tlshash":"95b31751a8fe0537017780d6a5b7af1aaeab9037d3068c1072fe4fc45fc2e82895765e","dom_hash":"domhash404566eb21c8bafd967dddce1531d103","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"m.hscof5hrwtco.com","fqdn":"m.hscof5hrwtco.com","domain":"hscof5hrwtco.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-12T00:53:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-05T00:53:34Z","timestamp":1770252814,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":48727,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-02-05T00:53:34.779297+0000\",\"flow_id\":1920996769457185,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":48727,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-02-05T00:53:34.779297+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"m.hscof5hrwtco.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2026-02-03T22:16:52.179861Z","alert_count":0,"request_count":35,"received_data":1051518,"sent_data":17358,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"banner-notice.6dqr2n.com","ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-06-01T18:49:53.405981Z","last_seen":"2026-02-03T22:16:51.27334Z","alert_count":0,"request_count":3,"received_data":25424,"sent_data":1332,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static-content-cn.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-11-08T06:15:29Z","last_seen":"2026-02-05T00:24:33.776945Z","alert_count":0,"request_count":14,"received_data":625997,"sent_data":6527,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"game.gp5trb.com","ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-03-13","domain_rank":0,"first_seen":"2025-08-11T16:46:35.765228Z","last_seen":"2026-02-03T22:16:52.134475Z","alert_count":0,"request_count":3,"received_data":18597,"sent_data":1388,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"www.f4bzyrz92us3.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-02","domain_rank":0,"first_seen":"2019-11-02T15:14:40Z","last_seen":"2026-02-03T22:16:50.738686Z","alert_count":0,"request_count":2,"received_data":55915,"sent_data":903,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-j.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:27:25Z","last_seen":"2026-02-03T22:16:51.453902Z","alert_count":0,"request_count":1,"received_data":6700,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.v1c2h.com","ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-25T12:54:58.845462Z","last_seen":"2026-02-03T22:16:54.130738Z","alert_count":0,"request_count":1,"received_data":35341,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.eaafacef.com","ip":{"addr":"188.114.97.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2024-08-15T12:53:23Z","last_seen":"2026-02-03T22:16:50.905874Z","alert_count":0,"request_count":1,"received_data":3072,"sent_data":506,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-02-02T01:44:03.24111Z","alert_count":0,"request_count":2,"received_data":30887,"sent_data":1311,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.kkmxxw.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2019-11-24T15:06:17Z","last_seen":"2026-01-14T13:54:11.251401Z","alert_count":24,"request_count":12,"received_data":637467,"sent_data":6886,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"file-new.a4hskh.com","ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-10-23T12:54:45.112235Z","last_seen":"2026-02-03T22:16:50.800743Z","alert_count":0,"request_count":3,"received_data":291054,"sent_data":1449,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-02-01T22:20:39.584991Z","alert_count":0,"request_count":2,"received_data":714566,"sent_data":886,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.vrfpshbc.com","ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2023-07-07T23:23:19Z","last_seen":"2026-02-03T22:16:51.704433Z","alert_count":0,"request_count":3,"received_data":8100,"sent_data":1480,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"m.hscof5hrwtco.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-06-21","domain_rank":0,"first_seen":"2025-04-26T05:39:54.346139Z","last_seen":"2026-02-05T00:24:33.672959Z","alert_count":1,"request_count":1,"received_data":1018,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1770252813","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"777fbddda316cb73c805c7f8033668cd","sha1":"2bde289bf6e9d85916d65f5291c05cb55458965f","sha256":"40c966edfb84100078aa76f6390d03454b71d27b4c629f703af8e1639630cab1","sha512":"27d1c2f9a345fc93818868e2979b73340065f45270a70ad3890cb8f5bba05cb3ca2921018c8b216ce049e8216376f1635892d1230cc04e1e60b4b5cc884f8e0a","ssdeep":"1536:m6Xzk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDj:bGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"d333e71ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","size":54487,"data":"","first_seen":"2026-02-05T00:54:03.298289Z","last_seen":"2026-02-05T00:54:03.298289Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","size":34779,"data":"","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-06-08T16:39:16.385146Z","times_seen":789,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5185b039d75edd72e946c541d17e3c80","sha1":"710791c76ea207cec0548cf54149c83dbe400c5f","sha256":"fee40cb56673410470defe50e78d0c069be613bf37749c660bdd527402c44edb","sha512":"4d80fb27e9a9b0ebaea4770fcdf8871ba96bf57c4a78afb54be5c4f10b88f5506722f6d764b6d7e3103273d820191d70da57596c1e09d3df42770104550f7636","ssdeep":"","tlshash":"2be0df2abafa0d792dfb211a213ba9445a93202b639cd960b50d69e00f861e9310321a","size":402,"data":"","first_seen":"2025-10-25T13:35:11.606562Z","last_seen":"2026-03-02T07:28:25.828714Z","times_seen":300,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","size":520714,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-08T20:52:26.109441Z","times_seen":15835,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"20bc381755d26e82492a6c6315308a95","sha1":"f17d5fee07fec46b226f77e56ac51e230bb3c639","sha256":"fc9e35cee2f2d706c7079c6787b6ea57182c885e48e9c365a44b1880174bb79e","sha512":"2b9557306425579037643c461e0788401d105446f65ac314d8f8b0fda4dc77664f3bc8c55f7b18ec99b3b752292ef65e01826f312e6a8e83e8fbc5eca63b2970","ssdeep":"","tlshash":"d021761a7daa108227fb307942bfc2c832b99027058bd9c03d5c55408f2cefa2af9b45","size":1201,"data":"","first_seen":"2026-02-05T00:54:03.339792Z","last_seen":"2026-02-05T00:54:03.339792Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e546d7ad4c50322dfaa6a96fd320c46b","sha1":"9c861759b7d3839274623f234768efc7cbe04158","sha256":"0c660204b059c921518b106d14f4dd061d6459a0802ca5d113a651415af290d0","sha512":"2416ed5d7561d5c3a0c323274d94743687a5aba05ed8098ba185f2debb871b6b691aa4590497b5c451dc644fb594e2ee417b53a5ab0072c2a6f6c4f3b02ffb0a","ssdeep":"192:/ODdk3EGClSTYtR/yy9lWVCytUNJDkG1ys:/sSCLDn","tlshash":"b802bc8df1a752b829b73036537f10c2ab6f021bd456dc30ba8f66b44f82a10a746799","size":8776,"data":"","first_seen":"2025-09-12T00:40:29.99588Z","last_seen":"2026-06-06T14:33:38.64604Z","times_seen":505,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7ee54a7240990e7c3b05eab06f4a2e7","sha1":"344f7f9163a8214f5583328970d8f6bde9371089","sha256":"6d762892025be8c5b37c804c06fb5300353bd9a6f57eba232b5775b29106cb61","sha512":"74636b349bc64770baea93e5542d1d579192ef0367b87cad5b8a25a2898a33540b82e85ae90c7f7a5a40280d1c97c6c898348123f243ad9a9da93ad7f80f9ed3","ssdeep":"","tlshash":"8c01dc38f2744a4660bb70722d6be81aa9a94c072c0bda14f86c05e12fc06858b6194d","size":760,"data":"","first_seen":"2023-05-15T15:49:02Z","last_seen":"2026-06-06T14:33:38.646501Z","times_seen":781,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cebb04b01f4ec16ddf607a2d9e1f6085","sha1":"7b9ad07c2f92a747e1a26de14444c748e6c5bdc3","sha256":"72497513a8de920a85aff233c21e137e9aea2a92649e2f6d12982a4f8e286a8e","sha512":"17f3798464ebef18d6a1a5d132e1a451a5b9fc9f80a04ec3f616114d14b5c4f2f7e91f932f7ef1a31e74f06e3846e3f4f4a359d012cd22012d9136b1b42ab14f","ssdeep":"","tlshash":"fe71336dbab70165107b102e06bfae087d950023a10ced5dbcacd8c55fd0d15b5fbaae","size":3573,"data":"","first_seen":"2026-01-23T05:01:52.493107Z","last_seen":"2026-03-23T01:49:00.955529Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528ef4a1a4b0d93d15940376c9f30a94","sha1":"3dce760e0effd87001127aa2e43a33df79cc2ce4","sha256":"e5778ea07b95de382d159e4876a0ab85ad9cce8343ca2034ef7219a2e7e6a47d","sha512":"e52fd3701f7f4929be758d430d3e9c6325b49173875b2c3934e6b1e0d73033f42aa40bbac1b98651402364a6d920b2efd3bae7950c7d8f87bf4d0694bce361d7","ssdeep":"192:t4tYyfgH8iIXXyiCavEEM8g2Frp3dx4rOyKztANA2A8ARadKHKCST:YB02hkstw","tlshash":"ab02b41af9eb1605293730ad1b7f418875b8d1236548cf30b94cead40f96914d2bafec","size":8902,"data":"","first_seen":"2025-03-02T07:32:23.116883Z","last_seen":"2026-03-30T14:28:44.979286Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2be170d8f4f787340db2e14d377e79","sha1":"f668d01ccf043d3594e169439d3ce19468e51cd1","sha256":"8134add4aeda5822524e8a34e6251356f57acc8ba3147c31bfafa57f78c674ef","sha512":"6e57acf91dc87fe9cd903e93fef832fcb323772877645b501f6d856624817871c735b45cebe56253df4bf64584cceff5beac06e02631a7885b60fbbfb26d52f6","ssdeep":"","tlshash":"a25140e6fb98330ca4be90a91cbb30c5b19518e525408c747d4d57e17b2282d6b3bfad","size":3154,"data":"","first_seen":"2025-08-26T08:39:52.098859Z","last_seen":"2026-02-12T05:30:34.717229Z","times_seen":413,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-08T09:46:16.707277Z","times_seen":121589,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d0b0bc1ef7bcdddb43044412caaef9f","sha1":"7486b48306bd3c1c94547a5c4b238d40e4c2be3c","sha256":"87f57b68bdd4f868c5a97901e2bb9b9192d77093a62ba7fb2b0a405e4d73eb6c","sha512":"9cbb500a3bb1bbe52fd69f7b3ffe53f325c55da5b7d3510d72dc6f01b9ff25c3f268e8317a86d65c787fee9d23197cb877c138ff00416ecda80d40c1ee9e281f","ssdeep":"","tlshash":"9be0c216736e1091842328154a3b53054b342513682f7c02fc8d02941f2e60cc073a02","size":382,"data":"","first_seen":"2025-03-02T07:32:23.118872Z","last_seen":"2026-06-06T14:33:38.654319Z","times_seen":772,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","size":18633,"data":"","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b42e0314adee140fb5e18e096f4bacc6","sha1":"88a0dd79b84b2e572836c66669ab55f89b900b58","sha256":"79cfa18812005def94e215acc70f8ac882ed591a822067b972f4ac2235c6f1f4","sha512":"99546e964d9fbec171b64edc7d2d355aa9214fd8948f81883cecc0950eb590e49bfde4a8e76b7941c43b9e1d9670e6058f566d327912f96e3d7f7ed00553ec0a","ssdeep":"","tlshash":"b6c02bc8211a0c7191fb27008b3ff604b402721898e96931cd0a33054d30e03db58c44","size":155,"data":"","first_seen":"2025-03-02T07:32:23.121669Z","last_seen":"2026-06-06T14:33:38.658209Z","times_seen":780,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa249485a4961fe24b760a4d9e9febce","sha1":"c21e2c980ab76e0f7a7f9cfaecd375bcdaa20fec","sha256":"e41ff2bf25448947d8dab8b9ca03133890adb03079188916abd97b5498ea4fa4","sha512":"fe75a281232dd8aec23d33f4f14da97a77561267a7cccd1fc3c51f165aec9b69599ab0d7706c8f9fa72a089744e604a97b9b5f9950e4cab9c607bc2fc777023a","ssdeep":"","tlshash":"2001834e345c05e721b776e733f3820cb86756071084f492f74c869c0e008ba005b4ac","size":688,"data":"","first_seen":"2025-03-02T07:32:23.124386Z","last_seen":"2026-06-06T14:33:38.66059Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87044102cff06b623100ade4509413fe","sha1":"4910cda6da540e5340cc9357a21861856067ea00","sha256":"25d6d6174234062dea3e4341e86b162a91f2a8a245654aa69f6f5bd1282d23fc","sha512":"2781832da4ef05f20d23240d0321a6a74fba1a7baa07797ea68a8fb18b5bb7daf28176aec390a0a65bef36720af288df0be5afd889b52534c441ca011bb01a49","ssdeep":"","tlshash":"60d0950f1c1514382379147d10bae5ccb171104c907dd50040dcd4504964ed50c3d7c8","size":254,"data":"","first_seen":"2025-03-02T07:32:23.127917Z","last_seen":"2026-06-06T14:33:38.661142Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","size":77892,"data":"","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-06-08T16:39:16.360289Z","times_seen":1014,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","size":60825,"data":"","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/sandbox%20eval%20code","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"09b6a9ef54ab9c825298cd9a9d9ca45d","sha1":"eb87b20d55ec83c8d29417da60113f0283b2246d","sha256":"af68e9610525733157637c6a6d65d9d80deadf76dd5b96aaaafc133c280c09a5","sha512":"d9fa04f34e4c18a79fa7a70c631589cd16077e1c2fd880973624f8feb4d02cb19f56b3dca48ae8c60093d74cc0275d18bfd6ed9eeb9d58894498b86c5ecca8b0","ssdeep":"","tlshash":"e8c08cc028e20ea2553ee04218b9c29220712fed01739894e0ae931c2208060bbed23e","size":156,"data":"","first_seen":"2023-03-07T16:03:14Z","last_seen":"2026-06-06T14:33:38.66306Z","times_seen":794,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","size":10405,"data":"","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-05-03T20:56:57.980817Z","times_seen":476,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","size":68787,"data":"","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4da556734f4b410ce3f99b7a5d1602c7","sha1":"796c0c45978d28d16ce343d9cc38154d80da9f3b","sha256":"99369cde7758c83db3a0cf8c5e8c2298d043bcb243c93b1327acd242b7cfd2c3","sha512":"22e0dc1e0b2fbc3c91874da0b1861484068c6c587f86c57d6796cbb03b120d61de2165ec8fbfad56b96e2bae76c29e5932f7108e05a436bd3d3239c6e350e264","ssdeep":"","tlshash":"d7b012315b10516e2594d02d353f1800fcc66117ca00c9b5663fd9d149c4cf0c1748cf","size":105,"data":"","first_seen":"2025-03-02T07:32:23.133072Z","last_seen":"2026-06-06T14:33:38.663566Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/sandbox%20eval%20code","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"dc5ed6c13257ae7ea54e301251e39f27","sha1":"7b01c4a90ed24e97a263ce304ee33a06874b9d9a","sha256":"9a2d535035b5072823f9ee3bfa6c4c7ad25c94da18fba95ce5891a2020caacb0","sha512":"54f867b240811ac3a2d1c2d49f8ed906e35c9c85cca64ec82b72a1976f73d700bfb3a6a454adf9f7a52b74cc3d429d93586ef6081fbebda6d163112d9d0731ae","ssdeep":"","tlshash":"0af059ee4384c96928e638f53416344da0d50c1a3ada9cb4ac01945619ca63715d168f","size":506,"data":"","first_seen":"2026-02-05T00:54:03.382216Z","last_seen":"2026-02-05T00:54:03.382216Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","size":24119,"data":"","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-06-08T16:39:16.379254Z","times_seen":790,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"24f77d19766a10cc61ca37c67ca40361","sha1":"3f8a17bb6152dbd408cfaa5e534e17dc4c7b0cb2","sha256":"9f8a5f5377a123043f704044ac8675948ef0392913bc887f45c65a3a82d13525","sha512":"9e7465d0582989ae4a36c40f29baeb8d596f9a9670fdde261c8a39135a5a07d0c5a8ccaba5c549cced7b83c1873a747cbf563e22ca263cb5c4325d01fe80df2e","ssdeep":"","tlshash":"7bb01215054c7000f02260bf49c10e8915140c2a0e0382520061023215cc9545db5307","size":98,"data":"","first_seen":"2026-02-05T00:54:03.264697Z","last_seen":"2026-02-05T00:54:03.264697Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","size":62427,"data":"","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e281b6261d7a4389d1a73ba7edca4c3","sha1":"3ff58b8c22b9a16f71fc165c2fdca441df3116f2","sha256":"7977e1460356f3afb0bd6241246a968d2f485a905c6248e534fb53140c96c53c","sha512":"1d007f47c8fd6020cb584d67325b21835a8b1fd4a63ca49cc014beb6c895d2bcc47369134b46715a66cd24b2965e92e10116aac415e0b6f09045f79eb2b42ecc","ssdeep":"","tlshash":"c7b09288e9a8402a91ba1922242212cd19aa1866e8c000821462d99009bab4c656be9b","size":114,"data":"","first_seen":"2025-03-02T07:32:23.13386Z","last_seen":"2026-06-06T14:33:38.664573Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6231","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c010f992ee3e939172157a7f2630b47e","sha1":"6d5f089e89cf867fbfb5453271cb1222614aba06","sha256":"721fa5bdaacf9d12f8cd6eb6b999444278590e76ff26efc94adfd325da4f424a","sha512":"5d5df2e2ac8b4197e71c26539022e3680e803946c64910a7e10721f1e83a962bec6d55f14e78195a489361b136e290b04335ca5bbc3ce5ab6d1b5543c1f2df9d","ssdeep":"6144:u3BfoNrq8GaoCsx77/p4SGx3iQA84zYul4mngSHIF5/PXFGFj:ofo1hGaoCsxX/p4StQA80IFpwZ","tlshash":"26841ace73c670269396e478503f118ba57b69a2f44cc899f18adce42d7069a4237f7c","size":388112,"data":"","first_seen":"2026-02-05T00:54:03.281845Z","last_seen":"2026-02-05T00:54:03.281845Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95931,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-06-08T20:56:21.718534Z","times_seen":20230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971c3cdc01aac017b45d6aaf9d29f3ca","sha1":"43b0e892b57bcf623a59772c8486e310db12b99e","sha256":"095e217a343951c56a3242eeb3e57680822ea3f9289c76751d6ab036ffeca2c2","sha512":"f63223e81453fdcd94958f3f49eb7534469ffbe1c58df30637d72679a79818c7f478847923dc48781ce5d7f6d4586acc1d9a19ddf97aa474f1036eb995c8cb6b","ssdeep":"","tlshash":"f7c09b31d97994d45d3694c5041593793cf4e03207dc5321f7d8716ca7ec75151a1643","size":134,"data":"","first_seen":"2025-03-02T07:32:23.135874Z","last_seen":"2026-06-06T14:33:38.665075Z","times_seen":763,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","size":13514,"data":"","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-06-08T16:39:16.395408Z","times_seen":1131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","size":10762,"data":"","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"daa43d194ae8196854bc0237610bd5d1","sha1":"984b27bbc83e4f5ea0b86f088246d67dfffdcf1d","sha256":"03582dd5a6d541f8b1f9917fce68c028c7e75aea19493725efa30dcd5fd44c90","sha512":"e688126e77e512b037e0eafe96b9eca8600e25c1a5ebc7df10fe93081fc728db51ea45eb59b7b587e891e34c8ad901daa212781858584ff40963ebbcc512841d","ssdeep":"6144:HBfoN48oaoCsxX7/p4SGx3IE8h6Yul4mngSfIFvZfSXAp:hfohoaoCsxL/p4S/E8qIFxCs","tlshash":"e66407cd73d6702693a3a478503f118ba17b7992f84cc895f186d8d42e70aaa4237f7d","size":325220,"data":"","first_seen":"2026-02-05T00:25:03.806652Z","last_seen":"2026-02-05T00:54:03.326239Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-08T09:46:16.707277Z","times_seen":121589,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"e047390ef54cd447c92284dba3a7a788","sha1":"cd4309e4d48964300bc5539e8906263c8e8b26cd","sha256":"a0daf84f3a52f67e08547825f15d309f748c5edffae6f174919c4d4c190a9140","sha512":"92205c963157a60a742ffc9bbf3660f8ffc0712ebffc0162099c59d6af27c6aabf51fd81cdee818207d6d5e7b8fbfea9fbb9e5efa6f8745e198e76c990cceff4","ssdeep":"384:dMJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dM4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bed2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29905,"data":"","first_seen":"2026-02-05T00:54:03.25078Z","last_seen":"2026-02-05T00:54:03.25078Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_football.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_football.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 20588\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-506c\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 992225af8494120059e23c5c80b11687\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 1057, 8-bit/color RGBA, non-interlaced","md5":"1070cd5b06840cf7f154e66c09ac305e","sha1":"8864ddecf4ae0db0790bb5c901da76bc0b31c84a","sha256":"c76aa339cc81f581354af830b7ac9984cafbd3836e2f1e53762b7baa720cb43e","sha512":"cf434b41eca22162d4aa5377e62103bb0966b4dd4974599bc19f45ddf801e84aca49fd57a2d2a756b7edbd36e5fbf49195c5bc593100cc69e6b8caaa3f6733c3","ssdeep":"384:JEgvqB07FQV4hlkvWknpVtQCdWUKxk76w27R/9ThToBdAm/:JExBu2gb29nKqc7R/vMH/","tlshash":"df92d046d332f232e578f5229567c5de221f2d07099b0f1a489df013ace56bae189e0f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.397327Z","times_seen":902,"resource_available":false,"data":null}},"time_used":1225,"timings":{"blocked":1005,"dns":0,"connect":0,"send":0,"wait":215,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?86b8712c72cab4f521c0b5cd56dfa69f HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11299\r\nContent-Type: application/javascript\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nEtag: 1f5a17e6b4d130759f046559ee2039b0\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=46A7D8FFA80081EA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"e047390ef54cd447c92284dba3a7a788","sha1":"cd4309e4d48964300bc5539e8906263c8e8b26cd","sha256":"a0daf84f3a52f67e08547825f15d309f748c5edffae6f174919c4d4c190a9140","sha512":"92205c963157a60a742ffc9bbf3660f8ffc0712ebffc0162099c59d6af27c6aabf51fd81cdee818207d6d5e7b8fbfea9fbb9e5efa6f8745e198e76c990cceff4","ssdeep":"384:dMJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dM4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bed2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-02-05T00:54:03.25078Z","last_seen":"2026-02-05T00:54:03.25078Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1670,"timings":{"blocked":669,"dns":2,"connect":235,"send":0,"wait":301,"receive":1,"ssl":458},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor3.png?3","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor3.png?3 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 10466\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-28e2\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: deb4a2cc429f9d055935e05aaa4a734d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"4ac6040378c52082239823adc971fe93","sha1":"f5e1c0385b576f11d3a18aba66f36abd7e895055","sha256":"3a1689108f773fc9d3a86757ce359ebe90f4543680be838bb9d82bd359e3986e","sha512":"f8ab3f0e33f548141655d8a6b1e7792835511ccef503434db65b5844d0e4c51b7667fec661294d453316b2b394a371980973c49fa144f1f707bc6f77191ff375","ssdeep":"192:M3I4RzpFzXCPwiIjmqoG+Hw66/VcNMOVejNfd++tTfanWgSO3dY:MYOzpFze9Ijmw+Ht6/CFVwNDtTfanWgs","tlshash":"d922bff15ec9a29bf8add03794362f05b6d73f8ac4ac71576724f893e48c4512c228e9","first_seen":"2026-01-23T05:01:52.443661Z","last_seen":"2026-06-08T16:39:16.393982Z","times_seen":226,"resource_available":false,"data":null}},"time_used":1584,"timings":{"blocked":1364,"dns":0,"connect":0,"send":0,"wait":219,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/banner-notice.js HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:34 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d33-4951\"\r\nexpires: Thu, 05 Feb 2026 12:53:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18769,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"resource_available":true,"data":null}},"time_used":1320,"timings":{"blocked":-1,"dns":438,"connect":216,"send":0,"wait":355,"receive":0,"ssl":311},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/close.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/close.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 1148\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-47c\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: aec8a0a5d23f6f2098c1070de48271e1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 21 x 40, 8-bit/color RGBA, non-interlaced","md5":"64ead6c5d9cbfe3e933c97c2cb20dacc","sha1":"b7b034fd70b27180d27daa9c8bacb50ce721f025","sha256":"55aa71e8f5f59bec62fc6361e10bcf106d21af39a087c4009931884fd03b5229","sha512":"869b8e2b2c8d8ee615c302cbff59fd745f0cb1f32afbca0c89a469b4d1ab61bbe01905b0a8ac07527aa4f763fd11dad2141a58706334062f37dc6267f55dda80","ssdeep":"","tlshash":"0221674dfb8068029445c5c75dfa8033ea234984daf0f861b487e4151ea12b549496eb","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-06-08T16:39:16.369536Z","times_seen":912,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/tick.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/tick.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 444\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1bc\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3ec02ace7c6eae250ad004fdbc26968c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":444,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced","md5":"077cd6729828909df9e8d387b91bdaa9","sha1":"e18a6a43471158c5af525d6fce505a5695a87e49","sha256":"c3dd497f34d2204de6f86a554ca97321a269d2d35482c4b79249a2cd95476783","sha512":"fca1c13107960e24c1fe4e2d26da0953e9fe707dc8a7f5127c349afecac92bfaa98d551d9c031fd1c3b71eb3ede634ced3ac7e5e971ed23a2b21562e28798f0d","ssdeep":"","tlshash":"60f05c52ab957d1dde5895721b8d025908b24204252a0b4cc00cf0765ab9bc17e51079","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.373042Z","times_seen":899,"resource_available":false,"data":null}},"time_used":1223,"timings":{"blocked":1009,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 20040\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4e48\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 26d7261c6b14837131daccfef80d04fe\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"86baccc2262d17c30a1554f6b346b1c8","sha1":"696ce785c5c17611fecb6dd78d9662c141deffd4","sha256":"dfe93dfcc0d88efa36f759f6b0e758a0b37bd91aa65bfa7936763eda17ea6f9f","sha512":"858d5d94817390043018ef671701f57776bbf7f566ded8fe30966a65fcadb9feade8d3c1677f677b9c69b59eaa4d5e818af5e39ec08cccc9281c1dc4517a18d0","ssdeep":"384:ApJHP0rldn8i5UqqXdb3WGGNBIUbj43bXDrzctPOmWRh:Ap90rlddaqqXdM/IUHIr4VOmWRh","tlshash":"53928e946c68e9c1c97a840e246b1f7555a0f1c8edf2f3f06b93e0595c0b868ae90ded","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.383747Z","times_seen":896,"resource_available":false,"data":null}},"time_used":1447,"timings":{"blocked":1230,"dns":0,"connect":0,"send":0,"wait":214,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/getGeo","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"POST /home/getGeo HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://cn.kkmxxw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false; JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; VERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: application/json;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: f13c31ec513dbb9540be71f06568d8d7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"675ca17e5b94ef20fd620c6792e6bbca","sha1":"7986d1ad507a7e06f21eebc12271d103c3135c53","sha256":"2b69251e2e6dd2e6475932ef63301c416e89db4b6821de01ce67a10b58206889","sha512":"303081d0e5a51eb633249e5b65d79c671aabe7dc8462cab5f6f5c57f9330dec42366509fdf3fb605a735c36d23d32865820fceb1f6eef510b36fe04945b30fb0","ssdeep":"","tlshash":"74c04c6e15d04538e9f683cead0bbf271aea4910a256055da9c8a784bb111ec9281117","first_seen":"2025-08-24T13:27:11.203711Z","last_seen":"2026-06-06T14:33:38.543517Z","times_seen":609,"resource_available":false,"data":null}},"time_used":1375,"timings":{"blocked":440,"dns":1,"connect":2,"send":0,"wait":482,"receive":5,"ssl":440},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/popup?try_platform=4\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/popup?try_platform=4\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.kkmxxw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":634,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1ecebbf5b7ca762f7261f2975c025648","sha1":"2f9bc4494c5c514bb982692cd2d4e4d3c531192d","sha256":"9216adddc3e794f2197eb7ff023005ee392e2d8b1a979839aa1b24f6a844441b","sha512":"03986a9a86f93fe44ca3b9187ebc23df2b924411c9f65c57c7b398bb2c74c9df15023aece9d5268a5e80c1acf70a2038f057bc108df29baf70f6f6b55722cd50","ssdeep":"","tlshash":"fbf0d816643e98a5af8b1c4d04c3634698a83498dc9847a9a3e6e94c6a974a0478f361","first_seen":"2026-02-03T22:17:09.366439Z","last_seen":"2026-02-08T11:28:33.221606Z","times_seen":11,"resource_available":false,"data":null}},"time_used":1062,"timings":{"blocked":-1,"dns":266,"connect":206,"send":0,"wait":363,"receive":0,"ssl":227},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_event.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_event.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 33820\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-841c\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3b04b26c6ef8f6ce41cb0a57f84ae87e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 184, 8-bit/color RGBA, non-interlaced","md5":"4590b5333179fefe5ea8e8f1a3638da3","sha1":"a0a932f3ca433bc1ea5f788e09eddfa617a4c69e","sha256":"0b3af6b7e8676050661aedd1b94b28045c7a9c905424cbde85f95f7faaf1ea43","sha512":"7ad8e92d6797b8c8c094e8651b566ea510b0bbaf998f9456d1fa1216e33b9bd8afc3840c6a3203fddb0f98e583070113a2329b34ff371dfbbc988a30ee41c425","ssdeep":"384:vdYFfWN0DI5+xe/+sRdXI/nTNAHfs2QZ4ldgeP94lYVIPR22M/96yNtHD9eDk0d4:y0gF/TNF2JSeFLIPR22M/9b/elbPs","tlshash":"7de2f1d07fa4e82156b397c770463aee708dc0ba5b43f5c6131a316b9b24b3c684799e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.39448Z","times_seen":892,"resource_available":false,"data":null}},"time_used":1336,"timings":{"blocked":1116,"dns":0,"connect":0,"send":0,"wait":218,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/fimg/i202506274933fa50064c8d94db51e297e3b319.png","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /fimg/i202506274933fa50064c8d94db51e297e3b319.png HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 591\r\nConnection: keep-alive\r\nLast-Modified: Sun, 15 Jun 2025 05:27:25 GMT\r\nETag: \"684e59bd-24f\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8c25eb6e8d515392ea2530defddfd2f5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 1-bit colormap, non-interlaced","md5":"d390244b30c22d100a24ac05d9e4e979","sha1":"978cd2d10293408b8ad2b62d647ba17ce7f1b07f","sha256":"38d18e132913c6fc5636d430c1226ecdbc29ad80b55faa4a7aad46cd084c44ea","sha512":"27e7300242911590b438a1f533420319984bf694f46a03cf96a5af250d4f74b46e78180a18f7adeda216e95e11b305f65317e604c2aa7fa7a1619a2379e4ef67","ssdeep":"","tlshash":"96f062d55151be10901011012d46e893807030eeebf30b1d450b413270b824ee7296e2","first_seen":"2025-08-07T15:42:17.327108Z","last_seen":"2026-06-08T16:39:16.374468Z","times_seen":639,"resource_available":false,"data":null}},"time_used":1327,"timings":{"blocked":1113,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/logo.js HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nCookie: E2Token=744444a4-b545-405a-8028-770da408e17e\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=86400\r\nContent-Encoding: br\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1438\r\nX-Rate-Limit-Reset: 2026-02-06T00:24:10.0990287Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nc-Type: st\r\nrid: 3731071096708ba05b564786798b52de\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"24f77d19766a10cc61ca37c67ca40361","sha1":"3f8a17bb6152dbd408cfaa5e534e17dc4c7b0cb2","sha256":"9f8a5f5377a123043f704044ac8675948ef0392913bc887f45c65a3a82d13525","sha512":"9e7465d0582989ae4a36c40f29baeb8d596f9a9670fdde261c8a39135a5a07d0c5a8ccaba5c549cced7b83c1873a747cbf563e22ca263cb5c4325d01fe80df2e","ssdeep":"","tlshash":"7bb01215054c7000f02260bf49c10e8915140c2a0e0382520061023215cc9545db5307","first_seen":"2026-02-05T00:54:03.264697Z","last_seen":"2026-02-05T00:54:03.264697Z","times_seen":1,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":284,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/modal_reminder_deco.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/modal_reminder_deco.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 1119\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-45f\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8f3ba94193df5af34b02b9dfc469064b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 12, 8-bit/color RGBA, non-interlaced","md5":"3f99b65d5f4c689ea127400c44026e81","sha1":"60f91d0531242fed70f77991419d8c0442ae4299","sha256":"581ca9e4c82ad7b55ba31fa2033aae45ec122c4be965c2c0eb465da2cbe13dee","sha512":"5cb9d5f09e1877bbf50b680e2e79bdeb17403380db0830e398f3582f2d30207b3925007d19f1416d6e0e9b1aed11b735337a0437ebdb35d70479f2d9f65d3fe2","ssdeep":"","tlshash":"4221038df6115c42925ef99238fa0562e9120c81c7e0e4677dcbc4c648316ba886d9c7","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-06-08T16:39:16.36538Z","times_seen":750,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/service/verifycode?x=0.47547481512212975","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /service/verifycode?x=0.47547481512212975 HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false; JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; VERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=E862F11B7DC7447CA2A06748A2A0DA81; Path=/; Secure; HttpOnly\n_vcid=E862F11B7DC7447CA2A06748A2A0DA81; Domain=.kkmxxw.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: d96054792d3eb41ea905aaf24a7dad4b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1482,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"51c5251e61f922604f569afd9c852b0e","sha1":"b8ba36db8cacf112c7301c422d58d81a9231fdcf","sha256":"75ea1e33ef5f83394ed3176b342fd6eb46ef9d43e0f17094982d9f744e44f7a7","sha512":"e1e25632d128f1e1b7284aec80e3c46092e6a6a6d03274a637d795035dc60352acfbe7d4423f465d302a976ebd49acb6d2bf3b1861192e0bb40193208b072a19","ssdeep":"","tlshash":"5131085eb3026d11eb4249f6341512ff81c7c5d22e40763029f0469deb20cf3988926a","first_seen":"2026-02-05T00:54:03.267603Z","last_seen":"2026-02-05T00:54:03.267603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1155,"timings":{"blocked":847,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 91065\r\nx-amz-id-2: 3Y7+pxkx2eKvjU1gI1dapItthI3CSAcC+GyFjrjpKBAH9aHrmafnMLS1QqnGPDxykdaGjjXI0nSL/2PvPPz9CFa7AZJs0fLD\r\nx-amz-request-id: YF2800M34CPF3KDB\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"a6f34694a8892178a7e449b0043d1429\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"a6f34694a8892178a7e449b0043d1429","sha1":"33d658afacb80d35cdde497bb530f08e38e23132","sha256":"766f82c583cabf2b73af2e8d6dd0595ab3ce6bd55c4b9841edf555a1639d1263","sha512":"396caa64116ac49e99f11da3c95eaa7b926f4f9eb08ff5b9aec7ca6d43d704fae3a2a2e75178db4e4082381e2480d788d4b31007dc91a091312ed1279681f978","ssdeep":"1536:nRalahFemQUbzfAgaVLBbB1RZNhmSiVdOFf5Z1Uk6VcD1s7aP0HRb9Knism8zu2E:n+abbzCPPRZjYPOFf5Z1U1uO7c0LOiYa","tlshash":"e193024fea06c57f99655c8012609993a8d1b84f0ca3b793eb588e0907dc946fe37d37","first_seen":"2025-07-18T11:22:50.653674Z","last_seen":"2026-06-08T16:39:16.398815Z","times_seen":628,"resource_available":false,"data":null}},"time_used":2795,"timings":{"blocked":764,"dns":351,"connect":203,"send":0,"wait":699,"receive":565,"ssl":208},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/nav/promo_sponsor.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/nav/promo_sponsor.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 45701\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-b285\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 57565f29c73cac232c7471894dd4ff79\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45701,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 110, 8-bit/color RGBA, non-interlaced","md5":"4392b15e336dc870834d64c829f8c150","sha1":"af6de84ddea52908d6434951bd12c2bfbaff3b7e","sha256":"ff63b8ecd5b681b2e0a3d2cff1a1d327145839ae919ac0f7d025857d61656992","sha512":"1333809c4c3e8fc3270763dc4fbecb8f5f808ca657a9518428535a48639468581e05740782ee9af1e0b6db0ac359bf9e89a967cf941d919a94ad9be95a2dc071","ssdeep":"768:9PTkysWeomEy3WouE7U2vCRilIf/QODRMbZA0M3e3TZWeYEG6A6NAHL:9PTfPymLyARJhVAA0MO3TZXYBHL","tlshash":"ed23f12eaf46e09b6913de65cdf10081c417d6c7d49c2c35fc9e8c39a6355b4d8aab0e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.37101Z","times_seen":869,"resource_available":false,"data":null}},"time_used":1566,"timings":{"blocked":1340,"dns":0,"connect":0,"send":0,"wait":221,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 3222\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-c96\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 341612778c9555897146fdf5e550c14c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"0f7cd96cb7cef4b9217f90e92920ab6e","sha1":"36cc27443ed415c168ef9e700224011fcc56dfc4","sha256":"cd8bbd1b5d1b7309612fe10c894f8c0a3a5ca889331da9a56414f373464501c5","sha512":"c62f01a4b4c4e59533179f7bd4b710964fdf1127a07ac56d7ce0e1908b8b351586dccb548e58ebb9424365894bb70acc33da4c41d3c2399ea78dd17c6c36b804","ssdeep":"","tlshash":"af614d6d6d9f238d11e99491f491b0ca0c31cbef74805d1564f7cc82ee91f5748398e5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.399276Z","times_seen":898,"resource_available":false,"data":null}},"time_used":1228,"timings":{"blocked":1012,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/icon_eye.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/icon_eye.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-184\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7dd0117ae5c42fcad8f825cc51309933\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"25caaed99359f8457952ec929497c610","sha1":"d79b842381cc35b013b72e8eee86aaff32cc68b1","sha256":"ae84f234ff196c67c9d72336ace3a039460ef08dbd54bf288de428d8dfd4365e","sha512":"626735e0ad18bf56854307da6e5a63b269f014ff6b915ca132c17f951e882beef470b275b664693b25a6be6853ae0c0677e6696f3d4678b3eaa4a612dff2de5c","ssdeep":"","tlshash":"6fe0c0d31b1dbd30cf5801373e9157143962b2846283b108b7845102d8c63593cf7fa8","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.372537Z","times_seen":897,"resource_available":false,"data":null}},"time_used":1445,"timings":{"blocked":1227,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=46A7D8FFA80081EA\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=543283264\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026su=https%3A%2F%2Fcn.kkmxxw.com%2F\u0026v=1.3.2\u0026lv=1\u0026sn=21396\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.kkmxxw.com%2Fhome%2Fregister\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=46A7D8FFA80081EA\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=543283264\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026su=https%3A%2F%2Fcn.kkmxxw.com%2F\u0026v=1.3.2\u0026lv=1\u0026sn=21396\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.kkmxxw.com%2Fhome%2Fregister\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=6EE2C04C9429337F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-08T21:07:37.85673Z","times_seen":367111,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-05T00:53:30.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:31 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\nPHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; path=/\n_first=false; expires=Tue, 17-Feb-2026 00:53:31 GMT; Max-Age=1036800; path=/\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 69a0ba25b5e6b4a77fd3a6b05d67faee\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":80,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"48bbf980705b568e8369924625515c21","sha1":"145b845d40383fb91d2824407bf031ffb6e8d1c8","sha256":"0dc45d98559f1de26a0c765277d5637dee4f5ef299b92d3105441ef6d1931d6a","sha512":"51d67b8202c978b6f28dc237dd07b1b4b386b1a8f769ce554e48efac88172c0d40795c89333361a6b84dd055f77e92bc844070e6ee6f157c5eae2ed760e7ebb6","ssdeep":"","tlshash":"77a011c82c00c00a3af022802ca2b20ea88a80a80c00ca0200c00eb0000238ecc2becb","first_seen":"2023-04-07T00:43:11Z","last_seen":"2026-06-06T13:24:47.396109Z","times_seen":453,"resource_available":true,"data":null}},"time_used":2320,"timings":{"blocked":917,"dns":260,"connect":1,"send":0,"wait":486,"receive":0,"ssl":652},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/kz/verifycode","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /kz/verifycode HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/jpeg;charset=UTF-8\r\nContent-Length: 1510\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; Path=/; HttpOnly\nVERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87; Domain=kkmxxw.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: a44386ddc5eb667a7a817f413cf8dc9c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1510,"size_decoded":0,"mime_type":"image/jpeg; charset=UTF-8","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"1a9ab7e593114b9cdbe95272cf212809","sha1":"72c3cf12fb3f57a98b1450181270350d9260113e","sha256":"5485b25ad4cf2f6f3b5f5d10b09faaf5819b2eaee0eaa2b831b4ce368dc23640","sha512":"eccaca4acde6e426ffea60731d14d8c2dec7c4646d3d7a99ced5f87f68f4e587f4d5ad9bc46cbaa4539e4172820239909b5f272f15161012494a219b8253cf5b","ssdeep":"","tlshash":"6d31e932a7851a118f4bc6f53a0730bfd2eacd767e52393c0b7002b9c910cb0e105a78","first_seen":"2026-02-05T00:54:03.274191Z","last_seen":"2026-02-05T00:54:03.274191Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1368,"timings":{"blocked":1106,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1681,"timings":{"blocked":1397,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_return.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_return.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 778\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-30a\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 415dc9adf4b64a00e4e9bf5df7e5392a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, interlaced","md5":"fabab84476aede515f6619fb53cec396","sha1":"84650df8e118c2c101bc0bf6e20d9c76d4303b06","sha256":"8141cf949879defeb74a01e369563041075c8417c2f3e8789bd07fcdb6499552","sha512":"99f267bd6c596ca4ccf617f05a2c86edb2ae6a805fdd5ff3458c66853e87760d215225373e71cbdae688936cbcb88441bc3138eadbad694364fcfc7490eb50c7","ssdeep":"","tlshash":"d70120c5d7761db0c2c161b7163f9a8b1a0b8516a805a10d2e8634b39945f842d8679d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.396322Z","times_seen":902,"resource_available":false,"data":null}},"time_used":1676,"timings":{"blocked":1462,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 6153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1809\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: db3c9acd82ffc92256a708c65b529410\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":6153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"89203da3a7f6cd69c626446854368222","sha1":"0a861d62cd091a150ce253ecedf0dff49c80b3f0","sha256":"ae58de0a439617b67724ced1eee3bc04d8103d1a8f34a9ac362d1a842e06d2e7","sha512":"37b0293f4c467a53f8b4527c40345e89d407811a4e7894263663847ecc5406c8d101c2dd9711f4fd099ec325b9013d1337154600b0f87b8fc3e5252a771993c5","ssdeep":"96:tnCr4K+CdLuWy5kOy2k17lRtUsvqI8ydwBlz2gcwNkABBbbk/eH+Tm4Mi0UPftR7:tnCr40dKOOytRhFNaNTDbsxCdixHtUQ","tlshash":"5dc1aef06ab50164f022342747b70504a4167fd89974bc9063bf9f8defe6743e868ad1","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.375799Z","times_seen":904,"resource_available":false,"data":null}},"time_used":1226,"timings":{"blocked":1008,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-j.wb27jlt6u066.com:9587/fimg/202505/1a9924b67880434fb3771e34217f417e.png","fqdn":"static-content-j.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-j.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:63:CC:0F:0F:5F:80:F6:C9:7C:9F:46:F2:18:BB:F0:81:76:AB:57","sha256":"6F:3D:C2:F9:AF:3C:86:73:A1:D2:80:61:D4:B6:17:22:DA:26:77:B7:DD:45:E4:48:70:54:B5:A0:02:F4:69:D8"}}},"request":{"raw":"GET /fimg/202505/1a9924b67880434fb3771e34217f417e.png HTTP/1.1\r\nHost: static-content-j.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 6259\r\nConnection: keep-alive\r\nLast-Modified: Sun, 11 May 2025 06:29:47 GMT\r\nETag: \"682043db-1873\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e4f4682cfeb5486f59532c37cb7f7565\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit colormap, non-interlaced","md5":"8c4532aea4471647fef42bbfb068a07b","sha1":"817cd77579876f295d130b198b0619210681035c","sha256":"62278a2db166030d1157dd13ad3e3cd3564df80fa8acf4b8f0396de467ca330e","sha512":"23dec8e31d8dbf92568525198d09b0fe91e6aef5aee59a4b4d55e655aeff0f0f28a404490524f0907eb19522033af6754bfbf5c7f810a2013fc92b101e17d1c7","ssdeep":"192:ddxAOgq6/irKvADndSJhpg2o6GOHFLWH5i9cY:d3gvieIR2o6bFLAkOY","tlshash":"b7d1ae6ea1fdb53e5628e1d5e40dd714444b3ec4922c1ca7c7f129d46b7087be583a8c","first_seen":"2025-08-07T15:42:17.356378Z","last_seen":"2026-06-08T16:39:16.387509Z","times_seen":633,"resource_available":false,"data":null}},"time_used":1938,"timings":{"blocked":1159,"dns":1,"connect":3,"send":0,"wait":215,"receive":0,"ssl":551},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-7f20a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0e6a2bb08c5950deec75665d9e35f21a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":520714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002)","md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-08T20:52:26.109441Z","times_seen":15835,"resource_available":true,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":162,"connect":1,"send":0,"wait":215,"receive":26,"ssl":476},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.validate.js?2017121201 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-ed9a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 804e7b316b0c39872b8b18fa812038a1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":60826,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256)","md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"resource_available":true,"data":null}},"time_used":1028,"timings":{"blocked":809,"dns":0,"connect":0,"send":0,"wait":217,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/kz.js?20250807 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Dec 2025 02:53:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69378f18-10cb3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 713f6f644ffc57852906b969e060a6dc\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":68787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"resource_available":true,"data":null}},"time_used":1023,"timings":{"blocked":802,"dns":0,"connect":0,"send":0,"wait":219,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/news?try_platform=4\u0026status=1\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/news?try_platform=4\u0026status=1\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.kkmxxw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":552,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0548c38aab01c9108129c416a8db0230","sha1":"ff8c3352e88c5019d1926df396c3431d710fb94e","sha256":"469264b5aa045412bb0d7b70286e5c377ff039e70b67ed12a7d95af0760d1658","sha512":"e670aa61633a0c948db079c7c569588fbc07002e15856a4de976195a58575165656d6e2e34434938167eace30d210168f3d54b5da828de9dde0fb000ef00a4db","ssdeep":"","tlshash":"61f0c03109799c395e491c8d014a7315adfd74d8cded851c52df7d0579c06a04a87332","first_seen":"2026-02-03T22:17:09.377826Z","last_seen":"2026-02-11T02:16:25.32078Z","times_seen":13,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":713,"dns":0,"connect":212,"send":0,"wait":374,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6231","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:36:37 GMT","end":"Mon, 06 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"D1:4E:DB:C9:1C:90:74:26:D2:F3:40:74:02:DB:66:36:23:CB:45:12","sha256":"08:51:D4:42:81:8D:57:AC:83:18:86:85:25:AD:F1:2F:82:17:60:A4:FA:C6:D4:09:86:34:D3:30:65:78:09:B2"}}},"request":{"raw":"GET /gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6231 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 05 Feb 2026 00:53:35 GMT\r\nexpires: Thu, 05 Feb 2026 00:53:35 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 133549\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":388112,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"c010f992ee3e939172157a7f2630b47e","sha1":"6d5f089e89cf867fbfb5453271cb1222614aba06","sha256":"721fa5bdaacf9d12f8cd6eb6b999444278590e76ff26efc94adfd325da4f424a","sha512":"5d5df2e2ac8b4197e71c26539022e3680e803946c64910a7e10721f1e83a962bec6d55f14e78195a489361b136e290b04335ca5bbc3ce5ab6d1b5543c1f2df9d","ssdeep":"6144:u3BfoNrq8GaoCsx77/p4SGx3iQA84zYul4mngSHIF5/PXFGFj:ofo1hGaoCsxX/p4StQA80IFpwZ","tlshash":"26841ace73c670269396e478503f118ba57b69a2f44cc899f18adce42d7069a4237f7c","first_seen":"2026-02-05T00:54:03.281845Z","last_seen":"2026-02-05T00:54:03.281845Z","times_seen":1,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/download.png","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/download.png HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 456\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\netag: \"68354d33-1c8\"\r\nexpires: Sat, 07 Mar 2026 00:53:36 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit colormap, non-interlaced","md5":"1a89c1b0da2dd8e949b7cbfbf97b0207","sha1":"eb7047b074d6e8ab5453ccd9450d30ff781e9988","sha256":"941720c6f4b421e3b7a1312f8c713c13cd6aa7033a04089795c59b96c5d50a9c","sha512":"97ff9190823f66f21d090c88aacfc49526e42d24127bc465ac9ddf4ced53c2981c14627752f77d57d85d8971752101819b9332480a65ec0c2612e8688b8ad26c","ssdeep":"","tlshash":"12f0c091268c9c1cc3dc5cbba3b69756fd18555141035c40bc79c06c579502979f89bb","first_seen":"2023-05-10T13:44:32Z","last_seen":"2026-06-08T16:39:16.400961Z","times_seen":772,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":330,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/favicon.ico","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/","date":"2026-02-05T00:53:31.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 05 Feb 2026 00:53:32 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nETag: W/\"5d650431-bf\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":191,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"879e97919a993283dff3a8d1abb8447e","sha1":"412c7a4d3182c45cccc39227c0a54c8f99f9be29","sha256":"a8eecb4cd99792b7902d1141c6309e6760ca3576e668b8e0ed177f3044a48848","sha512":"7b3e61090e2a7a1e5a373079e98a1dc848e6825d578a78dcc317f59c5f75ea21744687e3fd6068bd1bcf8190b36e276edc67248c85aa99c0d436736f84012ada","ssdeep":"","tlshash":"0ec022c7cd00c44a01f60a05c8b7f45ce0a380a48900c80088f28c7122e8bcf861fec2","first_seen":"2023-04-07T00:43:11Z","last_seen":"2026-06-06T13:24:47.368395Z","times_seen":442,"resource_available":false,"data":null}},"time_used":734,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":251,"receive":1,"ssl":480},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_1.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_1.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 9153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-23c1\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: cb81eb38388733a37187b7c2b219e0a1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"35232fc24b2dc1c976d9c5dc6a13c8c8","sha1":"f5003ab920e63450703abae5e6e6be411c04de45","sha256":"e13f9e04322055a0384d1cb68558705c6514711cd65496f8d640537ee6c03247","sha512":"b7ff4fd1576beeef3fb95a7c0a493891e4dfea064b585ad697f4a092dfb54b5f086bf4cfb197d68574db1f634fd6209161408bf83d61a84ec6094d5b108c7fc1","ssdeep":"192:gvmo1b5upO8VQNrg22Q2aRrjnhImlrznwbcLl+IgGT:gvDXMNuqujhIMzkKII/T","tlshash":"de12afad3974c4133b3670a42867c776c8ddc7b08a555c4ab58c4712ba30330951ebeb","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.36295Z","times_seen":894,"resource_available":false,"data":null}},"time_used":3279,"timings":{"blocked":3062,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.v1c2h.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:04:47 GMT","end":"Sat, 25 Apr 2026 16:04:46 GMT"},"fingerprint":{"sha1":"1C:C9:FD:7E:97:94:2D:F6:83:69:BD:B4:E6:8D:95:32:F4:4D:46:82","sha256":"21:90:B8:8A:F7:B9:2B:5D:AA:2A:35:10:FB:CF:36:D7:EE:7F:36:66:21:67:D1:AB:F8:47:93:19:2B:6C:C4:B0"}}},"request":{"raw":"GET /global-activity-entry/js/rain-icon.js HTTP/1.1\r\nHost: www.v1c2h.com:51300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:33 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 09 Nov 2023 07:48:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"654c8ed6-88a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\npsc-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34985,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-06-08T16:39:16.385146Z","times_seen":789,"resource_available":true,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":140,"connect":203,"send":0,"wait":232,"receive":0,"ssl":210},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/member/reg.simple.js?20230220 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 31 May 2024 03:05:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"66593e68-2b0c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d0ba7369ac34ea77c164064142a81456\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":11020,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"resource_available":true,"data":null}},"time_used":1024,"timings":{"blocked":805,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/modal_reminder_logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/modal_reminder_logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 14074\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-36fa\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 00de027baf8ac66d4a3efbed96f88c20\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 569 x 555, 4-bit colormap, non-interlaced","md5":"3494fbc85e95ef708a1db6668fd2e401","sha1":"b9fbfc60416cd990012546e74b0fdb38bdbebe19","sha256":"3167f9728906a03ceaea850d57533fb5c253a38b94cfd55d245f714d7f18afac","sha512":"78791223a160d4012f76fad660815eb9fa01d4beb0bc98de01288e66b477a3c739a4b8ec0fcae6263fc66aee0eae43780d1abb663dc25b635bb9f702bb0eefff","ssdeep":"384:ZArYvJEV26jJlaWFjf8KvQdlbT3mc1qm+wTR:WcxaJlaOQRN14wV","tlshash":"0d52cf1c0cdd9c4dbd74129169409f8b5c70abfab9f051eb88caf218b6af9402554f23","first_seen":"2024-03-28T04:38:14Z","last_seen":"2026-06-08T16:39:16.364455Z","times_seen":737,"resource_available":false,"data":null}},"time_used":1676,"timings":{"blocked":1459,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/banner","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/banner HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.kkmxxw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":16130,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0877fb0dcf4cbcc7543aa1761ede3e03","sha1":"34f885bd7209cf681bf86c74bfb49134db9b4b26","sha256":"a17c7ed1aaa7a07d0949f63f2b916e21d2685b8e9484a562dc2b6f37b2c23b22","sha512":"5f485f30e48f99b26114e594c34286eaecbfaea45a696f94ebd078427703057613a29dde80be9ad1b2dbb46e1285572ef033e3982d8f534497fd28854d7144d7","ssdeep":"192:IXNVB7UBSvBrBZO3BhmB5uB2VHBBarmdBZ/DBOuBY6OJb:Op6BJ","tlshash":"2872594158a8ec774de03bdc0c0919a671cdf941fcccaa96e710eeb812ae1a1d61f19b","first_seen":"2026-02-03T22:17:09.303123Z","last_seen":"2026-02-05T03:29:38.638724Z","times_seen":9,"resource_available":false,"data":null}},"time_used":1405,"timings":{"blocked":752,"dns":0,"connect":0,"send":0,"wait":428,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/css/style.css","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/css/style.css HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 05 Feb 2026 00:53:35 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60ca3dbf-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3xjqYKD%2B77dkDOqlcOOzICI9bGkDI3qkm4BGcXGzt698eJRULQpdoR7HJ5DlFAoGilCh4ghT8IUaE%2FKnABYIIB3svWnDgGxjMC3njD9KCRU%3D\"}]}\r\ncf-ray: 9c8e6e7ebd2923eb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"0c6d034e188bab046fdc5e2bf379985a","sha1":"2d488cf25911a2fc18a528d7cc379ccf0cfe81b9","sha256":"4d22d7a96ba44fa03ada1e71245b3ee64e1e91a1bbe9287957429ab8a1ab0f5d","sha512":"cb7466d46ac336aa2c569e1c8ff81e4576d7b4882259a8e7b278e89158345eaed5e71567878a6e78a3ec54fdf339e86857695fadd6c84194c0a54de40240dcb4","ssdeep":"48:FLYxjPtWs2MYEuZh/Vzlj2TTc4JnAWXorJfNlfUstDTj54JI74koECOH8WzurfYh:FLC2f1YYDO+h0HfYNsu+zjfrQ","tlshash":"9991cc7d4b0722044637d6587bd54b668638d063bb0729de7bd506ce0b91fdc02b1aab","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-06-08T16:39:16.400236Z","times_seen":665,"resource_available":false,"data":null}},"time_used":924,"timings":{"blocked":64,"dns":33,"connect":1,"send":0,"wait":786,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.eaafacef.com:2053/entrance/api/config?status=1","fqdn":"api.eaafacef.com","domain":"eaafacef.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eaafacef.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 22:38:23 GMT","end":"Sun, 29 Mar 2026 23:37:00 GMT"},"fingerprint":{"sha1":"0C:1F:E1:0A:19:A1:3C:0D:66:32:5C:75:91:E5:F0:18:DA:89:4F:A7","sha256":"37:AD:B7:8F:36:E9:2F:C4:B1:95:35:27:43:02:20:D6:44:9F:2F:0F:07:64:1C:8D:D8:14:9B:B7:2A:57:9F:87"}}},"request":{"raw":"GET /entrance/api/config?status=1 HTTP/1.1\r\nHost: api.eaafacef.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.kkmxxw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 05 Feb 2026 00:53:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 50\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, Content-Type, Cookie, Accept,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PGxt2Uziw%2FzzciRv6rHpOiwkl30JUae1PxWlNMF%2FVC40zirAoapTxLhaMNCC6uin6Cpn5eSkVzZIKBYMVtt3ANW0TgX1073ZhsiNR5DYrCY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9c8e6e7ebd11783d-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2145,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"a63c5738b37b71ce89f8b7285d9e6cb5","sha1":"ade17b3b5c9ca6a618ff6f08a9dae7f274e1ad34","sha256":"a33f116fdcad6eeab0d6686c4455659496f3c97781af6f16f14a6fa0fb3803a8","sha512":"0bbb39815458755b1cd45cc8e3fb63132f3c847f78b3c69d157e247c79cb91216d2f6e1c7b9b33101e92d02599c42ba753da3c28dc97c3866af35f0958986cd6","ssdeep":"","tlshash":"0e41cf7613ec76f48a5b52c0848e3bdae06d7b23c804eea73e0d6e1881616b1284903f","first_seen":"2026-02-03T22:17:09.267496Z","last_seen":"2026-02-08T11:28:33.254297Z","times_seen":12,"resource_available":false,"data":null}},"time_used":971,"timings":{"blocked":64,"dns":31,"connect":1,"send":0,"wait":833,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.min.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-176bb\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d6f92558038d07727fa532ca0584a580\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95931,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-06-08T20:56:21.718534Z","times_seen":20230,"resource_available":true,"data":null}},"time_used":1601,"timings":{"blocked":668,"dns":223,"connect":14,"send":0,"wait":218,"receive":9,"ssl":451},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Feb 2023 01:02:19 GMT\r\nETag: \"63d9ba1b-c4e\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9a76876686ed42cd3104ab06d2011107\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 373, 8-bit/color RGBA, non-interlaced","md5":"a64222f0baf49b7b54175cb4b70c7772","sha1":"179e5f57fdd5dee04578274231a5445b76b83ae2","sha256":"382fcd4debce444b68de702fa69d2b8935ba546457f1a36d358d312baec1f35b","sha512":"13ef9e867c04188713a5812ed810ccd9f80771648acfed7ee5a3b7ffe0862f67233d1136de6440ade5854d2a14012fd6d7f1751c010a6f8dcc708d4c6d640291","ssdeep":"","tlshash":"ad514cc1185c2e117ffd4130cece1ff99c9e2da667e0a29d8639d1926da4310f4a5b8c","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.391053Z","times_seen":908,"resource_available":false,"data":null}},"time_used":1396,"timings":{"blocked":1178,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 106930\r\nx-amz-id-2: ZJFCC1NUlWMsPSuqDiVEN+KRgOOm6/YgvmGA5Gri2zZ38LsP4SCClD3eXkEl9VfMO22Zj/6gILW9INk0UCqqbtX2FWvUc3LB\r\nx-amz-request-id: YF26ATKCRNZAWWPH\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"7907a7882ded0237441091b52c3b50ea\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"7907a7882ded0237441091b52c3b50ea","sha1":"209414f453c53fcf4e63f7ea0a97a550d8aeea67","sha256":"df2155b8cffbead53e3e14bcce48b057ed7675416c59fb30a119371e6c3e97e6","sha512":"2bfadbaecc029a20dddf059c4391b947beff06a641016ae6464b11abd7ca41b5d4789f3fcb77c3ec65ddd3538508e47704e682b1d2f1c18f90658dd6c279a546","ssdeep":"3072:kEfWMVC/yIjXMLpQQDhMaQEXn8vTiWzyToWR3YjkC7O:kSD8yWUHhnoTdyFmP7O","tlshash":"c3a31254bda0f6a3d67fe7e9ebc5075d6f9f424a8e59c22c60343528ad2f9c28036170","first_seen":"2025-07-18T11:22:50.671167Z","last_seen":"2026-03-19T10:33:28.684969Z","times_seen":471,"resource_available":false,"data":null}},"time_used":2987,"timings":{"blocked":768,"dns":344,"connect":207,"send":0,"wait":694,"receive":760,"ssl":208},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/close-x.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/close-x.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 1101\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-44d\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VDLVyyfFscNoypzVY38w%2BdICwCGohoK%2B7rbEDQTuARtahLi30fQJGhQKKH3%2FTd45YP0Y2WdZX9k0DqB4Dx6V76X5nUQHbcHUnI40QHEMWEM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c8e6e84cee68deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, interlaced","md5":"6d53ba3fe6c7f1b97871c37f610267c9","sha1":"911d9c2f4efec81d5a7edd84bb7a4f1b33dd8560","sha256":"a1c35b21ff48ff6181a0f1f443508abff9690316942a1d4974614c2c79f0d420","sha512":"8538e5f48126db6176b784162592998bc86fb1ccd88318b4d69334d1ef5fb8037c79ba2bb295f03836c315bbcf102a89e3b70630b6a46646c4acf5127ce4319d","ssdeep":"","tlshash":"0f1186836728cb31c123023a9399630afa184d52b61757cc59cc6c0fce980e2555c61e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.639297Z","times_seen":605,"resource_available":false,"data":null}},"time_used":794,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":793,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1770252813","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/EagleEye.js?1770252813 HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: br\r\nSet-Cookie: E2Token=744444a4-b545-405a-8028-770da408e17e; expires=Tue, 05 Feb 2036 00:53:34 GMT; path= ; samesite = None; secure; httponly\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1438\r\nX-Rate-Limit-Reset: 2026-02-06T00:24:09.5972717Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 21739237f5796eced1f10870efb5b3d1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54487,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37140), with CRLF line terminators","md5":"777fbddda316cb73c805c7f8033668cd","sha1":"2bde289bf6e9d85916d65f5291c05cb55458965f","sha256":"40c966edfb84100078aa76f6390d03454b71d27b4c629f703af8e1639630cab1","sha512":"27d1c2f9a345fc93818868e2979b73340065f45270a70ad3890cb8f5bba05cb3ca2921018c8b216ce049e8216376f1635892d1230cc04e1e60b4b5cc884f8e0a","ssdeep":"1536:m6Xzk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDj:bGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"d333e71ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","first_seen":"2026-02-05T00:54:03.298289Z","last_seen":"2026-02-05T00:54:03.298289Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1949,"timings":{"blocked":745,"dns":329,"connect":1,"send":0,"wait":415,"receive":4,"ssl":451},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/fimg/i2022109557596bf60a4a37a8fd6570231b8312.png","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /fimg/i2022109557596bf60a4a37a8fd6570231b8312.png HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 228056\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:07:34 GMT\r\nETag: \"6344ddf6-37ad8\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f6489d05c20b7e304df8313482f3e1a2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":228056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 838 x 572, 8-bit/color RGBA, non-interlaced","md5":"ad437106303315b23ca37c00fac9b9a7","sha1":"f503a3d13adaba3b253e4adb493181f86c50bb6f","sha256":"9624ab5cf4b378ccbf9525a00dfbc12c923cb62d887e8bd6a69c4d140c6a8133","sha512":"36cf78c0da7bd3530167e12f2bd3a0f75c38a745f337075d0b493eb41d6e035a2e7fe461df7a771e94eb42e69f419eb3af283b220bb211a2b652d8f55d47558a","ssdeep":"6144:/LkBXH85hsNRgjSxVQldvROEZ7dhzZA6x/qQ:QqnsNRKOVwdvgEE6IQ","tlshash":"122412ecb69b980fef3d1147925c0db4e0f820043b1c9277a155e9b7e8d21a939b5acc","first_seen":"2023-05-05T17:23:57Z","last_seen":"2026-06-08T16:39:16.386196Z","times_seen":801,"resource_available":false,"data":null}},"time_used":2040,"timings":{"blocked":1100,"dns":1,"connect":3,"send":0,"wait":216,"receive":219,"ssl":487},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.hscof5hrwtco.com/","fqdn":"m.hscof5hrwtco.com","domain":"hscof5hrwtco.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-05T00:53:28.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.hscof5hrwtco.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 26 Sep 2025 00:00:00 GMT","end":"Sat, 26 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:B4:AB:16:69:91:5F:7A:8F:A0:C1:B6:02:0F:E5:CA:83:06:5D:D8","sha256":"D7:45:6B:43:C7:3F:6D:8A:A2:0C:F5:A7:9F:72:05:54:51:62:08:BA:D5:EE:7C:C5:28:73:6C:18:D1:2D:1C:7B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: m.hscof5hrwtco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 05 Feb 2026 00:53:30 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hscof5hrwtco.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hscof5hrwtco.com\nPHPSESSID=8mvilkdgi0b157kadrq2g9vv1e; path=/\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nLocation: https://cn.kkmxxw.com/\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: be7bd7f5020ac0caef4a272fb30f4a35\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1976,"timings":{"blocked":737,"dns":229,"connect":1,"send":0,"wait":502,"receive":0,"ssl":504},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"m.hscof5hrwtco.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/main.css?20260123 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6972f9cf-f402\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 6c750ea71485447f8e7b1d45d6b34a5c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62466,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (449)","md5":"6bc3134c354794051a02113c9d3c2398","sha1":"ace70c4abd0bc9b64481114f48daf5e0db39fa77","sha256":"52162eface1a1871263972ddfa7a80ce4d32066d37806b140768f69138069992","sha512":"c42aa02818eeb4daf7a6c7ce55757e731d8bdf81e1f5501633a6f0158560286d5496ec9977897fa0d9526787396d37175a0f871d94199bc4a46988e7e5d6371e","ssdeep":"1536:ZoErfbP93Ytk3pZcG1cF3NE9GG0gYAajgHwEUVtrydv4ffEqyPouRPf++J14Sqgn:ZbP93Ytk3pZcG1cF3NE9GGMEUVtryC+r","tlshash":"9153a721e9b9220ab03bd562b4e15faa22398017d1171fbc657d3a7de6cf0d81177fa0","first_seen":"2026-01-23T05:01:52.478736Z","last_seen":"2026-02-12T05:30:34.667985Z","times_seen":20,"resource_available":false,"data":null}},"time_used":1604,"timings":{"blocked":675,"dns":225,"connect":2,"send":0,"wait":214,"receive":6,"ssl":469},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/service/verifycode","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /service/verifycode HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=052C21710E6481B042879A3C3B75DCF1; Path=/; Secure; HttpOnly\n_vcid=052C21710E6481B042879A3C3B75DCF1; Domain=.kkmxxw.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: eb5c2017b7366207234de670bf4d31b9\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1329,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"ea2ba2c7831fb9bbca1b3e24e1e72fa8","sha1":"1f2872e0d672973a4e8defc6b00cd7502129335a","sha256":"6f7ef53f7cce80a2655e0e48cdbb1d80c8d3378c2f92d2d21dbad28cb5628193","sha512":"379f3bf950df16ad2c08785048bfb7588cff6a95948b7772c6a92708bffeda9f280974ffd22788c35705582bf9e12dbb1e12adf8874e1aebdedb9ff333942097","ssdeep":"","tlshash":"a321e73c8317a6549f32c8f494493a8bd94a0d957f4d333109628c5c8020dfe88cce7c","first_seen":"2026-02-05T00:54:03.301383Z","last_seen":"2026-02-05T00:54:03.301383Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1919,"timings":{"blocked":1105,"dns":1,"connect":1,"send":0,"wait":310,"receive":0,"ssl":499},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/game/Game.js?20220202 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Aug 2025 05:10:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"689d6fb8-f55f\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 39c5a1008adfe149f9c29526239cab23\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":62815,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"resource_available":true,"data":null}},"time_used":862,"timings":{"blocked":-1,"dns":157,"connect":22,"send":0,"wait":220,"receive":1,"ssl":449},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/index.css","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/index.css HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:35 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d33-13bc\"\r\nexpires: Thu, 05 Feb 2026 12:53:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5052,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"33009c301e789707d7c69505ff50d74c","sha1":"cfae09fd67a040052da9da88e0b6b7184c68a4fc","sha256":"bbef70cb02415d56036f01eed877aca7e946f6ce14f39ce52899b1c19f3360d7","sha512":"54d3eff35b7e2e5b03386955f05ce0bad1aa1d8586ae9f70efe9ba5660ba33a7c18b0840083e190af9bbca26d9ad7d032945a4e5c08439ba7b2f121ef268e2d3","ssdeep":"96:U5KsCmC+sCMCW/rnidi/kisClOC3vyb1CWg1KBscndYYC5xNESG0cCTgfeJ9SXEl:Jj1wDW/ridisisCltqbI9GscdYdxNDjH","tlshash":"d0a13259a7f60604681fc1943dd2a759a239c043a24fcc3df6d2204caeca1db72a7bd6","first_seen":"2025-08-09T14:13:17.039422Z","last_seen":"2026-06-08T16:39:16.399743Z","times_seen":561,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/arrow-left.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/arrow-left.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 05 Feb 2026 00:53:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 710\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-2c6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8sLFArrfqqZeX%2Bcl3mKgjCijxEq7SpNjo1gJoDS0e9fs3kufnTwPndhR9KMFYpL8sLz7c6Ih%2BcfYOvUPnRUcao%2F29CvHv06qhkGJ%2B8QZVEY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c8e6e84cee78deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 34, 8-bit/color RGBA, interlaced","md5":"75283be3b7efd575f15a3c05ec9a83e5","sha1":"8646eadd0f93308cd0bd224242393f505e920f7b","sha256":"14dde123a93666ed0e806b324627c3cfef68a77e1ec346677fd6d1d05187685a","sha512":"f647f432cee300847d1f2bf7a0974885b9bcf773589cf0644ffd0a97282546ddbf6731f08658fa11732d150f17b5849db18c8e5ed1d586043e443806b60239ad","ssdeep":"","tlshash":"03014eeb13b47f50e7a1ac372d82d3280eac89b57514468c01401ab98c7e4cead983b2","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.567512Z","times_seen":601,"resource_available":false,"data":null}},"time_used":767,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":767,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_keno.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_keno.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 21322\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-534a\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 620cf749169b7bb184a67c185307365b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"f3d3231964cd6c0b98aceaa07e9626b6","sha1":"2fdcca8cdf610057e37e86e9c679f87d959a1821","sha256":"3075e79d3c7ef852ed0a95aa56324509b499446a6d8a454fed94f1fdd102fd90","sha512":"78837a1effb6ae7ef05256cac78af4982ceb76f36f77362f29caf29fff7f2ae6ec01d11c89ec4c87c7ffb2a9ec9ad7a6d2ccab97b5b0145c649672baf097858c","ssdeep":"384:yW63kJiUaadwYIM4oZt3zpqdyaNJQMqr3t5LwR2hD83hZTf2xL:96UJNlwSVtqdyPtZwW83HqxL","tlshash":"20a2e1c5ded60df36e6a639225e06525854ccbc29ebdd24a00e2b3d83a903c773dd3a5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.363484Z","times_seen":883,"resource_available":false,"data":null}},"time_used":1810,"timings":{"blocked":1122,"dns":0,"connect":3,"send":0,"wait":237,"receive":1,"ssl":441},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/all.js?20231116 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Sep 2023 03:06:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6501272e-13044\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: becce316cc69df8ec7f1321db814b016\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77892,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5480)","md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-06-08T16:39:16.360289Z","times_seen":1014,"resource_available":true,"data":null}},"time_used":838,"timings":{"blocked":-1,"dns":153,"connect":22,"send":0,"wait":215,"receive":6,"ssl":432},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/common_spirits.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/common_spirits.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 8399\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-20cf\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3e193dd9cb958af59040b16141be1b1b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 853, 8-bit/color RGBA, non-interlaced","md5":"44540d8c4a0f15ac3c79ec50c38068ba","sha1":"09a60fef078669da7113fbc9f9129b3a238e1b10","sha256":"d963d332fe095e110da648b267af4941bcb3d0b3988459d5f2039ebcadf4c2f0","sha512":"d67fb563e9db8d886bf09cd391361411e19aefeb2a60a37bf11eb38d985dc1c568281bae50aa71b504efb6a7bc6026340f809e797356816a430118e4f92f82e5","ssdeep":"96:1PodqmMbZJnxtCv2QIo3WG/INSvX3pwN0lu/hpSj8hj4LeQtJmzpwYFE1+m30tBY:1PqgnT8n5DluZph4y64zpx8aM3DJl","tlshash":"51028ed002b9316ed9643b22abbf39680ee289aaf4bec33448d4173731694d0457ce5f","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-06-08T16:39:16.371534Z","times_seen":753,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 3373\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-d2d\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 11c05c0bcdbf4a1a7afd6b70556726c0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3373,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 367 x 260, 8-bit colormap, non-interlaced","md5":"2d7a78ffd17b81f4d960f89c341377d1","sha1":"2ecab08e7808a385c9a712ce90beeef668c19156","sha256":"5e3bb47aa455eafd7493541cf6ce550ce84309152943f0295d79a9329879ac62","sha512":"1cdd6e6ef5f98a69379d1bbb70c6605ce05be2000426a78e5fe47a140616e118b1a6ae1b5dd0d2641f48dc0dc20216dd864ccaae690409717351122485312630","ssdeep":"","tlshash":"55612b23aaef0419f2459a3a9582d8adabbbf9138499720ec4bf986147b1d317984214","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-06-08T16:39:16.394988Z","times_seen":754,"resource_available":false,"data":null}},"time_used":1677,"timings":{"blocked":1462,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_08p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_08p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 14696\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3968\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 139f068a60995e5618f698ea2002c459\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"ce8af7d88dfe5a8cc857666523c01fea","sha1":"370b5c460e31540ff1c8685fe2188adfc8fe3641","sha256":"7ba510715c55f7c648e19a82b9690f58ac0136c370be907bcce569c08bf03a74","sha512":"b9764ef8173289fa4b4214274745843e1cbcdfbbb7b1cbd5d1ee9e00beb3e0c0410b714bc466bf7f9bd3ba7515cb562460b1c175e03c25900418ea4bbfb68679","ssdeep":"384:XJXE05RJmFuDKsllhSHwRJ5GotcrxjYvFx:F35TmFuDKsRXurdI","tlshash":"1e62c0bb453095b578e6b81e0cf21a8b37b94fadf54e18665202f0ef60969c38e1852d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.374009Z","times_seen":882,"resource_available":false,"data":null}},"time_used":3437,"timings":{"blocked":3220,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/css.css?20251226","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/css.css?20251226 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:43:57 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971ab0d-1f83b\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: daa4e780623c7af2fd98890e3f7a2454\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":129083,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (525)","md5":"f33659928ef4927bfd85af4f42f0f555","sha1":"f7b01fa2de028214ac7a57d2dbc915ead275d674","sha256":"da37902f2ef9360be0efe17c7a82c74d1e5e9906bb8118060b885833190349cf","sha512":"ef3ee25c4a9f363c5ccdc947cb479e421dd1c90ffdb0eacbeb09c767f206474c84044715545ba08733bf05f4f483967d8ff63f5c095b420cdc6d8b8c2cc42123","ssdeep":"3072:qNlIZVV0pv2kohJeqCfVkY2t1cicY270HaLMZ9R1oF:qNlsP0pPohJeqCfVkY2t1cicY270HaLP","tlshash":"79c3f8239252204bb137c6557a9da7b86369c003d6436ffe72eebadad16e19403337d0","first_seen":"2026-01-23T05:01:52.463709Z","last_seen":"2026-06-08T16:39:16.361877Z","times_seen":227,"resource_available":false,"data":null}},"time_used":1611,"timings":{"blocked":679,"dns":223,"connect":2,"send":0,"wait":217,"receive":1,"ssl":481},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/messenger.css","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/messenger.css HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-2410\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c27b1b40c9aabaf061830c8282a4d00b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":9232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (538)","md5":"26f774e67203df0b4387b8fdee38643c","sha1":"d46d750b7882c8c3aff3690472c6ad6c5c32d546","sha256":"3d3b344953f5a8668a3a045c902c84e530407997885301cfffd4a1724b6b37f8","sha512":"d2fbe717e58dbc07551690f0d18256cbef2b33adce004da7d83adb34866764ec94ea6ec5d91a9a65754f0239cc98dfc4b7caefb1a1b427a7e5818671c03288c2","ssdeep":"192:Qi0KrdIJjkB1IbXwdRoqXaS3TIFTKC32XifM1N:QiBrdIJnbXwdPC32XeKN","tlshash":"a812f022c5c51927133fcb53add557584f238b03aa1ed4ad66deec4fc70ae6812e630a","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.370542Z","times_seen":1052,"resource_available":false,"data":null}},"time_used":1594,"timings":{"blocked":672,"dns":221,"connect":14,"send":0,"wait":215,"receive":2,"ssl":455},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/luban_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/luban_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 27141\r\nConnection: keep-alive\r\nLast-Modified: Tue, 26 Aug 2025 02:00:57 GMT\r\nETag: \"68ad1559-6a05\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c5c613ee29ad5b80f88483d57c2f1ecf\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27141,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 123 x 283, 8-bit/color RGBA, non-interlaced","md5":"7496171e549953127295b170e658bb3e","sha1":"d0fd1a644338a3c6eae07b1a726203360bd34285","sha256":"a7ace7e87d773fff86238e57ad2c30a514ed31c7a90baa736135c57483cb7389","sha512":"5be0c262fa1af9bad269c7b61d3c123d6b594cfd5a6f74679e54eeea7c8c4289731a9bb92e5509f1922321dfc63417bdb7cab042ec4f53439aae3b9541deb5a1","ssdeep":"384:xREdTUsNSchzyAohwxegbULB+KvvNFdUizKhuNUi/QXMaUV/EC9dGgkj:xKxmjgoNvvbdxuhuRMMai4","tlshash":"20c2f13de93d11212055fe80ed9eb596b2bf2e120d93c5e8114cd4cd220ef73a55ae97","first_seen":"2024-12-10T08:27:59.944336Z","last_seen":"2026-03-01T19:24:36.816574Z","times_seen":452,"resource_available":false,"data":null}},"time_used":1820,"timings":{"blocked":1103,"dns":0,"connect":3,"send":0,"wait":214,"receive":5,"ssl":494},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor6.png?6","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor6.png?6 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 10667\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-29ab\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: abad6ec74a6388f85cb8133ce85ebc9c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10667,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"a76186a57df2e8a08e4f43859de232ee","sha1":"15efac52c8cca31ef66fa30ab03882ac19f8c450","sha256":"1e9ad8182cbb1acafd9c7346931c9097af4064ae4c68d6c51359c4c81338b71b","sha512":"3a811da9146d744e34c6a8bd91f09641285507f23e086e42cad94dc0c1536cb9b7abc3284c22402a9f25615259f73bf7681addcce5d139065f01272f4b07f360","ssdeep":"192:EzUldKHgvCMYzzpM/YMDKs689IWMdgZbEXCWU3M2DwEwhFp7:hdM5zzpY68+WM+xKCWMcnZ","tlshash":"b522cfeb6cd13879eba3648310757c89f9bbd31e5471e8bb6ae31c640080c5ea156dd8","first_seen":"2026-01-23T05:01:52.44616Z","last_seen":"2026-06-08T16:39:16.389404Z","times_seen":227,"resource_available":false,"data":null}},"time_used":1350,"timings":{"blocked":1131,"dns":0,"connect":0,"send":0,"wait":215,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/kz/gp/v1/halls?_=1770252814446","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /kz/gp/v1/halls?_=1770252814446 HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false; JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; VERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nX-Powered-By: Express\r\nETag: W/\"2278-lauEvhCBrAy3tZrcjsT4bg\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 0e4e76944b2d32f4505fcd55a051cc04\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":8824,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"95ab84be1081ac0cb7b59adc8ec4f86e","sha1":"66876978e8eaaf81deb33b6b434e86d08dc46f3f","sha256":"5468c3043e719cb479cbdff93cb0a189dccf7a02618730fac5b5f60b971fa717","sha512":"ca0702889b190105b1a55afd592128dd90f796c1b124772b01bf4e41794ae5787f9d67441334cc7a5df31f669e635ef1216038f1c1b211e0b1a33cabfbae2ae4","ssdeep":"192:elqdqzqBDyOqJJqxqJGqzq/qKqE3qzqz0qIqwqVqSqAqCqbI1Rqhq1EqeqZqAqvn:euWN8gCw","tlshash":"950273d85f47fc58c95f5d212eab5ba927d9b942f8cd6ec8c2cc4d6000946d2a30e73a","first_seen":"2026-02-05T00:25:03.760782Z","last_seen":"2026-02-05T00:54:03.312747Z","times_seen":2,"resource_available":false,"data":null}},"time_used":383,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":382,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor5.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor5.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 12004\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2ee4\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 1fcd6009162acc8b2ba005a11248db2d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":12004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"e772d932f095a917115ff85857088d0f","sha1":"1ba7b6967a2fb9f291cbe99bb3b3b9a0ed125c50","sha256":"00503366d78e5d7e3b29fb8d8c072ee6ded94655d9d19c0eab97216666ea06af","sha512":"b547dfd1a2130094169366d050119fca01bdfe6857a2d2cb65083271fa2bb6591e2c005f8d9f0de583b2a28721d7e90ffad3e460232a3931e1fc61257ea2e447","ssdeep":"192:mPoZpPVYl4jp4mMape1FWCyxwtefLxwC4+LlkFROlSJc7AmNZlpdJnrwD1jT:mQZceNZpe1FVyxw0Ls+WFxuAg/Xns","tlshash":"7042bf3da8d0abc56dce902c3a2d398203870dd466769d93f76cb477b36e162341dc65","first_seen":"2026-01-23T05:01:52.451331Z","last_seen":"2026-06-08T16:39:16.383203Z","times_seen":227,"resource_available":false,"data":null}},"time_used":3017,"timings":{"blocked":2800,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_12p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_12p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 13381\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3445\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8b3f78bd4dbcb97108bb21e41c19a11b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"771df357a82b3f121039b605126d9031","sha1":"49ac1b1ce8829f54c43e4012c0b21f2fffc6fea7","sha256":"7020ab66168f898a06e3743b3793745da0a9d6017bae2934e842e6ec4addc094","sha512":"acb489f3f721c83653262e26fc5831cff21e293becedd745153219f0300318977a485df8717b9195639e7a4a8760c2a988dc1b18a8a4bf5b907da84674cc4c5f","ssdeep":"384:XJXE05gzzzzzzzzz2Qz9IcDmF/COICUtw6ei/CXd:F35gzzzzzzzzz3xydLZUtAt","tlshash":"4052e14f486980fb060929e40fa043559e9667ff4f65ae34c0d27db7942de5b2fa8423","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.388007Z","times_seen":894,"resource_available":false,"data":null}},"time_used":3434,"timings":{"blocked":3217,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/service/verifycode?x=0.8422076226942747","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:35.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /service/verifycode?x=0.8422076226942747 HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false; JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; VERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=D379119438A346C3DA4A7C54AC434257; Path=/; Secure; HttpOnly\n_vcid=D379119438A346C3DA4A7C54AC434257; Domain=.kkmxxw.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 867fb756210e8eb22d71dd45a09cc37c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"4f2f5c5d9a9f28ea685c4fcb3c1f73ce","sha1":"2e253d7260736ad3845d48aa35896572c83238e3","sha256":"f4904be0ec05a5bdbcc482420e3d8a5157d09314597dfe61f370cadb6fad73f5","sha512":"e505de03a4f282dffd5cb1129ade2dfcd58bd72fad79504fbc1134ceaa948722af91ab1dab88458394804e888ddd177920e3f0f7ef5e08f4ac49d0bf49c4f801","ssdeep":"","tlshash":"4c21b75b6b55a321ff52853996111537d28f49c33e047f759da244f74a00cfac846568","first_seen":"2026-02-05T00:54:03.315919Z","last_seen":"2026-02-05T00:54:03.315919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1135,"timings":{"blocked":846,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 6681f2a8a99331775b9a8281086878af\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.370033Z","times_seen":907,"resource_available":false,"data":null}},"time_used":1466,"timings":{"blocked":1250,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e01f3577581a416b6fa2b19517ec342c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.370033Z","times_seen":907,"resource_available":false,"data":null}},"time_used":1675,"timings":{"blocked":1461,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/home/register","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-05T00:53:31.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /home/register HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=kkmxxw.com\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 90be872ac62f366a9b060dd8d82d8044\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102716,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (369)","md5":"3ea645cb561b0bd4b899b3a978d53ecf","sha1":"d76af70a9b91ec097983678cc6a9774fb084ebe4","sha256":"30956a3d2b8cec102662406f3989cdd26b0a4015774aca5fc53b1671e1a331f3","sha512":"87761c9d09c51e5c5d58ed40666cc4486b2e24fc343bb3c4efb2210dcbc9dfeebf9e80b936c79b5930c6e98cbd1cce01f033f300365308381b91de130b836a22","ssdeep":"1536:6qWYDSmCz9Zxl9kbw2/t/n6nAIkqWsVR2hzmaDQCSL8fbksiYjldbJaOPQvvvuv0:4J2V8h+BTgYfbJa9XWyzwb9WL","tlshash":"45a3f811a8f94677017390e675b7af1a7eaa8037d20a8c1072fe4fc45fc2e82895775e","first_seen":"2026-02-05T00:54:03.318533Z","last_seen":"2026-02-05T00:54:03.318533Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1335,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /css/base.css?20240823 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:17:42 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971a4e6-2a835\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3f3db614796912045f64e08c3443cd0a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":174133,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (539)","md5":"05af91b494845ac53747a6d8764b97c8","sha1":"161db8ff7a66fb31e12771ab87fc490adc2e1fae","sha256":"d91291f4785c691ec6142e4315dee74780961fb1a0f9e73a4543e0e80b35f377","sha512":"7099c8f3a7bb963d69f62a25045bb03f2fa5452031f5b65974cbd1179059bb263268473aca0144c9f61d475034bdf0d9563230510c5fc52d46f61c19631449ed","ssdeep":"1536:11H5u9h1KXKFfCoYD8B+5yZbosh3kRRHMOFCaIAVUT2sbGVyGeDzb2NcdYqaGN+3:YWXKFfCoYD8B+xDzV7sbGpeDzbi+SX","tlshash":"a004dc0ad0ef218b717bd8b530abb6e5e119815ae1064f7d726c33bce1fa65c8132e15","first_seen":"2026-01-23T05:01:52.474463Z","last_seen":"2026-06-08T16:39:16.393424Z","times_seen":227,"resource_available":false,"data":null}},"time_used":1568,"timings":{"blocked":658,"dns":227,"connect":1,"send":0,"wait":216,"receive":5,"ssl":444},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor4.png?4","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor4.png?4 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 6656\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-1a00\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 85f752b842e272ec823efdb855c33be6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"bc0bfba88f57dddbcab058d13a0178fe","sha1":"3a82ca7e0de411faf17a0280292e18365817790d","sha256":"a91a58962bbd93730191f75f51b50108a6ee274b663c5b1f6eea2e09868abe17","sha512":"934411294e564656520460a6806d0f51058bf5d0dda73ca0e3e8b09c370e41a1d0afa135b8bc9bcd3f0d966a59cdb488b6b669ef6012c403c163e947dcc3d6fc","ssdeep":"96:oaLKcsHv7kI8AO6uNlW1/OvAT4AocvRaqMDlFB2QZkC0JfFdGcg1dcH8rsho6g/h:okFPWROvQzRsqCmtwcgHrsQksZz","tlshash":"ddd1bf6ba7ce2cd9a38ed2871f96796bafb1001491e319002c3332ba5a413844f31dd7","first_seen":"2026-01-23T05:01:52.465953Z","last_seen":"2026-06-08T16:39:16.37667Z","times_seen":227,"resource_available":false,"data":null}},"time_used":3019,"timings":{"blocked":2800,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 300\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-12c\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2ba43f74216f6534f42020508dd456e5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":300,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced","md5":"87b9952aa4def5ac2d4dce81528ecae3","sha1":"e34496b167df036229e923d8686858c0a306c1e2","sha256":"7aa81a942fe7f67e5b132b047c4db23993d6ffff8eaafd3692a6824236e11def","sha512":"0fbb21285e5fe2e16acb97529fe973d055261ea7e787fdfc0d4f381f9fd2c00a981dd5861a08a4d1ee0b62d0f145044678b8cc87297e62af85d5f758a826a508","ssdeep":"","tlshash":"c9e0eb4323a20d3ac3c85633a11b13308c304248b484a50d5e442a30cc8a34c2ebd623","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.37722Z","times_seen":913,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/c21119500a71cd1dfad1041285222895.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:36.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/c21119500a71cd1dfad1041285222895.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 05 Feb 2026 00:53:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 91132\r\nx-amz-id-2: e2WgrqXBbAkCQgC4cxNENbHeC3zoRYvMayAIwICioPQhyMgpKdeCFBFBnRNu412zSe9xGiCITUgA50plAtYqDFt1jVbwAsep\r\nx-amz-request-id: YF21RATXG43RZMTK\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"44c360f70ad7205af7be4b9e72ad8206\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":91132,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"44c360f70ad7205af7be4b9e72ad8206","sha1":"aef9ac8c9276f5fc208a1bfb2cdf1abf4e2556fa","sha256":"264b1eb2b87680606d9e9de6d96dc31b8825180e5588765252081d2772eb98b5","sha512":"b93e0d07717567f4121e6eb60f35009e85ede4231eabbd57bd5f7ac58e900b84f070732c432354a60caca3e1dd41e964599a39f0bce439dcb93eab74662849f1","ssdeep":"1536:1d8GPhwJdntG/Yn2TCkjtSbZuF9G8HwCl0VZQkEToysVq9py3AUCctpjHQSFP:f/2tCw2VtStmfQXTKyVq9py3AUCcttP","tlshash":"3b931245ec9f3c26622931115d6f6cd38ac991a7e4b7c837a4f3b2be3405586fe28d09","first_seen":"2025-07-18T11:22:50.67008Z","last_seen":"2026-03-19T10:33:28.657026Z","times_seen":470,"resource_available":false,"data":null}},"time_used":2877,"timings":{"blocked":769,"dns":348,"connect":207,"send":0,"wait":686,"receive":646,"ssl":208},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor2.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor2.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 12015\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2eef\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 25141056b5f3d5c20adca79594130616\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12015,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"08b1808e2230fd8765775aacaecc6048","sha1":"6938cf4392f65962c360813abd5cbcac71933b18","sha256":"632ef4b8179994b1fc9e014cbe796825cd3d4f287b0cde2073a032727325c073","sha512":"6a735a9ae1b419fe1426c3ed7614f7517a7d38000a5892aaf7f1a951922bd952a247e2f64a69dc46b8ca9040171c41f4667c0f256f738f9d3207794d17e00f33","ssdeep":"192:lXG8twMBmByAXFdhrX+gz8DjOKuywLb8GautaA5+JKKgYW/G8pTjgPQ7kXSN7aJk:BG8TBurdhaE8DQZNalJKKKjjgPQqS9a6","tlshash":"d342afb5dbbbcc7a4c0c6f8944a5ffb025304baa5d55b4b79eb7390ce7681a02a42610","first_seen":"2026-01-23T05:01:52.483819Z","last_seen":"2026-06-08T16:39:16.401981Z","times_seen":227,"resource_available":false,"data":null}},"time_used":1592,"timings":{"blocked":1371,"dns":0,"connect":0,"send":0,"wait":218,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor1.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor1.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 8439\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-20f7\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0d47fc94763aec83329efea65fa7b050\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8439,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"65b6723769cef37e0c6e5850c7137bc8","sha1":"d5258baab5f5cdaa29b6853558f16dd6b6435d00","sha256":"161ead6af798bef1ea9b6091a24df2b0f741a0ee0415f2abc11a4d115e0fe874","sha512":"3eadd356a2de604911fbdb8559dc65c517403c7fb09996464d92ac568240a0ab4f4c64be689fdb42d00ef0e285668654504522f6f960c8619074b27cc3981314","ssdeep":"192:jrGlvpl6wAguuMUgTy7s135bVNZFPkk5Ne3AY8TBcnEq3zrGa:3GlpJKuMe7A39VDlkk5VY8TB6zaa","tlshash":"7f02afbd8888c53efc1e8d6c62b06347bc3a71ec84398133465ccae6516c3a4e509f6b","first_seen":"2026-01-23T05:01:52.476079Z","last_seen":"2026-06-08T16:39:16.362407Z","times_seen":227,"resource_available":false,"data":null}},"time_used":1876,"timings":{"blocked":1155,"dns":0,"connect":3,"send":0,"wait":216,"receive":2,"ssl":497},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:36:37 GMT","end":"Mon, 06 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"D1:4E:DB:C9:1C:90:74:26:D2:F3:40:74:02:DB:66:36:23:CB:45:12","sha256":"08:51:D4:42:81:8D:57:AC:83:18:86:85:25:AD:F1:2F:82:17:60:A4:FA:C6:D4:09:86:34:D3:30:65:78:09:B2"}}},"request":{"raw":"GET /gtag/js?id=UA-119765380-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 05 Feb 2026 00:53:33 GMT\r\nexpires: Thu, 05 Feb 2026 00:53:33 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Thu, 05 Feb 2026 00:08:42 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 113072\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":325220,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"daa43d194ae8196854bc0237610bd5d1","sha1":"984b27bbc83e4f5ea0b86f088246d67dfffdcf1d","sha256":"03582dd5a6d541f8b1f9917fce68c028c7e75aea19493725efa30dcd5fd44c90","sha512":"e688126e77e512b037e0eafe96b9eca8600e25c1a5ebc7df10fe93081fc728db51ea45eb59b7b587e891e34c8ad901daa212781858584ff40963ebbcc512841d","ssdeep":"6144:HBfoN48oaoCsxX7/p4SGx3IE8h6Yul4mngSfIFvZfSXAp:hfohoaoCsxL/p4S/E8qIFxCs","tlshash":"e66407cd73d6702693a3a478503f118ba17b7992f84cc895f186d8d42e70aaa4237f7d","first_seen":"2026-02-05T00:25:03.806652Z","last_seen":"2026-02-05T00:54:03.326239Z","times_seen":2,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":3,"connect":14,"send":0,"wait":25,"receive":25,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/rsa.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-34ca\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c054e66b08fbcf4801af1e4da01e0b2c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (5026)","md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-06-08T16:39:16.395408Z","times_seen":1131,"resource_available":true,"data":null}},"time_used":1001,"timings":{"blocked":786,"dns":0,"connect":0,"send":0,"wait":214,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 2400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Nov 2024 05:04:29 GMT\r\nETag: \"673584dd-960\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0bcf1df58cd45e16ec5bdf0264504701\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"da69e30e16cfe1ddbf85e3aa3642b21a","sha1":"8530f19327891df0e585355279ce85507e3ffda4","sha256":"c74d62e601ba04d4d92df4ef116934762c23316bca9f65dbd2c2b4b6e73fd431","sha512":"3bf68ecba7a87746a369e9e3d69422cdca616c6952716c27ae50528aaed987ce69a1a8d81b2d327be14914cd7f567dd0c2bef5075eff527cac9e9fd7cd091bfd","ssdeep":"","tlshash":"17411a95bbdb6a13120982a620fe6002ad210800d9f2bd6538db4c733ce07f21964fed","first_seen":"2024-12-13T19:22:27.987299Z","last_seen":"2026-06-08T16:39:16.380289Z","times_seen":661,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/btn_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/btn_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 672\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-2a0\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 638a68a436d25c5aec76fb0fcf98a72f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":672,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit gray+alpha, non-interlaced","md5":"9bb39b9f25e57e73ad06a45b4bb34b6a","sha1":"104fefbe66cf791b1fc1b3a933a16e6606febcf4","sha256":"04082d0d7f70e5f41e4ca58d1712420801b243cdf5a21e7012ad4e70ab05f42e","sha512":"abfbf162af3b2dc40cea4c02d20f2af4e4d5ce586221af4a70b6ee5adefbb4856dbaf44208a3b48efc1149ddd15797fd3fdb650573a2aea78b9e85b20ed3eea3","ssdeep":"","tlshash":"d201d8f775fc213089b0639e9306919adfa703b2811210f8622875754075aaf1d79303","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-06-08T16:39:16.372016Z","times_seen":751,"resource_available":false,"data":null}},"time_used":1676,"timings":{"blocked":1462,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.carousel.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-5e3a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9dc2949f99d11f9866dd88444861a34a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-06-08T16:39:16.379254Z","times_seen":790,"resource_available":true,"data":null}},"time_used":906,"timings":{"blocked":-1,"dns":197,"connect":14,"send":0,"wait":219,"receive":1,"ssl":467},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/tg_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/tg_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 7233\r\nConnection: keep-alive\r\nLast-Modified: Tue, 13 Aug 2024 02:02:22 GMT\r\nETag: \"66babeae-1c41\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0711c570541e0c4b4fa07b70f18acae4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6f828495b8948381356d8f958e0e3816","sha1":"8a776df06f7f07a71a8811311450b978399117e9","sha256":"fe6c74efa40b05488d4e4944a45f32d22a8b13e60637ce57bbc04b5b8323663b","sha512":"5a64ed664f2bf2d934d7c0a41a51a5b95ef998087f3badfef552d3a898648fef2b561d3a09ccd64188d55f598fa3c62d98f3d3052c28f7a17bc1d887acf9b398","ssdeep":"192:5OC/PcLhB496ikdrltIH7XTYtHSEskZNpjZf1GqsiR4KM:3k3BiGrltO7Utrp3GURxM","tlshash":"a4e1a0ebf811dcc2f508a74bc452d10286ad59074774f5ae7f9eb5c3ac2098547ef44a","first_seen":"2024-08-15T14:53:49Z","last_seen":"2026-06-08T16:39:16.368671Z","times_seen":693,"resource_available":false,"data":null}},"time_used":1323,"timings":{"blocked":1104,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:33.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/error.js?2025092501 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:34 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Oct 2025 02:03:47 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dc8c03-28a5\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:34 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 48dd251cd79174a343a59aebca7600ab\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10405,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-05-03T20:56:57.980817Z","times_seen":476,"resource_available":true,"data":null}},"time_used":1001,"timings":{"blocked":788,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/png\r\nContent-Length: 143\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-8f\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: fb83c5770f341211771372722b9c5cb1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit gray+alpha, non-interlaced","md5":"9a413aaa3c056af34c80628bee9e4586","sha1":"a676a5b3e90762c8c4a9314985e9abf2bad95666","sha256":"5aa5f649a8a53a15e0b65385149db1ed4f7b6286ff043f5fd96445173fc8d6d3","sha512":"ce054b7ace97a2c6922c028af0a5501b442ce7c10110ae85e5df72a542355e9ae5cc0a51b5ec6d9d577517051b30378466cbc61d9830542d47fbe36b04c440c1","ssdeep":"","tlshash":"76c08ce12a204a28faa603a22a3811d0f820b2782929474800284837401212711ea6c7","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.369104Z","times_seen":909,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":181,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.kkmxxw.com/fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg","fqdn":"cn.kkmxxw.com","domain":"kkmxxw.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.kkmxxw.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2F:26:5D:9B:0F:53:91:A4:6E:10:B6:F6:B4:59:B8:76:9D:FA:57:B4","sha256":"48:A6:D5:A5:14:EA:84:C7:74:18:09:89:D0:18:E2:F9:85:58:56:90:46:35:F7:89:6C:A2:F6:84:9E:2C:03:19"}}},"request":{"raw":"GET /fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg HTTP/1.1\r\nHost: cn.kkmxxw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.kkmxxw.com/home/register\r\nCookie: PHPSESSID=4glk47rlaq1qf20t2kmqqi8op7; _first=false; JSESSIONID=95AA05B75D434AD21AC9CFF052D80A87; VERIFYCODEID=95AA05B75D434AD21AC9CFF052D80A87\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:35 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284018\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:04:35 GMT\r\nETag: \"6344dd43-45572\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:35 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 72b87ac4dfd4a0b32ac280a58b5dcb6f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":284018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1005, components 3","md5":"0b9750ad0104aa2243554d5b8007f99c","sha1":"a4fa7203acf5d89e0a8bcf976ed5d7eba62f30e4","sha256":"d234723f8ad984edd04a5dac23778f6832fdd954187461b8b09d46f542dd41e5","sha512":"6cfbf1045d4ca6a956f1bfdbbd39ab5fbbcc01a64612269dbc69b0d663f37ff8b289a657542ad0e00f54e8533e025306c5810ad6fff71782b65f4afeee65ca25","ssdeep":"6144:r+Ywcq6S74AwBaFtWcSnU0aOe+shTOMLO3jpT9a4:r+Ywcqp54aF8pU0cTOMLO3jR9a4","tlshash":"fc54223006e0e7531a7012f36f579fbb5e33a37d68a5da0c69ae168f4c4a35426f204e","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-06-08T16:39:16.39684Z","times_seen":852,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-05","alert":"Sinkholed","trigger":"cn.kkmxxw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.kkmxxw.com/home/register","date":"2026-02-05T00:53:34.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 05 Feb 2026 00:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 7362\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1cc2\"\r\nServer: gocache\r\nExpires: Fri, 06 Feb 2026 00:53:36 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: eaec012cc88531318398d3b13fd21ff1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"450da5e1024050be47083963bfeef8a1","sha1":"498dc30e72d3f82ddc7d12b8a8cfdb2fa1aa4323","sha256":"b8eb162ba4dd5f1752300b9625aa98f924eb55d937826b2a227f86ffb51f05cc","sha512":"af4c3f1367a37f623dbe211a17f3d55c9211e388d879d22a286b23ea5ab353adbedb3375199b7a50a8a1e391b9027f22d0102baa7c719533570c3b86a8f04bd2","ssdeep":"96:GY2gCFi+8zRv9iku2V0zRWTFatQL8R2zRPJWs1Y4v/iP0TnRiNXoHAY334hrK31Z:GQVsklKrt0wKE4ugnANYgY3blMu4xG","tlshash":"c8e1ae64bdf180d5d29dbc8d7fd6d063e82b8fd78180722658aec40a55a40b1e8a0a6f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-08T16:39:16.377727Z","times_seen":905,"resource_available":false,"data":null}},"time_used":1223,"timings":{"blocked":1006,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}