{"report_id":"0ae9576a-c9c8-4280-b0de-d54bffac0d38","version":6,"status":"done","tags":[],"date":"2026-03-04T13:33:22Z","url":{"schema":"http","addr":"mxx9.tv","fqdn":"mxx9.tv","domain":"mxx9.tv","tld":"tv"},"ip":{"addr":"172.67.145.137","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mxx9.tv","fqdn":"mxx9.tv","domain":"mxx9.tv","tld":"tv"},"ip":{"addr":"172.67.145.137","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-08T13:33:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":8}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T13:33:01Z","timestamp":1772631181,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":54711,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-03-04T13:33:01.572317+0000\",\"flow_id\":741546312711069,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.48\",\"src_port\":54711,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-03-04T13:33:01.572317+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"mxx9.tv","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"banner-notice.6dqr2n.com","ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-06-01T18:49:53.405981Z","last_seen":"2026-02-26T00:05:48.609884Z","alert_count":0,"request_count":3,"received_data":25424,"sent_data":1335,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.eaafacef.com","ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2024-08-15T12:53:23Z","last_seen":"2026-02-26T11:53:26.540117Z","alert_count":0,"request_count":1,"received_data":3169,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2026-02-26T00:05:49.293337Z","alert_count":0,"request_count":34,"received_data":1048152,"sent_data":16856,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-cn.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-11-08T06:15:29Z","last_seen":"2026-02-27T16:55:18.327184Z","alert_count":0,"request_count":15,"received_data":627216,"sent_data":6991,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"accounts.livechatinc.com","ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":44666,"first_seen":"2017-07-31T05:50:56Z","last_seen":"2026-03-02T09:42:02.202287Z","alert_count":0,"request_count":1,"received_data":1797,"sent_data":534,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-02T02:50:27.298567Z","alert_count":0,"request_count":1,"received_data":30388,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"secure.livechatinc.com","ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":8212,"first_seen":"2012-08-20T19:27:12Z","last_seen":"2026-03-02T08:45:29.636675Z","alert_count":0,"request_count":1,"received_data":2002,"sent_data":713,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.livechatinc.com","ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2005-10-31","domain_rank":36142,"first_seen":"2012-06-22T08:37:34Z","last_seen":"2026-03-02T05:15:34.576678Z","alert_count":0,"request_count":14,"received_data":1052444,"sent_data":6716,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"api.livechatinc.com","ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2005-10-31","domain_rank":29526,"first_seen":"2013-12-20T14:27:35Z","last_seen":"2026-03-02T09:42:02.154053Z","alert_count":0,"request_count":4,"received_data":20310,"sent_data":2492,"comment":"","tags":null,"fingerprints":null},{"fqdn":"file-new.a4hskh.com","ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-10-23T12:54:45.112235Z","last_seen":"2026-02-26T00:05:48.79619Z","alert_count":0,"request_count":3,"received_data":290994,"sent_data":1452,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mxx9.tv","ip":{"addr":"172.67.145.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-07-18T06:58:11.913254Z","last_seen":"2026-03-04T07:05:03.476723Z","alert_count":4,"request_count":1,"received_data":100372,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.v1c2h.com","ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-25T12:54:58.845462Z","last_seen":"2026-02-26T00:05:50.587712Z","alert_count":0,"request_count":1,"received_data":35341,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-01T22:20:53.525798Z","alert_count":0,"request_count":2,"received_data":752807,"sent_data":888,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.f4bzyrz92us3.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-02","domain_rank":0,"first_seen":"2019-11-02T15:14:40Z","last_seen":"2026-02-26T11:53:26.693268Z","alert_count":0,"request_count":2,"received_data":55914,"sent_data":905,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.1mebetx.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-23","domain_rank":0,"first_seen":"2025-03-11T18:24:04.090449Z","last_seen":"2026-03-04T07:05:02.324051Z","alert_count":44,"request_count":11,"received_data":650229,"sent_data":6293,"comment":"","tags":null,"fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"static-content-j.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:27:25Z","last_seen":"2026-02-26T00:05:49.495351Z","alert_count":0,"request_count":1,"received_data":6700,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.vrfpshbc.com","ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2023-07-07T23:23:19Z","last_seen":"2026-02-26T00:05:49.275608Z","alert_count":0,"request_count":3,"received_data":8108,"sent_data":1481,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.dingxiang-inc.com","ip":{"addr":"47.246.44.187","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2017-05-23","domain_rank":2207511,"first_seen":"2017-09-05T08:42:18Z","last_seen":"2026-02-27T16:47:46.879646Z","alert_count":0,"request_count":1,"received_data":277438,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"game.gp5trb.com","ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-03-13","domain_rank":0,"first_seen":"2025-08-11T16:46:35.765228Z","last_seen":"2026-02-26T00:05:48.677144Z","alert_count":0,"request_count":3,"received_data":22381,"sent_data":1394,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"add5a73cc868e84bf9a23645f6ef6bb3","sha1":"6e50ec60f742ea7803949bbb218c2e0aeb5c7cc7","sha256":"812e1852a05493abacd78b57865eb01f267b5a99e9a282b4e2099c2b2186394c","sha512":"a2ac5d905cd94e482d4d74a3e6c2fa3cd15587b91341bb8828701bbe7e289d0c9cb80c86c8544fb14468b55b21af7122e9d7fadca8a1eef571cecf82ac679c57","ssdeep":"","tlshash":"95e02b2a73f51004217730190b2ff6663d56302b0285ee013e5d57f13f54097f103a48","size":345,"data":"","first_seen":"2026-03-04T07:05:29.830045Z","last_seen":"2026-06-06T14:33:38.644283Z","times_seen":175,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","size":13514,"data":"","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-06-07T13:41:41.682493Z","times_seen":1127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"db233009002a4eb31490f97132531f44","sha1":"2949a2157eedf0902ce0e26cf68dd006f70244e8","sha256":"85a92618217d2e6eb435cc369c8ce72fce416ae33ca0edf0c1af63a3f3671de2","sha512":"b3a044ae3f7a6dfcf2bb9a488c7098c6eb52070076031ca90e1a87bace755188114f3e47e43f2a188b308ba6a563806117acaec41c9598d27885f7760b503775","ssdeep":"","tlshash":"d3217b166daa148227fb307942bfc2c832b99017058bdac03d5c55408f2cefa26f9b45","size":1201,"data":"","first_seen":"2026-03-04T13:33:41.590325Z","last_seen":"2026-03-04T13:33:41.590325Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"96e26840834c93f74e7848d679934b31","sha1":"8d580a3e38554c0137635a6554f5f9df433cd944","sha256":"362076f8bc76ad975e7dd3bd79523ea53444b7bd5861e302a6dfc07bbf3882fd","sha512":"d7cdb1cbccdcea4419acaef0eeddf39cd19d09a46c2cf6f9ce1a92409cc93404754634443725bdf2a5c9352194173bdde49d4b926c66f19a23716260f1480809","ssdeep":"6144:mXRiRyFwFl5sGJEf4N8dYxSGiQybJbQebLLQYpbLCzi:g2yFwFlR58kebIml","tlshash":"aa7408cdb3da706293a3a478403f018bb27a6892f84ccc95f195d9d42e7069a4277f7d","size":343737,"data":"","first_seen":"2026-03-04T13:33:41.49697Z","last_seen":"2026-03-04T14:33:14.475524Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7f7df7754425188f1ef15a2af3e5884f","sha1":"c9cc8708de40cc9ba3430b4327ca44c572d75c0d","sha256":"a2c58b12f47d0a3134ed0da5992673f1fbec601d831813d40f5fdd7d0d6af17c","sha512":"67715df1da03d11dd50c488dd9fffd31709e38b1336f28663327174c1291a01403e6e8bccdddcf07a41b5ce91db7f763608b6d27b1698b00f588046584f76df0","ssdeep":"192:/oDdk3EGClSTYtR/yy9lWVCytUNJDkG1ys:/mSCLDn","tlshash":"1f02cd8df1a752b829b73037537f10c2ab6f021bd456dc30bacf66b44f82a10a746799","size":8776,"data":"","first_seen":"2026-03-04T13:33:41.592631Z","last_seen":"2026-04-09T14:02:19.547757Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d8cddd1e681b2f249e2765a067cb8ea","sha1":"34b5356771791798d20c9f8c7a2e28891d0e0d67","sha256":"126aa5c20402492749afa9437df1f4bffd33146a44681883f246b62547815827","sha512":"caae18dd4ae2a0f4ba4e389e16f3ffa59f012d45653cff6c14c0969a7862c0173f001497bd71ae282f7932be098a2459bcf1ab040b5d766effc9e7ad9f70bd78","ssdeep":"","tlshash":"c7b01254991c7005f07178b75f885104155808127b0bd229c4408133b1ac5512cb970b","size":98,"data":"","first_seen":"2026-03-04T13:33:41.477897Z","last_seen":"2026-03-04T13:33:41.477897Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","size":68787,"data":"","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7ee54a7240990e7c3b05eab06f4a2e7","sha1":"344f7f9163a8214f5583328970d8f6bde9371089","sha256":"6d762892025be8c5b37c804c06fb5300353bd9a6f57eba232b5775b29106cb61","sha512":"74636b349bc64770baea93e5542d1d579192ef0367b87cad5b8a25a2898a33540b82e85ae90c7f7a5a40280d1c97c6c898348123f243ad9a9da93ad7f80f9ed3","ssdeep":"","tlshash":"8c01dc38f2744a4660bb70722d6be81aa9a94c072c0bda14f86c05e12fc06858b6194d","size":760,"data":"","first_seen":"2023-05-15T15:49:02Z","last_seen":"2026-06-06T14:33:38.646501Z","times_seen":781,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=59.0.1.41.38.43.1.1.1.1.1.13.11\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f9bf615a766a7cd8438fed43c9a42bb","sha1":"c21c3b77325b972e17d9fed28a539c1b5a9b069f","sha256":"990aff67333f6e1c9cf078b1a8df1b7416b1d202e4c0299f41605a08c88c0bbb","sha512":"702988c394bcedf70580927a875647e76fbe18f73a2c55971c1b0890c54f1ffa81f246b83158a63fef191aadfca6a31a57e2ce2b901a822299c15e378c632030","ssdeep":"96:H/993/mCi1bgrdQkP/9tw/mCvKNvKG8mTGFP/vCLq:z14IdQOu18b8m65K2","tlshash":"66b14116835fc4bb6277c19963cab70f35485138b1ec0a3fe464d670a1862c7d60aeae","size":5089,"data":"","first_seen":"2026-03-04T13:33:41.523094Z","last_seen":"2026-03-04T19:55:04.413087Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6321","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0477204fbd912ae41559ac62164435e4","sha1":"958162205dbfa21da8efa0d825a827e72882220c","sha256":"e52440734667090d7e0db0ce711669f60fe72a9ae258a6dbb9ee0989e806ccd6","sha512":"b80f33d09df45ab3116ff5da166c8d434b387d080f493bcf394f8d8ef03693db6efc4c8f2a07212c1a63f2ccc4a323bbbe4c44ed0cf7924619f76b8721f08251","ssdeep":"6144:E8XRiRcWyFwFl5MGJEf4Sp8dYqEGiQybJbCebdLQgSgceN3N:FmpyFwFld2p89ebCg","tlshash":"ab8408ceb3ca70629396f478503f018ba57a68a2b44ccc95f199ccd42e7069a4277f7d","size":407836,"data":"","first_seen":"2026-03-04T13:33:41.471587Z","last_seen":"2026-03-04T14:33:14.520855Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/8.Cht6u6sP.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"187d8444408628325c13db6342391630","sha1":"37a13e93d5853a75bd835a83e29cd20cbe313d9b","sha256":"027ed884dae6352d0b9ddf60df164bc121c2a621081e3cb6b9ac7b4120043548","sha512":"f83b2ae537323567db947720587b7463eac1d7caec8ab0aef82d13f41415c98d52adfbc82903afde21352fdd466b899ca30a8864685faaa848f9a8654816f5fd","ssdeep":"192:KZtPwLpcfZyJjChMMuTGUwPPWnhujfpwvelEgXXntXqjdA2ymTnIdwnQo322:KZtzyJKMMDUwPPWaagn6dA2ymTIdwQa","tlshash":"f0f1f8bff741e4b5e7eb88a09d1a0103ba3a1654799d8170f61c4d10a05eac4b277fe7","size":7834,"data":"","first_seen":"2026-03-03T14:45:10.146372Z","last_seen":"2026-03-06T10:04:31.123069Z","times_seen":216,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/10.al-9NYxR.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"4a073c5805819d74eabd3e843372d502","sha1":"cb12e953dbee2d3ea08d35d86bcd2476a490bda9","sha256":"0cb3247cac5de8fcdfb226ebe2dc4960b6ed473966359f73ca13ca286309122b","sha512":"036da8fb3959ebbef26b546019535a9edb7a99227a28252878247a756d3a7ea693f48e9ffdaf5886faa7fb2cbe56292bbf9552db5dd1d26e6574d8034ee183ba","ssdeep":"","tlshash":"ebd0a78cb643b0b16276b138853f801fb035e984a44404f0d13ad9c03d7c1a97597c5d","size":236,"data":"","first_seen":"2025-11-04T08:39:27.95245Z","last_seen":"2026-06-07T08:09:45.604095Z","times_seen":16280,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1772631179","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3991ff84193ddf40fe99b7d50c5f5606","sha1":"51957a2d49e96a8fdcadbbd34b861e2812c328d2","sha256":"4868ae7ddb2f17517c0ff8cac89f0605a59cfff477947a5f7394e9f0e1f9c195","sha512":"8d957bdd1ab30199fc9afc8a59460d27500f1bd4a096b4cdff2dbbdba63b56fd02ca4509871faa006558f97adf3fd6e04dd266b6736f82d216f0a684239fdb7f","ssdeep":"1536:E6sk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:2GW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"7033e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","size":54486,"data":"","first_seen":"2026-03-04T13:33:41.495212Z","last_seen":"2026-03-04T13:33:41.495212Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"33da25d95341b1c48c787b04f9384778","sha1":"20a89ea0917f6b3fbbab4eb5f8c26c8ef1c8bd2c","sha256":"582bb1cf00bb686c6b8d33b190a04a5e953bd237c0ede7feb8a69fac14caad72","sha512":"4e97f3e0da272242e7cd686e3e57dc749eaafbf1605fd9e23dc6f95e30d6d2bf98a8cdc91ca7ccd2f892413921e556cee501db1b02374fd40d2f99a8e615b639","ssdeep":"","tlshash":"9571336dbab70165107b102e06bfae087d950023a108ee5dbcacdcc55fd0d15b1fbaae","size":3573,"data":"","first_seen":"2026-03-04T13:33:41.595915Z","last_seen":"2026-03-14T12:44:48.007567Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dingxiang-inc.com/ctu-group/captcha-ui/index.js?_=1772631180958","fqdn":"cdn.dingxiang-inc.com","domain":"dingxiang-inc.com","tld":"com"},"ip":{"addr":"47.246.44.187","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"f20fbe4ba15ff136b5082a5a3541c49d","sha1":"3cd52a254611b3707ba10767a1ed86cc255900ba","sha256":"e53ab5be072532086a4288c12d9cec8fe8e98676d4aedfd2615c927c8b916c35","sha512":"cb1610706ef61ff6d8564dcc67466e0a96134107a4caafa8ee743033b541c66e24963dbb553ec7aade5f163572a9b4ddd9f0417a68ec3dd0e666534e5340a632","ssdeep":"6144:DLl3JD13W0TQCs7qo51+OD8vwEPhzDu6CZxf1t6taX/DyhD/+Htb8lJvOtKQkz:J9DHxD2xz6aX/qz+lcJOtKQkz","tlshash":"ce446cf7b2e0984e043a90a58d3ab47c116d1a11d034cf6ac9dffcda879e219e35b9d4","size":276757,"data":"","first_seen":"2025-07-16T17:50:21.878476Z","last_seen":"2026-06-06T20:45:34.442706Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","size":10405,"data":"","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-05-03T20:56:57.980817Z","times_seen":476,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/member/captcha.js?20230919","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"af5c80b7be75a99af8d3c1f9f9329718","sha1":"04cbc723e1eb8788a53197e191c70d1cdaf4bba4","sha256":"fe38dcb25afd6157d938da2bb21b229bb8660bdf2894a62341300998317ea1b2","sha512":"21c669b0cc023eba1b4158be72285261e85ded3790667447784871902eb10171faf60a6a5ce44de43dc8a64c7e499169e554e604f9637fdbe33bcc84dc022f1c","ssdeep":"","tlshash":"7561a929e4b241e13caf386b0a2f4d40e5618013b64eef667d1c46d0af859fa016bfdc","size":3459,"data":"","first_seen":"2026-03-04T13:33:41.511679Z","last_seen":"2026-04-09T14:02:19.500855Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9c8ff0e5b7c080ee9d3d70c907b0aa2e","sha1":"654600356ee4e7277b90d557700b9b586fd72a6c","sha256":"2ae8e970d6c353d53ea520e0dea0cb439574ce7478dfcc42fe115549e1475084","sha512":"58578f30488492204791c9b8e8448900b9c35e32ce1ba02349e52a6c5526688c33a4a67c04b25027937586b70e65d26f933e3e42e751174dc7ec523c629fe7c0","ssdeep":"192:g4tYyfgH8iIXXyiCavEEM8g2Frp3dx4rOyKztANA2A8ARadKHKCST:7B02hkstw","tlshash":"4c02b41af9eb1605293730ad1b7f418875b8d1236548cf30b94cead40f96914d2bafec","size":8902,"data":"","first_seen":"2026-03-04T13:33:41.597928Z","last_seen":"2026-03-14T12:44:48.008192Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","fqdn":"secure.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"d30bfddcdb3764a782b7c8584021d1d6","sha1":"64ed02149d0db57e6c1d68992361d7c1330a663a","sha256":"5a8894efd9ef253bc344f5587ea4fb4f4b8da39d4dbd49a390c2302898411623","sha512":"7f7061097e172e659abcf34d29c148da0bc746fde1307cefa2bcc88ee94db292ba498b3f287a8436b39f9e6d44d5e145350896e447ac7c3cfb281a91a5bc6c97","ssdeep":"","tlshash":"79b09222c200942a24ba8118239fa6073110537a80660c1b143c64a436e610f80a239f","size":105,"data":"","first_seen":"2025-03-02T06:33:06.481005Z","last_seen":"2026-06-07T08:09:45.679021Z","times_seen":26402,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/3.B2M_fyvk.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"8fc2becec9bbb5ac069aa34468b76215","sha1":"8a7dc639ebbfd8beb2ad59fe57b9a63b7a7f18a1","sha256":"570206c6c8ec5a0c0eff5a74a683a6dccbb08a24a5919ffc5be31680c27b4757","sha512":"72dd74a528d7ac7229e3f599a179b34d74f2eeebe24cda1598736c8c8e49e328094a505b12c562e554f5f4784d224be797a3cb95bb794246ed2d9f95cb4b3281","ssdeep":"1536:vgZQUuQC6WDvhFCvB0Hx6J+vXlKAwTwH7nDPWnYlkChX8qg4JklHYD82:vgKUuQPWDvhFCp0UcDOnA5sFikRYD82","tlshash":"fbd3f8e83992f5626bf312b700af5817733c192b280c4990a211fdddb5b845ea17bf9d","size":138438,"data":"","first_seen":"2026-03-03T14:45:10.188122Z","last_seen":"2026-04-09T10:49:40.066961Z","times_seen":977,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/newlivechat.js?20260126","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"82236be894134d60c1165840a2f1f432","sha1":"299865c8584f72365c7f4d87d99e8702c4cfb68d","sha256":"ccc9ca0fdd0b8e6f3cf3145e5ad7b9730cdf9573d46631916fa5055e1f6f84bd","sha512":"8ba9b5c320cdab328fef9faf00a641ed97c0e36eafb46b330637f90cbbc8bf503e0ccea92c33e6a886f53f37502fea66f5ec4722787c2334f6ec41ca58bbe768","ssdeep":"","tlshash":"2801d089bc45b076ab56326c713bfa07516213156844683348ee87bbeb32e9b410358c","size":733,"data":"","first_seen":"2026-03-04T07:05:29.810152Z","last_seen":"2026-06-07T13:41:41.691747Z","times_seen":176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"54630f003417f9c46834391ef382ecff","sha1":"73648916e37855a4b0bf37347f20d21005870edb","sha256":"2b8e74248a2e4ed6d0629ae47bfce5393cc326eedfd9b86eaf91938e7896dfa3","sha512":"a99b016499cfee8018cbd61ac8d4f91264404c97ea8f5063b2cb122de769c850b57b26e2f7e6e4d43fb5df47cd23d6ba3da88ffbd5492f16434b62b3b89bccc8","ssdeep":"192:TtXlChwBLXkjJ18fjmiVdOFd79o5cKJmvmztlIQFxe2sHLc/evuhw3jIzso:TtXlu8LXOJo/ascHuLxV/evK1so","tlshash":"af521a2947a9fcbe02076ac4fa6b540a60d41689d4e04c2bfea9d51c5b44d8b73cfb1f","size":13632,"data":"","first_seen":"2026-03-04T07:05:29.805591Z","last_seen":"2026-04-21T19:43:50.779269Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/livechat.CWIaArQD.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"41bd0781dab47aa3519cd96277bc3dab","sha1":"130ab6f2eb3579c4d359af5ebd564082587812e1","sha256":"125146563f5edd2bba83bb862c052f8a441cf8e7ad82ee68d5e9797e0f784c27","sha512":"9234dda40c619d1f83c69685329b6cac199aa45df428f9a1765f26933d665fe94b83b7877f104656d87fe9c066c43419889db1ef569cffbd1a20337abfb441a0","ssdeep":"","tlshash":"37e05adae300b8e3fad9dde4c004e1a1a6faa39b47f487b0d0ce17715755165ce41a52","size":401,"data":"","first_seen":"2026-03-03T14:45:10.260928Z","last_seen":"2026-03-05T09:29:13.543871Z","times_seen":149,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/2.C0gegXQh.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"03c7b810234448ae64dd9892a662e43e","sha1":"5ee59572e8d1528976d6e603ba8e6aa8cf4e0f19","sha256":"6e5ea6662f022d5efc56b6bf3d1797674cc7f04eb800db1eac9a49be24629690","sha512":"83e4a67903b7aa07a92139fe3006ef9074bc67e4fa03bda85db98cccb2c932b4fb5bae5f04b72cc7795b06f4eda720237ee07e53f24de7e19ae0eb57e31b4b56","ssdeep":"12288:mx4lCyAjiSkC8nMQiiHkMK1rEdlOqtB5/oS6JxIOfDf+5tqbFmqeD1d9WB9Ff/mS:mx4lCyAjsdzqzYi","tlshash":"47946be07242f938d7e7c19b90bb160af33d3d09b42e9620f1ade85d33954489267fa5","size":442575,"data":"","first_seen":"2026-03-03T14:45:10.205138Z","last_seen":"2026-03-05T09:29:13.782645Z","times_seen":151,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b5a216676f7f7b2c0f5a00e34f514fd4","sha1":"0c576091dbb665e9be0310eadebbadd0e1b76b92","sha256":"e3cad6b85deac4124b9447119efe6b504c8f0ffb6356bc888da840d9ce65aad8","sha512":"7db49612cdb2f7b4d14f9913654c0185da4529072174d57baed4b601ff823600c1cccd8c2e33cf721b491ee7eee71dd61622d4e4c2de6c8c1bae5273d5075490","ssdeep":"","tlshash":"dd613fe2fa58331c94be94a90cbb21c6b19518e521418c74bd4d53e07b2286d6f3beac","size":3430,"data":"","first_seen":"2026-02-14T03:19:09.698711Z","last_seen":"2026-03-23T01:49:00.957451Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","size":62427,"data":"","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/11.DJPUQwQu.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"640caab52100a1e9dfe618aaeb79838f","sha1":"4654776a82e5405614a595d40cb33ca2b5bae0b5","sha256":"fb8eb817d7251014c136b441bd4004fa6567908059013edbb938925f23b67ceb","sha512":"17d605182be517c5e797b2fd823b9ab7b6bd73d97bd2c3d11c5eb29d108cd350d789116528e351abaebdf3654cc65100b9e3353064ba38c9ab9008126c6a3061","ssdeep":"","tlshash":"00e08cbdfca8d92152f5e9f8c0b60822cb593b0e502382b0f60e6f4a9519199a552826","size":300,"data":"","first_seen":"2024-08-27T15:26:59Z","last_seen":"2026-06-07T08:09:45.643273Z","times_seen":29021,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","size":18633,"data":"","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","size":520714,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-07T19:34:13.959633Z","times_seen":15820,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T08:13:41.750256Z","times_seen":121588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","size":24119,"data":"","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-06-07T13:41:41.679746Z","times_seen":787,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","size":34779,"data":"","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-06-07T13:41:41.691214Z","times_seen":786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d0b0bc1ef7bcdddb43044412caaef9f","sha1":"7486b48306bd3c1c94547a5c4b238d40e4c2be3c","sha256":"87f57b68bdd4f868c5a97901e2bb9b9192d77093a62ba7fb2b0a405e4d73eb6c","sha512":"9cbb500a3bb1bbe52fd69f7b3ffe53f325c55da5b7d3510d72dc6f01b9ff25c3f268e8317a86d65c787fee9d23197cb877c138ff00416ecda80d40c1ee9e281f","ssdeep":"","tlshash":"9be0c216736e1091842328154a3b53054b342513682f7c02fc8d02941f2e60cc073a02","size":382,"data":"","first_seen":"2025-03-02T07:32:23.118872Z","last_seen":"2026-06-06T14:33:38.654319Z","times_seen":772,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b42e0314adee140fb5e18e096f4bacc6","sha1":"88a0dd79b84b2e572836c66669ab55f89b900b58","sha256":"79cfa18812005def94e215acc70f8ac882ed591a822067b972f4ac2235c6f1f4","sha512":"99546e964d9fbec171b64edc7d2d355aa9214fd8948f81883cecc0950eb590e49bfde4a8e76b7941c43b9e1d9670e6058f566d327912f96e3d7f7ed00553ec0a","ssdeep":"","tlshash":"b6c02bc8211a0c7191fb27008b3ff604b402721898e96931cd0a33054d30e03db58c44","size":155,"data":"","first_seen":"2025-03-02T07:32:23.121669Z","last_seen":"2026-06-06T14:33:38.658209Z","times_seen":780,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa249485a4961fe24b760a4d9e9febce","sha1":"c21e2c980ab76e0f7a7f9cfaecd375bcdaa20fec","sha256":"e41ff2bf25448947d8dab8b9ca03133890adb03079188916abd97b5498ea4fa4","sha512":"fe75a281232dd8aec23d33f4f14da97a77561267a7cccd1fc3c51f165aec9b69599ab0d7706c8f9fa72a089744e604a97b9b5f9950e4cab9c607bc2fc777023a","ssdeep":"","tlshash":"2001834e345c05e721b776e733f3820cb86756071084f492f74c869c0e008ba005b4ac","size":688,"data":"","first_seen":"2025-03-02T07:32:23.124386Z","last_seen":"2026-06-06T14:33:38.66059Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87044102cff06b623100ade4509413fe","sha1":"4910cda6da540e5340cc9357a21861856067ea00","sha256":"25d6d6174234062dea3e4341e86b162a91f2a8a245654aa69f6f5bd1282d23fc","sha512":"2781832da4ef05f20d23240d0321a6a74fba1a7baa07797ea68a8fb18b5bb7daf28176aec390a0a65bef36720af288df0be5afd889b52534c441ca011bb01a49","ssdeep":"","tlshash":"60d0950f1c1514382379147d10bae5ccb171104c907dd50040dcd4504964ed50c3d7c8","size":254,"data":"","first_seen":"2025-03-02T07:32:23.127917Z","last_seen":"2026-06-06T14:33:38.661142Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","size":10762,"data":"","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/4.C_rgEAoe.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"1771376dc07da48b3f03339d86d57b7b","sha1":"a5861ebfff23a92ccd1ce6b8a517b6f877d50a63","sha256":"6e148df31d721a0ff08563f2d676751786e01418c86ee54ee8f0e88aa46ae26a","sha512":"6038efed0774fd61c7bf6558d3ea24ccebfada1041fa2c1606263a19f8700043a18f6e368ed550fc61f644eb7b81f8cac01498f30cc56a103295911b28e436b0","ssdeep":"","tlshash":"afc022563060f3a502bb0ed00033e02af32a402cf0ebfa80a65cc4f020630530a26b1b","size":193,"data":"","first_seen":"2024-06-24T12:34:02Z","last_seen":"2026-04-09T10:49:40.045057Z","times_seen":23532,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/5.COnDpwuW.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"547d768a115f0b1c13a416dc06518ca0","sha1":"7f8fa3a9fb3f4a42bdf7f8e54f0620cfc21131a9","sha256":"d94c017d073799d844ba244e1472809a046dd250e5a7dd740c4f63b429213e70","sha512":"5426431966b1f3b78fee17347398a1c3dacb84ef2872dea69cd44e14f13a633e51159c05931b6d0835c8b6d4a2d199e3c874f7a7a2b2ca9f8c1dc0ee550c6b34","ssdeep":"6144:H3zu6cNIPxo+y30oO3fpKr35l37Fw9rqRDFq:Xzu6cNIq+y30oOxKr35l37Fw9rqR8","tlshash":"0b246cc4f18af53887eb34e6547e2002f63d6d18784c8560f758ddb63da858a9273f2a","size":218278,"data":"","first_seen":"2026-03-03T14:45:10.180807Z","last_seen":"2026-03-06T10:26:49.391079Z","times_seen":221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/6.DOO3t-_-.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a8e2b53982d152df0eaec74958f27053","sha1":"0bff986e88e2713c3d3ec2641496883eecc2acb8","sha256":"9c47463b03fb3737ba6f86f9136a8d3b45e4bb03d2bf66c53e17c6461815ceae","sha512":"1be83a22adbfba76ace6c0541d1198ee40c7784321e6e226fe100a063693a4a055d941e7824381a73264e4a0db7dfcf20febc1c75dcf2f953a5aaafba3579018","ssdeep":"","tlshash":"7f012fd938c398b0c32784cd21b899b2f57c0e4864fd40d0f5d86c8a3b221b1823aeb8","size":847,"data":"","first_seen":"2026-02-25T12:54:39.727904Z","last_seen":"2026-03-10T07:35:49.440775Z","times_seen":718,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/9.xhyEK0_l.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c96a39460d2b0a92409b2b92f3da88f9","sha1":"c1ad7e3c7f38743ebadf589676726dad6799a9d5","sha256":"af2012b0cdfa449f186df2f8dc9b3e64b48b8c5c630cc8d3c4df61973499e7c4","sha512":"c6a642b4f09c7dc0b2679c972cc99e4c1e00e268d309aae062883d3eeeb7d3e39bef53388dd20aae7f733da57ed2374c1b12ded0997cbca2762b4b03c332cbfd","ssdeep":"","tlshash":"27a022ca38ca32ae020230300f0f20c0e0b8c02c030e0328800a0200b2300a002ffc3c","size":74,"data":"","first_seen":"2024-06-24T12:34:03Z","last_seen":"2026-06-07T08:09:45.62326Z","times_seen":18421,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/captcha/geetest.js","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7b340e01f62559af09e1e18798703de","sha1":"924f9233a48936eee0871498e0f5ed2bfd57c350","sha256":"999339952d10e2be3c416dccb51821a164038c2c871583d5a2feb20c6851021a","sha512":"050929fa90d7dd6757dc2114dd6137b71369492b8f93c547742e1a5ee1bf35e6a588346b03d4b0197e5993510a7f5ee63ba198daaf8574f34326c37307f994cd","ssdeep":"384:OcB6Y6+HiaWSXauU058DIml6yDwFJQqVqp:OcB6Y6+H9HII22zc","tlshash":"7552114d68f7609385a3b428ca9fa114b9788a57002ccd85bd4ce3589f9447c9bbbfdc","size":13352,"data":"","first_seen":"2026-01-06T02:22:39.991269Z","last_seen":"2026-05-17T00:11:42.671025Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"09b6a9ef54ab9c825298cd9a9d9ca45d","sha1":"eb87b20d55ec83c8d29417da60113f0283b2246d","sha256":"af68e9610525733157637c6a6d65d9d80deadf76dd5b96aaaafc133c280c09a5","sha512":"d9fa04f34e4c18a79fa7a70c631589cd16077e1c2fd880973624f8feb4d02cb19f56b3dca48ae8c60093d74cc0275d18bfd6ed9eeb9d58894498b86c5ecca8b0","ssdeep":"","tlshash":"e8c08cc028e20ea2553ee04218b9c29220712fed01739894e0ae931c2208060bbed23e","size":156,"data":"","first_seen":"2023-03-07T16:03:14Z","last_seen":"2026-06-06T14:33:38.66306Z","times_seen":794,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","size":77892,"data":"","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-06-07T13:41:41.66726Z","times_seen":1011,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/sandbox%20eval%20code","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/1.CQtGlTmN.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"4a10c7ff679d5a6296b3e15ec71fa5f6","sha1":"7b6d3653a318fe95570cce84c6b5ba72a4bf5015","sha256":"67d420b46de773221b02141e8c7134fd015b59b5e5f745ccb29b3c92468be0e5","sha512":"89efa657bfefa3013105dcc1ca62f63a2e77067fc7068ded9f25e6e206602ea1adc9ce6c0788740a8b757c83b57a6f53a47c26f9ba10cd8f8fd966736fa3dac4","ssdeep":"1536:M51K4Z4zJvuhGqG1Qn9TtKP1V7g6FkE3cJbvM:AdC2hqw9TyV7ggkEMU","tlshash":"21334ccef14174315bf315f2a06fa106b73a2a2d384c81b0f629dd9925de44ba227f6d","size":55065,"data":"","first_seen":"2026-03-03T14:45:10.161206Z","last_seen":"2026-03-05T09:29:13.692326Z","times_seen":151,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T08:13:41.750256Z","times_seen":121588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/sandbox%20eval%20code","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/global-mapper/lc_license_id/19463678/region?jsonp=__lc_region","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b17346aced6298b7e1cadcd62f40003c","sha1":"c28b849fff4b4d9d006d803bc4d18368446ddce4","sha256":"a379b1707064386da00957301b6eb053249cfb462047d44e4fb6d52898f5b78b","sha512":"93be3c00856eedc8cedd0c7bd2b2a5873aa85dcf9e893d9e972421d122c568cbb1c9b4ca633497bc80900f688898040a218616dc69a4716fcd3d5a2dc93fb928","ssdeep":"","tlshash":"8080000e20002ae30a20ef3e8023ec0cb03e033223008288c302208228002b0822ae0b","size":35,"data":"","first_seen":"2025-05-16T12:26:33.454661Z","last_seen":"2026-06-07T08:09:45.682147Z","times_seen":27952,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4da556734f4b410ce3f99b7a5d1602c7","sha1":"796c0c45978d28d16ce343d9cc38154d80da9f3b","sha256":"99369cde7758c83db3a0cf8c5e8c2298d043bcb243c93b1327acd242b7cfd2c3","sha512":"22e0dc1e0b2fbc3c91874da0b1861484068c6c587f86c57d6796cbb03b120d61de2165ec8fbfad56b96e2bae76c29e5932f7108e05a436bd3d3239c6e350e264","ssdeep":"","tlshash":"d7b012315b10516e2594d02d353f1800fcc66117ca00c9b5663fd9d149c4cf0c1748cf","size":105,"data":"","first_seen":"2025-03-02T07:32:23.133072Z","last_seen":"2026-06-06T14:33:38.663566Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.1mebetx.com%2Fhome%2Fregister%3Fcode%3D32654\u0026channel_type=code\u0026jsonp=__4q59cky78tn","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc7a707cbd6625e84852507bb3e2c1a2","sha1":"fd19aa7abeade4b046b7007851daf87511de9801","sha256":"040d1fda6ca225a45dfc6a076d7423109e3b24bfc302ac160cdfefc7df0cde3f","sha512":"3e6a30d15c66a19fb36250357eb40cba6f32bbffad798fe92715ea3cbb6d2a28bc73e5fa8ab0d1bcf49cab1fcfc0697f0ff4fc3377f8f8caf4a80d71e5197994","ssdeep":"","tlshash":"fde02017ef0185359ec4e3fde414fa01693407e7924459b876681310121f7cd6321607","size":355,"data":"","first_seen":"2026-03-04T13:33:41.50063Z","last_seen":"2026-03-04T13:33:41.50063Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/7.qYTqns9Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d541ce2d754402b833cc65b76eaea2c6","sha1":"c36a92a0f5cef497ce42b1e8b4c72c8d9bd3786b","sha256":"80353503e48ebf6c2ae9f70184d3e758f64bacf48afe147e039df807509200cb","sha512":"f8cd5cc49f9276c580419958bf312ee0a311194fd41d116ee709e56401d769511700031ec9f3e6151f8da6b7e13b16e374a231e31cb00b92413ce5c751c2a0b6","ssdeep":"","tlshash":"f090044530d334753111111c453f5c0551144c4c05d55730c010d5551f514f4571fc4c","size":40,"data":"","first_seen":"2024-07-04T09:32:22Z","last_seen":"2026-06-07T08:09:45.613581Z","times_seen":29837,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/0.D0pe4iQO.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e622d582bbb1d5e18ed878ead32fb56c","sha1":"5f032bd2186d9a3ae7c08ec3b382d80c0c5aba37","sha256":"ae6cb07d09fa8f1ef60e3a5eee77e099674cec854d36dfb69bcd2f3cda4a878c","sha512":"a2bad043043ecafc0a33ec9b0b938413d284fb2fc698bb4ccccf3263ce201c7d96876736fed1648e01cc2a5edb57b5a14c920cd3e47f71f37239361399d2269e","ssdeep":"1536:oA1MU0ZmifmtX5KJBZLbNNl1lvz9iRQA0k3hd42XRCdCEQ:H1MU+fQX5W7vzY2Aj5XRCdzQ","tlshash":"9f7309e1f296f5399bd7a8e551245103fa363a18b86c8270f31cce14219e5c2b1b7f9b","size":75439,"data":"","first_seen":"2026-03-03T14:45:10.145234Z","last_seen":"2026-03-05T09:29:13.553508Z","times_seen":149,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"de8136a42d86f1a38f8a874c5a4692b8","sha1":"4dcf9678da7acf390be792495afcf446fc17cda9","sha256":"3d128a02c47569a1df0ce847c7164f3680f777b2f8aa881711082fd38856f75e","sha512":"15138ebb3c15680c5d35ac8fb14dbd97431f2d0e286d8e2b4616302974be965022f47e30ee8e1d00549c170358bbe78e95f6b79a799792f39843de453d00f77a","ssdeep":"384:dHJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dH4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bfd2c9a9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29905,"data":"","first_seen":"2026-03-04T13:33:41.49856Z","last_seen":"2026-03-04T13:33:41.49856Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e281b6261d7a4389d1a73ba7edca4c3","sha1":"3ff58b8c22b9a16f71fc165c2fdca441df3116f2","sha256":"7977e1460356f3afb0bd6241246a968d2f485a905c6248e534fb53140c96c53c","sha512":"1d007f47c8fd6020cb584d67325b21835a8b1fd4a63ca49cc014beb6c895d2bcc47369134b46715a66cd24b2965e92e10116aac415e0b6f09045f79eb2b42ecc","ssdeep":"","tlshash":"c7b09288e9a8402a91ba1922242212cd19aa1866e8c000821462d99009bab4c656be9b","size":114,"data":"","first_seen":"2025-03-02T07:32:23.13386Z","last_seen":"2026-06-06T14:33:38.664573Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/captcha/geetest_captcha.js?20230927","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e345de06bb4a6932b96037c5da2c4df8","sha1":"21d7b304e5a5dd24b62da0e7948922207c552c8a","sha256":"72d61c5f4a81b60d7e425371ab3bf7f672dbbc29e58e6765622d008bf36bd64b","sha512":"9767a703990e25c6c6815ab9d5396851f77d8610526c7ed9c965bf02d406d1dec9eaf41df28fad7dc59a914f03b2d48025f07fde6b2cf1ddc369c151f564c917","ssdeep":"","tlshash":"625116799976cd824d1fa0b7a75f9898d601832bf505c9843decc5ce9f274888091fd7","size":2772,"data":"","first_seen":"2026-03-04T13:33:41.555388Z","last_seen":"2026-03-14T12:44:47.989828Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"2d32a39ca4e8108b1db401e506d98f19","sha1":"ddafeb5f3def94e42c1c5c9f4f89804ea2d26736","sha256":"a1d49f8e5be67da4b3921d0f7cf628b007871101160e6eb6d746bcb440da9a45","sha512":"142665a3e052397ebfafc0b60c203aa3e1dd95905ad5e8708272bd75639cc9dc8d5ae9b4896bc7836199c3ff12aac2d390bfd3fdebca440681bf07b7c09767e2","ssdeep":"1536:E5hboeri/BevgjTcAhWeypynDx4Wwwpw84Io6eFlIUYow8:Evboeu/kYHyp0DPheF4oh","tlshash":"e2a34ada7282b03453f786e7a17fa216b3392818340d8420f17cdd6a395a9c79177f6e","size":100997,"data":"","first_seen":"2026-03-03T14:45:10.225758Z","last_seen":"2026-03-05T09:29:13.614557Z","times_seen":167,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95931,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-06-07T19:19:31.473411Z","times_seen":20198,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971c3cdc01aac017b45d6aaf9d29f3ca","sha1":"43b0e892b57bcf623a59772c8486e310db12b99e","sha256":"095e217a343951c56a3242eeb3e57680822ea3f9289c76751d6ab036ffeca2c2","sha512":"f63223e81453fdcd94958f3f49eb7534469ffbe1c58df30637d72679a79818c7f478847923dc48781ce5d7f6d4586acc1d9a19ddf97aa474f1036eb995c8cb6b","ssdeep":"","tlshash":"f7c09b31d97994d45d3694c5041593793cf4e03207dc5321f7d8716ca7ec75151a1643","size":134,"data":"","first_seen":"2025-03-02T07:32:23.135874Z","last_seen":"2026-06-06T14:33:38.665075Z","times_seen":763,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","size":60825,"data":"","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"5f1657aa88fc3ccef43eae4cc9e6c6a1","sha1":"6e7bbc129639d9d1e720e65d4fb5e47a169e34b1","sha256":"49f946e18c8122040d9b28cca6dd3acc98a74ea8b1898a07bf23d2dee43cf2bd","sha512":"bbf9ca9cd90e61bf2f2c034fffefc7c84dd0a8b5f6b2daf44a946fa608d980647e5e31bf97ff6a6cdca8df628bfca1bb0719f48f6519d7c792f235686e772236","ssdeep":"96:xJkC2G3sf7cWGA5KK1IBXu8/NTmuGz79djLMGcslsghGdHXTI/LDHoUqn:PkC2WszNnD1Y+sV9kXjLMAOghWHXTI/I","tlshash":"efb1001f41622329902bec684fb4a7178178e8776d5e77fa24132a2dd7cbb4115e238f","size":5515,"data":"","first_seen":"2026-03-04T13:33:41.632404Z","last_seen":"2026-03-04T13:33:41.632404Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/1.CQtGlTmN.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/1.CQtGlTmN.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWxsOa28qQEt7tOSzJD9XEfLcbJdg2jXltav00tfD-CTcm4N2W2rRh9oRHB4gHK4wFxutjfNerf8SXLMQA\r\nlast-modified: Tue, 03 Mar 2026 13:43:26 GMT\r\nx-goog-generation: 1772545406947937\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 55065\r\nx-goog-hash: crc32c=IRlKXw==, md5=ShDH/2edWmKWs+Fexx+l9g==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 19889\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":55065,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37790)","md5":"4a10c7ff679d5a6296b3e15ec71fa5f6","sha1":"7b6d3653a318fe95570cce84c6b5ba72a4bf5015","sha256":"67d420b46de773221b02141e8c7134fd015b59b5e5f745ccb29b3c92468be0e5","sha512":"89efa657bfefa3013105dcc1ca62f63a2e77067fc7068ded9f25e6e206602ea1adc9ce6c0788740a8b757c83b57a6f53a47c26f9ba10cd8f8fd966736fa3dac4","ssdeep":"1536:M51K4Z4zJvuhGqG1Qn9TtKP1V7g6FkE3cJbvM:AdC2hqw9TyV7ggkEMU","tlshash":"21334ccef14174315bf315f2a06fa106b73a2a2d384c81b0f629dd9925de44ba227f6d","first_seen":"2026-03-03T14:45:10.161206Z","last_seen":"2026-03-05T09:29:13.692326Z","times_seen":151,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"api.livechatinc.com/v3.6/customer/rtm/ws?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026x-region=us-south1","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.11","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/rtm/ws?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026x-region=us-south1 HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://secure.livechatinc.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 6yuxS+00GNbMw7Axy2kOQw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nsec-websocket-accept: zL106Gp8vI8Exh5gpRr0FDwII3I=\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://secure.livechatinc.com\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nUpgrade: websocket\r\nConnection: Upgrade\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T19:34:24.271823Z","times_seen":16219631,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":138,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/livechat_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:06.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/livechat_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:06 GMT\r\nContent-Type: image/png\r\nContent-Length: 1101\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-44d\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:06 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d36d459a8dc1138ba1c92bc570bd5fdb\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced","md5":"9bf9d2f7250d29bd08780715c25883c4","sha1":"f46f8fc970f8c9fbd2d98d8927ceb85697905746","sha256":"49e7a440de423900c4321b784080e34fd9f28d0b8fd77aac440e4c256bb0ef16","sha512":"414ce8230dfcd1f1dbd9bd663ef5ac7e5e5f2cfd082c2b83df49c505d654f7b2f56406a7bd527ad1994cf307de5bc131af4f296488c22549d95f1da7ec2f9bda","ssdeep":"","tlshash":"1f11f6ce2194642c51129c2c87396a60a8e78f86053f4b1cfc804c2b6203d61a01c0b2","first_seen":"2026-03-04T07:05:29.756657Z","last_seen":"2026-06-06T14:33:38.567971Z","times_seen":172,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/rsa.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-34ca\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: bbf066ea65a197a4764fc9778add3a2d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (5026)","md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-06-07T13:41:41.682493Z","times_seen":1127,"resource_available":true,"data":null}},"time_used":1134,"timings":{"blocked":919,"dns":0,"connect":0,"send":0,"wait":214,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/member/reg.simple.js?20230220 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 31 May 2024 03:05:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"66593e68-2b0c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a83a2b056dd8cf89639da3f2d83668e2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":11020,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"resource_available":true,"data":null}},"time_used":1149,"timings":{"blocked":935,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6321","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6321 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 04 Mar 2026 13:33:01 GMT\r\nexpires: Wed, 04 Mar 2026 13:33:01 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 139812\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":407836,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"0477204fbd912ae41559ac62164435e4","sha1":"958162205dbfa21da8efa0d825a827e72882220c","sha256":"e52440734667090d7e0db0ce711669f60fe72a9ae258a6dbb9ee0989e806ccd6","sha512":"b80f33d09df45ab3116ff5da166c8d434b387d080f493bcf394f8d8ef03693db6efc4c8f2a07212c1a63f2ccc4a323bbbe4c44ed0cf7924619f76b8721f08251","ssdeep":"6144:E8XRiRcWyFwFl5MGJEf4Sp8dYqEGiQybJbCebdLQgSgceN3N:FmpyFwFld2p89ebCg","tlshash":"ab8408ceb3ca70629396f478503f018ba57a68a2b44ccc95f199ccd42e7069a4277f7d","first_seen":"2026-03-04T13:33:41.471587Z","last_seen":"2026-03-04T14:33:14.520855Z","times_seen":2,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_localization?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=4940c52ca0caf914a8b155bf4411bbe5\u0026language=cn\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_localization HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=600\r\nexpires: Wed, 04 Mar 2026 13:43:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 5935\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13632,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (9143), with no line terminators","md5":"54630f003417f9c46834391ef382ecff","sha1":"73648916e37855a4b0bf37347f20d21005870edb","sha256":"2b8e74248a2e4ed6d0629ae47bfce5393cc326eedfd9b86eaf91938e7896dfa3","sha512":"a99b016499cfee8018cbd61ac8d4f91264404c97ea8f5063b2cb122de769c850b57b26e2f7e6e4d43fb5df47cd23d6ba3da88ffbd5492f16434b62b3b89bccc8","ssdeep":"192:TtXlChwBLXkjJ18fjmiVdOFd79o5cKJmvmztlIQFxe2sHLc/evuhw3jIzso:TtXlu8LXOJo/ascHuLxV/evK1so","tlshash":"af521a2947a9fcbe02076ac4fa6b540a60d41689d4e04c2bfea9d51c5b44d8b73cfb1f","first_seen":"2026-03-04T07:05:29.805591Z","last_seen":"2026-04-21T19:43:50.779269Z","times_seen":111,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/0.D0pe4iQO.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/0.D0pe4iQO.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWx1M9ZhFE4mbeQqHB4fYMmPEggmuQ2F2acnMvq4eKI_LZRC5EU-JSJXAc6RylIyBOx0yKW_paY\r\nx-goog-generation: 1772545406947247\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 75439\r\nx-goog-hash: crc32c=tH/a0g==, md5=5iLVgrux1eGO2Hjq0y+1bA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\nlast-modified: Tue, 03 Mar 2026 13:43:26 GMT\r\ncontent-length: 23505\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":75439,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e622d582bbb1d5e18ed878ead32fb56c","sha1":"5f032bd2186d9a3ae7c08ec3b382d80c0c5aba37","sha256":"ae6cb07d09fa8f1ef60e3a5eee77e099674cec854d36dfb69bcd2f3cda4a878c","sha512":"a2bad043043ecafc0a33ec9b0b938413d284fb2fc698bb4ccccf3263ce201c7d96876736fed1648e01cc2a5edb57b5a14c920cd3e47f71f37239361399d2269e","ssdeep":"1536:oA1MU0ZmifmtX5KJBZLbNNl1lvz9iRQA0k3hd42XRCdCEQ:H1MU+fQX5W7vzY2Aj5XRCdzQ","tlshash":"9f7309e1f296f5399bd7a8e551245103fa363a18b86c8270f31cce14219e5c2b1b7f9b","first_seen":"2026-03-03T14:45:10.145234Z","last_seen":"2026-03-05T09:29:13.553508Z","times_seen":149,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/logo.js HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nCookie: E2Token=21e79691-ba62-449d-8f77-95735e808cd3\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=86400\r\nContent-Encoding: br\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1439\r\nX-Rate-Limit-Reset: 2026-03-05T13:33:01.2584169Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nc-Type: st\r\nrid: 58f7cb8870afce5b57db6d479a76a849\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"7d8cddd1e681b2f249e2765a067cb8ea","sha1":"34b5356771791798d20c9f8c7a2e28891d0e0d67","sha256":"126aa5c20402492749afa9437df1f4bffd33146a44681883f246b62547815827","sha512":"caae18dd4ae2a0f4ba4e389e16f3ffa59f012d45653cff6c14c0969a7862c0173f001497bd71ae282f7932be098a2459bcf1ab040b5d766effc9e7ad9f70bd78","ssdeep":"","tlshash":"c7b01254991c7005f07178b75f885104155808127b0bd229c4408133b1ac5512cb970b","first_seen":"2026-03-04T13:33:41.477897Z","last_seen":"2026-03-04T13:33:41.477897Z","times_seen":1,"resource_available":true,"data":null}},"time_used":292,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 300\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-12c\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: fce2749853a527f79c4bc10368071b63\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":300,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced","md5":"87b9952aa4def5ac2d4dce81528ecae3","sha1":"e34496b167df036229e923d8686858c0a306c1e2","sha256":"7aa81a942fe7f67e5b132b047c4db23993d6ffff8eaafd3692a6824236e11def","sha512":"0fbb21285e5fe2e16acb97529fe973d055261ea7e787fdfc0d4f381f9fd2c00a981dd5861a08a4d1ee0b62d0f145044678b8cc87297e62af85d5f758a826a508","ssdeep":"","tlshash":"c9e0eb4323a20d3ac3c85633a11b13308c304248b484a50d5e442a30cc8a34c2ebd623","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.491491Z","times_seen":910,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":202,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/2.C0gegXQh.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/2.C0gegXQh.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWw3xnaCQeuzbc19yd7QYazoEkbv15L6aDaO7fW25TXx0Gvn0O9Vf7MVI1EJ4RZNKR6uUGylpwU\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\nx-goog-generation: 1772545407074947\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 442575\r\nx-goog-hash: crc32c=cfKELA==, md5=A8e4ECNESK5k3ZiSpmLkPg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 124978\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":442575,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"03c7b810234448ae64dd9892a662e43e","sha1":"5ee59572e8d1528976d6e603ba8e6aa8cf4e0f19","sha256":"6e5ea6662f022d5efc56b6bf3d1797674cc7f04eb800db1eac9a49be24629690","sha512":"83e4a67903b7aa07a92139fe3006ef9074bc67e4fa03bda85db98cccb2c932b4fb5bae5f04b72cc7795b06f4eda720237ee07e53f24de7e19ae0eb57e31b4b56","ssdeep":"12288:mx4lCyAjiSkC8nMQiiHkMK1rEdlOqtB5/oS6JxIOfDf+5tqbFmqeD1d9WB9Ff/mS:mx4lCyAjsdzqzYi","tlshash":"47946be07242f938d7e7c19b90bb160af33d3d09b42e9620f1ade85d33954489267fa5","first_seen":"2026-03-03T14:45:10.205138Z","last_seen":"2026-03-05T09:29:13.782645Z","times_seen":151,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.livechatinc.com/v2/customer/token","fqdn":"accounts.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"POST /v2/customer/token HTTP/1.1\r\nHost: accounts.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 225\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secure.livechatinc.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":225,"data":"{\"response_type\":\"token\",\"grant_type\":\"cookie\",\"client_id\":\"c5e4f61e1a6c3b1521b541bc5c5a2ac5\",\"organization_id\":\"d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\",\"redirect_uri\":\"https://secure.livechatinc.com/customer/action/open_chat\"}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://secure.livechatinc.com\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\ncontent-type: application/json\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 201\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\nset-cookie: __lc_cid=46219cf9-e475-45f3-8f10-0eba421f2cc8; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 04 Mar 2028 13:33:02 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cst=154a0904fd34b39e518c5e8bb47e4155ab4ade941c6bd3ac5cf1fb48866297db81267acbf9deebd36117c9a8654fc052f650a579a7d6bd8ae69e88c582ba; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 04 Mar 2028 13:33:02 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cid=46219cf9-e475-45f3-8f10-0eba421f2cc8; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 04 Mar 2028 13:33:02 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__lc_cst=154a0904fd34b39e518c5e8bb47e4155ab4ade941c6bd3ac5cf1fb48866297db81267acbf9deebd36117c9a8654fc052f650a579a7d6bd8ae69e88c582ba; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sat, 04 Mar 2028 13:33:02 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None; Partitioned\n__oauth_redirect_detector=counter=1\u0026t=1772631212\u0026tag=c6b15b551b632376bdf6ec3a529effdac08f6e80; Path=/; Expires=Wed, 04 Mar 2026 13:33:32 GMT; HttpOnly; Secure; SameSite=None\r\nstrict-transport-security: max-age=86400 ; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"62db75379c993a93ef14e78d9132f625","sha1":"a3d37e94366828b9c84a6faf66208a35a5603f52","sha256":"373b16900012c216c1d8795dfdb4933c6cf1a357338400a28a3a08f6dd17c5ef","sha512":"6828d6736ca4aae26c18553034d24f8f30be918f598f92dea3c6d086eeb943960198fd9e45f15962797d9e2f4da2b80ca5400894225272829a70b111e2b5e379","ssdeep":"","tlshash":"ced0220b8a836cb2dffd2a4f68000a09a81105a2c3c0066a41a4e3aa0c0cd2433832e0","first_seen":"2026-03-04T13:33:41.482509Z","last_seen":"2026-03-04T13:33:41.482509Z","times_seen":1,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=32654","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T13:32:57.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /home/register?code=32654 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:32:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nPHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; path=/\n_code_cookie=32654-; path=/; domain=1mebetx.com\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 0e8999f3c1e551a61d3d7b379de44e59\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}],"data":{"size":99854,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (396)","md5":"628aa3018374746dd555af29f7e3e370","sha1":"5554aa052470393be20dfdd42453538d9eeb3f4c","sha256":"ddbcb9925a5d98ba35c8e58f71ea91fafe9170b4a5f232e27f1d51818b44e8fb","sha512":"cd82e3f67104dce1719be787ecd5d74b1ec4b24fb35a82ca342de49569988117ce18db4fbd4f4dd25ce403edee2d20b56566cb43605fae28176ebc0b2fbea1a8","ssdeep":"1536:6qWYDc/52Cz9Zxl9kbw2/P/n6nAIkqWTj72Wq3ODmbOCSL8KbkstGcd1JaOjQvvE:I5Z2P8iyxTPfW1JaZXWyzwb9WMg2","tlshash":"29a30811a8f94577017390d665bbef1a7eaa8037d2068c10b2fe4fc45fc2e82895775e","first_seen":"2026-03-04T13:33:41.484511Z","last_seen":"2026-03-04T13:33:41.484511Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3245,"timings":{"blocked":891,"dns":278,"connect":3,"send":0,"wait":1418,"receive":45,"ssl":607},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/captcha/geetest.js","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /js/captcha/geetest.js HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:32:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nLast-Modified: Fri, 31 May 2024 03:04:39 GMT\r\nETag: W/\"66593e47-3428\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:32:59 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3b15bc1705c1052bf6fa48989d26a25d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13352,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"a7b340e01f62559af09e1e18798703de","sha1":"924f9233a48936eee0871498e0f5ed2bfd57c350","sha256":"999339952d10e2be3c416dccb51821a164038c2c871583d5a2feb20c6851021a","sha512":"050929fa90d7dd6757dc2114dd6137b71369492b8f93c547742e1a5ee1bf35e6a588346b03d4b0197e5993510a7f5ee63ba198daaf8574f34326c37307f994cd","ssdeep":"384:OcB6Y6+HiaWSXauU058DIml6yDwFJQqVqp:OcB6Y6+H9HII22zc","tlshash":"7552114d68f7609385a3b428ca9fa114b9788a57002ccd85bd4ce3589f9447c9bbbfdc","first_seen":"2026-01-06T02:22:39.991269Z","last_seen":"2026-05-17T00:11:42.671025Z","times_seen":50,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor4.png?4","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor4.png?4 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 6656\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-1a00\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 80c686bf267df61b8a98f1e4cb92edc7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":6656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"bc0bfba88f57dddbcab058d13a0178fe","sha1":"3a82ca7e0de411faf17a0280292e18365817790d","sha256":"a91a58962bbd93730191f75f51b50108a6ee274b663c5b1f6eea2e09868abe17","sha512":"934411294e564656520460a6806d0f51058bf5d0dda73ca0e3e8b09c370e41a1d0afa135b8bc9bcd3f0d966a59cdb488b6b669ef6012c403c163e947dcc3d6fc","ssdeep":"96:oaLKcsHv7kI8AO6uNlW1/OvAT4AocvRaqMDlFB2QZkC0JfFdGcg1dcH8rsho6g/h:okFPWROvQzRsqCmtwcgHrsQksZz","tlshash":"ddd1bf6ba7ce2cd9a38ed2871f96796bafb1001491e319002c3332ba5a413844f31dd7","first_seen":"2026-01-23T05:01:52.465953Z","last_seen":"2026-06-06T14:33:38.55058Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1722,"timings":{"blocked":1499,"dns":0,"connect":0,"send":0,"wait":218,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/kz.js?20250807 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Dec 2025 02:53:07 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69378f13-10cb3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3e15ef736a2f07a0d0a9ea79da6c5c38\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":68787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"resource_available":true,"data":null}},"time_used":1157,"timings":{"blocked":933,"dns":0,"connect":0,"send":0,"wait":216,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/common_spirits.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/common_spirits.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 8399\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-20cf\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 471ce15adcc27cfb82a4512aa14a5a86\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 853, 8-bit/color RGBA, non-interlaced","md5":"44540d8c4a0f15ac3c79ec50c38068ba","sha1":"09a60fef078669da7113fbc9f9129b3a238e1b10","sha256":"d963d332fe095e110da648b267af4941bcb3d0b3988459d5f2039ebcadf4c2f0","sha512":"d67fb563e9db8d886bf09cd391361411e19aefeb2a60a37bf11eb38d985dc1c568281bae50aa71b504efb6a7bc6026340f809e797356816a430118e4f92f82e5","ssdeep":"96:1PodqmMbZJnxtCv2QIo3WG/INSvX3pwN0lu/hpSj8hj4LeQtJmzpwYFE1+m30tBY:1PqgnT8n5DluZph4y64zpx8aM3DJl","tlshash":"51028ed002b9316ed9643b22abbf39680ee289aaf4bec33448d4173731694d0457ce5f","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-06-06T14:33:38.545696Z","times_seen":750,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/main.css?20260123 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 13 Feb 2026 05:00:40 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"698eaff8-f56c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 1902b781a2f90921768a9661a6cfc779\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62828,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (449)","md5":"deb580a3cdea93749d792cbf00fd8a7f","sha1":"ded3a0715ee5a4fc64a9f311b5a85bf87352ed98","sha256":"35f8859353ee537d5f33fdc2da12fafdcebfa2066f56cec3f765073c4024bd83","sha512":"21e70b2adc72134925aaaf964de0278ba755f723b4d67d5b2d388116233c26c8977e471db41739f8e386d48256ac3a1ca77a22e420741d520494de2c1fe3d96f","ssdeep":"1536:ZoErfbP93Ytk3pZcG1cF3NE9GG0gYAajgHwEUVtrydv4ffEqyPouRPf++J1qSqgn:ZbP93Ytk3pZcG1cF3NE9GGMEUVtryC+5","tlshash":"4553b921e9b9220ab03bd562b4e15faa22398017d1171fbc617d3a7de6cf0d85177fa0","first_seen":"2026-02-14T03:19:09.691934Z","last_seen":"2026-03-23T01:49:00.885599Z","times_seen":55,"resource_available":false,"data":null}},"time_used":1527,"timings":{"blocked":767,"dns":0,"connect":0,"send":0,"wait":221,"receive":5,"ssl":534},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1772631179","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/EagleEye.js?1772631179 HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: br\r\nSet-Cookie: E2Token=21e79691-ba62-449d-8f77-95735e808cd3; expires=Tue, 04 Mar 2036 13:33:00 GMT; path= ; samesite = None; secure; httponly\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1438\r\nX-Rate-Limit-Reset: 2026-03-05T07:04:35.4825136Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ba99269bb5616179148bfd737d8d3811\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":54486,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37140), with CRLF line terminators","md5":"3991ff84193ddf40fe99b7d50c5f5606","sha1":"51957a2d49e96a8fdcadbbd34b861e2812c328d2","sha256":"4868ae7ddb2f17517c0ff8cac89f0605a59cfff477947a5f7394e9f0e1f9c195","sha512":"8d957bdd1ab30199fc9afc8a59460d27500f1bd4a096b4cdff2dbbdba63b56fd02ca4509871faa006558f97adf3fd6e04dd266b6736f82d216f0a684239fdb7f","ssdeep":"1536:E6sk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:2GW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"7033e61ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","first_seen":"2026-03-04T13:33:41.495212Z","last_seen":"2026-03-04T13:33:41.495212Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1305,"timings":{"blocked":-1,"dns":275,"connect":1,"send":0,"wait":447,"receive":11,"ssl":571},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=UA-119765380-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 04 Mar 2026 13:32:59 GMT\r\nexpires: Wed, 04 Mar 2026 13:32:59 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Wed, 04 Mar 2026 12:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 119083\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":343737,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"96e26840834c93f74e7848d679934b31","sha1":"8d580a3e38554c0137635a6554f5f9df433cd944","sha256":"362076f8bc76ad975e7dd3bd79523ea53444b7bd5861e302a6dfc07bbf3882fd","sha512":"d7cdb1cbccdcea4419acaef0eeddf39cd19d09a46c2cf6f9ce1a92409cc93404754634443725bdf2a5c9352194173bdde49d4b926c66f19a23716260f1480809","ssdeep":"6144:mXRiRyFwFl5sGJEf4N8dYxSGiQybJbQebLLQYpbLCzi:g2yFwFlR58kebIml","tlshash":"aa7408cdb3da706293a3a478403f018bb27a6892f84ccc95f195d9d42e7069a4277f7d","first_seen":"2026-03-04T13:33:41.49697Z","last_seen":"2026-03-04T14:33:14.475524Z","times_seen":2,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":1,"connect":8,"send":0,"wait":25,"receive":22,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?86b8712c72cab4f521c0b5cd56dfa69f HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11299\r\nContent-Type: application/javascript\r\nDate: Wed, 04 Mar 2026 13:33:16 GMT\r\nEtag: 06364c9ef527aab6b32b366bee875972\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=8D7BF2926C40F52A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"de8136a42d86f1a38f8a874c5a4692b8","sha1":"4dcf9678da7acf390be792495afcf446fc17cda9","sha256":"3d128a02c47569a1df0ce847c7164f3680f777b2f8aa881711082fd38856f75e","sha512":"15138ebb3c15680c5d35ac8fb14dbd97431f2d0e286d8e2b4616302974be965022f47e30ee8e1d00549c170358bbe78e95f6b79a799792f39843de453d00f77a","ssdeep":"384:dHJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:dH4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bfd2c9a9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-03-04T13:33:41.49856Z","last_seen":"2026-03-04T13:33:41.49856Z","times_seen":1,"resource_available":true,"data":null}},"time_used":29905,"timings":{"blocked":14778,"dns":1,"connect":275,"send":0,"wait":338,"receive":1,"ssl":14508},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/getGeo","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"POST /home/getGeo HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-; JSESSIONID=02194A41888DE93C72B46BD867E09B71; _vcid=02194A41888DE93C72B46BD867E09B71\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: application/json;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 1ec0476d2ba50ac1415c75910a536523\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"675ca17e5b94ef20fd620c6792e6bbca","sha1":"7986d1ad507a7e06f21eebc12271d103c3135c53","sha256":"2b69251e2e6dd2e6475932ef63301c416e89db4b6821de01ce67a10b58206889","sha512":"303081d0e5a51eb633249e5b65d79c671aabe7dc8462cab5f6f5c57f9330dec42366509fdf3fb605a735c36d23d32865820fceb1f6eef510b36fe04945b30fb0","ssdeep":"","tlshash":"74c04c6e15d04538e9f683cead0bbf271aea4910a256055da9c8a784bb111ec9281117","first_seen":"2025-08-24T13:27:11.203711Z","last_seen":"2026-06-06T14:33:38.543517Z","times_seen":609,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":493,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.1mebetx.com%2Fhome%2Fregister%3Fcode%3D32654\u0026channel_type=code\u0026jsonp=__4q59cky78tn","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19463678\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fcn.1mebetx.com%2Fhome%2Fregister%3Fcode%3D32654\u0026channel_type=code\u0026jsonp=__4q59cky78tn HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-security-policy: frame-ancestors https://cn.1mebetx.com/;\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nx-frame-options: allow-from https://cn.1mebetx.com/\r\ncontent-length: 355\r\ndate: Wed, 04 Mar 2026 13:33:01 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":355,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (355), with no line terminators","md5":"cc7a707cbd6625e84852507bb3e2c1a2","sha1":"fd19aa7abeade4b046b7007851daf87511de9801","sha256":"040d1fda6ca225a45dfc6a076d7423109e3b24bfc302ac160cdfefc7df0cde3f","sha512":"3e6a30d15c66a19fb36250357eb40cba6f32bbffad798fe92715ea3cbb6d2a28bc73e5fa8ab0d1bcf49cab1fcfc0697f0ff4fc3377f8f8caf4a80d71e5197994","ssdeep":"","tlshash":"fde02017ef0185359ec4e3fde414fa01693407e7924459b876681310121f7cd6321607","first_seen":"2026-03-04T13:33:41.50063Z","last_seen":"2026-03-04T13:33:41.50063Z","times_seen":1,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/8.Cht6u6sP.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/8.Cht6u6sP.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWxncJO65x5OUmnyBA5YmfmFw-LOENq4DwA8CITTgAHx70QTDWlRztmtYk-X66QUvb-B4Fo78L2n_grgOQ\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\nx-goog-generation: 1772545407039141\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 7834\r\nx-goog-hash: crc32c=gNy7Tw==, md5=GH2ERECGKDJcE9tjQjkWMA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 2979\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":7834,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7833)","md5":"187d8444408628325c13db6342391630","sha1":"37a13e93d5853a75bd835a83e29cd20cbe313d9b","sha256":"027ed884dae6352d0b9ddf60df164bc121c2a621081e3cb6b9ac7b4120043548","sha512":"f83b2ae537323567db947720587b7463eac1d7caec8ab0aef82d13f41415c98d52adfbc82903afde21352fdd466b899ca30a8864685faaa848f9a8654816f5fd","ssdeep":"192:KZtPwLpcfZyJjChMMuTGUwPPWnhujfpwvelEgXXntXqjdA2ymTnIdwnQo322:KZtzyJKMMDUwPPWaagn6dA2ymTIdwQa","tlshash":"f0f1f8bff741e4b5e7eb88a09d1a0103ba3a1654799d8170f61c4d10a05eac4b277fe7","first_seen":"2026-03-03T14:45:10.146372Z","last_seen":"2026-03-06T10:04:31.123069Z","times_seen":216,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/tg_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/tg_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 7233\r\nConnection: keep-alive\r\nLast-Modified: Tue, 13 Aug 2024 02:02:19 GMT\r\nETag: \"66babeab-1c41\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 4b067438f1922210ffbef3dee27a9822\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6f828495b8948381356d8f958e0e3816","sha1":"8a776df06f7f07a71a8811311450b978399117e9","sha256":"fe6c74efa40b05488d4e4944a45f32d22a8b13e60637ce57bbc04b5b8323663b","sha512":"5a64ed664f2bf2d934d7c0a41a51a5b95ef998087f3badfef552d3a898648fef2b561d3a09ccd64188d55f598fa3c62d98f3d3052c28f7a17bc1d887acf9b398","ssdeep":"192:5OC/PcLhB496ikdrltIH7XTYtHSEskZNpjZf1GqsiR4KM:3k3BiGrltO7Utrp3GURxM","tlshash":"a4e1a0ebf811dcc2f508a74bc452d10286ad59074774f5ae7f9eb5c3ac2098547ef44a","first_seen":"2024-08-15T14:53:49Z","last_seen":"2026-06-06T14:33:38.641598Z","times_seen":690,"resource_available":false,"data":null}},"time_used":3212,"timings":{"blocked":2993,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-j.wb27jlt6u066.com:9587/fimg/202505/1a9924b67880434fb3771e34217f417e.png","fqdn":"static-content-j.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-j.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:63:CC:0F:0F:5F:80:F6:C9:7C:9F:46:F2:18:BB:F0:81:76:AB:57","sha256":"6F:3D:C2:F9:AF:3C:86:73:A1:D2:80:61:D4:B6:17:22:DA:26:77:B7:DD:45:E4:48:70:54:B5:A0:02:F4:69:D8"}}},"request":{"raw":"GET /fimg/202505/1a9924b67880434fb3771e34217f417e.png HTTP/1.1\r\nHost: static-content-j.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 6259\r\nConnection: keep-alive\r\nLast-Modified: Sun, 11 May 2025 06:29:47 GMT\r\nETag: \"682043db-1873\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 376fd8ef8450dd6676cf3086fddcddb0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit colormap, non-interlaced","md5":"8c4532aea4471647fef42bbfb068a07b","sha1":"817cd77579876f295d130b198b0619210681035c","sha256":"62278a2db166030d1157dd13ad3e3cd3564df80fa8acf4b8f0396de467ca330e","sha512":"23dec8e31d8dbf92568525198d09b0fe91e6aef5aee59a4b4d55e655aeff0f0f28a404490524f0907eb19522033af6754bfbf5c7f810a2013fc92b101e17d1c7","ssdeep":"192:ddxAOgq6/irKvADndSJhpg2o6GOHFLWH5i9cY:d3gvieIR2o6bFLAkOY","tlshash":"b7d1ae6ea1fdb53e5628e1d5e40dd714444b3ec4922c1ca7c7f129d46b7087be583a8c","first_seen":"2025-08-07T15:42:17.356378Z","last_seen":"2026-06-06T14:33:38.613061Z","times_seen":630,"resource_available":false,"data":null}},"time_used":2086,"timings":{"blocked":1281,"dns":0,"connect":8,"send":0,"wait":214,"receive":0,"ssl":579},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor6.png?6","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor6.png?6 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 10667\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-29ab\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: cf05a11326c33868b4c88df5f0a34638\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10667,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"a76186a57df2e8a08e4f43859de232ee","sha1":"15efac52c8cca31ef66fa30ab03882ac19f8c450","sha256":"1e9ad8182cbb1acafd9c7346931c9097af4064ae4c68d6c51359c4c81338b71b","sha512":"3a811da9146d744e34c6a8bd91f09641285507f23e086e42cad94dc0c1536cb9b7abc3284c22402a9f25615259f73bf7681addcce5d139065f01272f4b07f360","ssdeep":"192:EzUldKHgvCMYzzpM/YMDKs689IWMdgZbEXCWU3M2DwEwhFp7:hdM5zzpY68+WM+xKCWMcnZ","tlshash":"b522cfeb6cd13879eba3648310757c89f9bbd31e5471e8bb6ae31c640080c5ea156dd8","first_seen":"2026-01-23T05:01:52.44616Z","last_seen":"2026-06-06T14:33:38.641031Z","times_seen":224,"resource_available":false,"data":null}},"time_used":3181,"timings":{"blocked":2959,"dns":0,"connect":0,"send":0,"wait":216,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_1.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_1.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 9153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-23c1\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 935345ec22da1039e0bc651f2191bdb5\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"35232fc24b2dc1c976d9c5dc6a13c8c8","sha1":"f5003ab920e63450703abae5e6e6be411c04de45","sha256":"e13f9e04322055a0384d1cb68558705c6514711cd65496f8d640537ee6c03247","sha512":"b7ff4fd1576beeef3fb95a7c0a493891e4dfea064b585ad697f4a092dfb54b5f086bf4cfb197d68574db1f634fd6209161408bf83d61a84ec6094d5b108c7fc1","ssdeep":"192:gvmo1b5upO8VQNrg22Q2aRrjnhImlrznwbcLl+IgGT:gvDXMNuqujhIMzkKII/T","tlshash":"de12afad3974c4133b3670a42867c776c8ddc7b08a555c4ab58c4712ba30330951ebeb","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.53981Z","times_seen":891,"resource_available":false,"data":null}},"time_used":1914,"timings":{"blocked":1258,"dns":1,"connect":1,"send":0,"wait":215,"receive":1,"ssl":434},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/service/verifycode","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /service/verifycode HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=02194A41888DE93C72B46BD867E09B71; Path=/; Secure; HttpOnly\n_vcid=02194A41888DE93C72B46BD867E09B71; Domain=.1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: d1482ecd36ffbd5bab45e13743c1a9ae\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1250,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"3da4369c8b3ea344c30e91ed225519ab","sha1":"0deef25a021b3a9a69413edf280207f7acf011eb","sha256":"d0adff7e68d4bd166d712d1b97762dacc5ea8bf5d7500234cf12b3ba117e86be","sha512":"8142552e27c43317adcc426b641acb5666b0261b2356225daa966ab657d8f9ec36ce46850bcf3bc70bd0ecfb4e6fdb95fa1470c4763fa967d7737786b62e913d","ssdeep":"","tlshash":"4121b7a6df4bb3114f23947b45263666a3dfd6437858b6306d6043958620cf0c18966e","first_seen":"2026-03-04T13:33:41.506609Z","last_seen":"2026-03-04T13:33:41.506609Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1558,"timings":{"blocked":1249,"dns":0,"connect":0,"send":0,"wait":309,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/kz/gp/v1/halls?_=1772631180959","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /kz/gp/v1/halls?_=1772631180959 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-; JSESSIONID=02194A41888DE93C72B46BD867E09B71; _vcid=02194A41888DE93C72B46BD867E09B71\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nX-Powered-By: Express\r\nETag: W/\"2388-kD0Fz8CfU6lQkTqIXVN/hQ\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: ce7157c561538d91f8f1ac2f49a712ac\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":9096,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"903d05cfc09f53a950913a885d537f85","sha1":"80db805ab3e528e3dc0b71d7ec332406eff0dc4d","sha256":"249762538342bc0e7632dfff6260121567ef8fb358e838261df1557db4fccb96","sha512":"5d021c062c378165b893127db454012f726f48ffbba81414d998ba612cbb5d0c0cbdce7e6e3375a7d62a743fd1045d275c05f905fba576d6391dc1cf7bb1b946","ssdeep":"192:elqdqzqBDCOqJJqxqJGqzq/qKqE3qzqz0qIqwqVqSqAqCqbI1qlqhq1EqeqZqAq6:e2VN8gCp","tlshash":"7d1275d81f47fc58c95f5d212eab5ba927d9b942f8cd6ed8c2cc4c6000946d2a30e73a","first_seen":"2026-02-28T08:02:06.363474Z","last_seen":"2026-03-09T10:25:03.371293Z","times_seen":15,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/popup?try_platform=4\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/popup?try_platform=4\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":610,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6c4bc640a4d3b9417103376c7e715a3f","sha1":"d7a76809341c185381ca5af924c758055c800e70","sha256":"bb48c8069fc814b192d1c603c83ba06adffca7c776d502ea8683a157ccccc91b","sha512":"302bd5ba8830a8ed575c46c119ead665871f284299d836d841a690f992b40b985cda278d00464ca4ec61b09e876aa0e9d2f37866ee4dc83185b5809f69ffe12f","ssdeep":"","tlshash":"e5f07d57693cf4821bca150604f7e38115d972caacdcc7a5b2c6895886274b2838fa51","first_seen":"2026-02-26T00:06:05.837185Z","last_seen":"2026-03-19T10:33:28.737256Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1274,"timings":{"blocked":-1,"dns":314,"connect":218,"send":0,"wait":390,"receive":0,"ssl":351},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/livechat.CWIaArQD.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/livechat.CWIaArQD.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secure.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWwEl0s_wLGJ8p4RE-jjmY3XNR3_-AVGTZutCAY01rrruL2LcJcVvyRsk_X4eiTlX0Su7S74\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\netag: \"41bd0781dab47aa3519cd96277bc3dab\"\r\nx-goog-generation: 1772545407060141\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 401\r\nx-goog-hash: crc32c=MonwvA==, md5=Qb0Hgdq0eqNRnNlid7w9qw==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 401\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":401,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (400)","md5":"41bd0781dab47aa3519cd96277bc3dab","sha1":"130ab6f2eb3579c4d359af5ebd564082587812e1","sha256":"125146563f5edd2bba83bb862c052f8a441cf8e7ad82ee68d5e9797e0f784c27","sha512":"9234dda40c619d1f83c69685329b6cac199aa45df428f9a1765f26933d665fe94b83b7877f104656d87fe9c066c43419889db1ef569cffbd1a20337abfb441a0","ssdeep":"","tlshash":"37e05adae300b8e3fad9dde4c004e1a1a6faa39b47f487b0d0ce17715755165ce41a52","first_seen":"2026-03-03T14:45:10.260928Z","last_seen":"2026-03-05T09:29:13.543871Z","times_seen":149,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":3,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/member/captcha.js?20230919","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /js/member/captcha.js?20230919 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nLast-Modified: Mon, 25 Mar 2024 05:13:14 GMT\r\nETag: W/\"660107ea-d83\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3fc45b17ec726e74f59364ba00466cc2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3459,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"af5c80b7be75a99af8d3c1f9f9329718","sha1":"04cbc723e1eb8788a53197e191c70d1cdaf4bba4","sha256":"fe38dcb25afd6157d938da2bb21b229bb8660bdf2894a62341300998317ea1b2","sha512":"21c669b0cc023eba1b4158be72285261e85ded3790667447784871902eb10171faf60a6a5ce44de43dc8a64c7e499169e554e604f9637fdbe33bcc84dc022f1c","ssdeep":"","tlshash":"7561a929e4b241e13caf386b0a2f4d40e5618013b64eef667d1c46d0af859fa016bfdc","first_seen":"2026-03-04T13:33:41.511679Z","last_seen":"2026-04-09T14:02:19.500855Z","times_seen":48,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":51,"connect":1,"send":0,"wait":214,"receive":0,"ssl":437},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9bc4cc1df6d57b0154c6536e0d761889\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.538575Z","times_seen":905,"resource_available":false,"data":null}},"time_used":1822,"timings":{"blocked":1603,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/banner","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/banner HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19964,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"90a0ca91c7f530a8b978ce0a1464b5d6","sha1":"9558947b834d76d4d8218c688a1d72d0f6489304","sha256":"243c4c48628f09ffedc0cd338bf98178a8d73abcab7694e0d06753d918421665","sha512":"e57fed671a9902fdc1bcd3af2dce9813e634aa6bd6187ebf103b8f77d824033f7a9e68207c8376eb1e7f6aaae45e82d5888b9dbae7d9f1ea334dc18b7ff5357e","ssdeep":"192:IDN4BB7BXdB5bweBCJBkrJxBSZO3BhmB5uB2bXBBtt4XBduBY6OJi:yg89OBE","tlshash":"b6925a4169a8ec774de037dc0c4919a271cdf951fcccea96e710eeb812ae1a1d60f19b","first_seen":"2026-03-04T07:05:29.76227Z","last_seen":"2026-03-07T10:16:15.718164Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1608,"timings":{"blocked":873,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":313},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/5.COnDpwuW.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/5.COnDpwuW.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWwkF8s-yFGEANOq_dXEhuLV_TVdsuvNBktXS1_4llAc6A8v1omxqybOyZwkvoy69ZF750NFdjPidEcOSg\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\nx-goog-generation: 1772545407078950\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 218278\r\nx-goog-hash: crc32c=9OxUeg==, md5=VH12ihFfCxwTpBbcBlGMoA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 67261\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":218278,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (36682)","md5":"547d768a115f0b1c13a416dc06518ca0","sha1":"7f8fa3a9fb3f4a42bdf7f8e54f0620cfc21131a9","sha256":"d94c017d073799d844ba244e1472809a046dd250e5a7dd740c4f63b429213e70","sha512":"5426431966b1f3b78fee17347398a1c3dacb84ef2872dea69cd44e14f13a633e51159c05931b6d0835c8b6d4a2d199e3c874f7a7a2b2ca9f8c1dc0ee550c6b34","ssdeep":"6144:H3zu6cNIPxo+y30oO3fpKr35l37Fw9rqRDFq:Xzu6cNIq+y30oOxKr35l37Fw9rqR8","tlshash":"0b246cc4f18af53887eb34e6547e2002f63d6d18784c8560f758ddb63da858a9273f2a","first_seen":"2026-03-03T14:45:10.180807Z","last_seen":"2026-03-06T10:26:49.391079Z","times_seen":221,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/10.al-9NYxR.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/10.al-9NYxR.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWxA0E09cGv5He0TY-V8rKYdl9X0ZTj7W6nzl9At2eTU6lkkW9Gc8A3FDxm27resCbYjxK1OHO3rafmzUg\r\nlast-modified: Tue, 03 Mar 2026 13:43:26 GMT\r\netag: \"4a073c5805819d74eabd3e843372d502\"\r\nx-goog-generation: 1772545406961121\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 236\r\nx-goog-hash: crc32c=6eM7Vg==, md5=Sgc8WAWBnXTqvT6EM3LVAg==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 236\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"4a073c5805819d74eabd3e843372d502","sha1":"cb12e953dbee2d3ea08d35d86bcd2476a490bda9","sha256":"0cb3247cac5de8fcdfb226ebe2dc4960b6ed473966359f73ca13ca286309122b","sha512":"036da8fb3959ebbef26b546019535a9edb7a99227a28252878247a756d3a7ea693f48e9ffdaf5886faa7fb2cbe56292bbf9552db5dd1d26e6574d8034ee183ba","ssdeep":"","tlshash":"ebd0a78cb643b0b16276b138853f801fb035e984a44404f0d13ad9c03d7c1a97597c5d","first_seen":"2025-11-04T08:39:27.95245Z","last_seen":"2026-06-07T08:09:45.604095Z","times_seen":16280,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/11.DJPUQwQu.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/11.DJPUQwQu.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWw1pi3MtUSGD82t3lGPyyJRVnQiJTCHUzqWqECt76uVL_GCaY6S3d4QY2rGmtIaI7tD\r\nlast-modified: Tue, 03 Mar 2026 13:43:26 GMT\r\netag: \"640caab52100a1e9dfe618aaeb79838f\"\r\nx-goog-generation: 1772545406953552\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 300\r\nx-goog-hash: crc32c=IuJCUg==, md5=ZAyqtSEAoenf5hiq63mDjw==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 300\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":300,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"640caab52100a1e9dfe618aaeb79838f","sha1":"4654776a82e5405614a595d40cb33ca2b5bae0b5","sha256":"fb8eb817d7251014c136b441bd4004fa6567908059013edbb938925f23b67ceb","sha512":"17d605182be517c5e797b2fd823b9ab7b6bd73d97bd2c3d11c5eb29d108cd350d789116528e351abaebdf3654cc65100b9e3353064ba38c9ab9008126c6a3061","ssdeep":"","tlshash":"00e08cbdfca8d92152f5e9f8c0b60822cb593b0e502382b0f60e6f4a9519199a552826","first_seen":"2024-08-27T15:26:59Z","last_seen":"2026-06-07T08:09:45.643273Z","times_seen":29021,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_event.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_event.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 33820\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-841c\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f6a75c62b6126d5eeb6dd99d807fbb9f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 184, 8-bit/color RGBA, non-interlaced","md5":"4590b5333179fefe5ea8e8f1a3638da3","sha1":"a0a932f3ca433bc1ea5f788e09eddfa617a4c69e","sha256":"0b3af6b7e8676050661aedd1b94b28045c7a9c905424cbde85f95f7faaf1ea43","sha512":"7ad8e92d6797b8c8c094e8651b566ea510b0bbaf998f9456d1fa1216e33b9bd8afc3840c6a3203fddb0f98e583070113a2329b34ff371dfbbc988a30ee41c425","ssdeep":"384:vdYFfWN0DI5+xe/+sRdXI/nTNAHfs2QZ4ldgeP94lYVIPR22M/96yNtHD9eDk0d4:y0gF/TNF2JSeFLIPR22M/9b/elbPs","tlshash":"7de2f1d07fa4e82156b397c770463aee708dc0ba5b43f5c6131a316b9b24b3c684799e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.499634Z","times_seen":890,"resource_available":false,"data":null}},"time_used":3464,"timings":{"blocked":3218,"dns":0,"connect":0,"send":0,"wait":217,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/all.js?20231116 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Sep 2023 03:06:14 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65012726-13044\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: adac9b7adeac1cd48aa61b5f7d574bf4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":77892,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5480)","md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-06-07T13:41:41.66726Z","times_seen":1011,"resource_available":true,"data":null}},"time_used":1151,"timings":{"blocked":915,"dns":0,"connect":0,"send":0,"wait":215,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/modal_reminder_deco.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/modal_reminder_deco.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 1119\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-45f\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3c1fffc5b75099bb29eb9e9116523aca\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 12, 8-bit/color RGBA, non-interlaced","md5":"3f99b65d5f4c689ea127400c44026e81","sha1":"60f91d0531242fed70f77991419d8c0442ae4299","sha256":"581ca9e4c82ad7b55ba31fa2033aae45ec122c4be965c2c0eb465da2cbe13dee","sha512":"5cb9d5f09e1877bbf50b680e2e79bdeb17403380db0830e398f3582f2d30207b3925007d19f1416d6e0e9b1aed11b735337a0437ebdb35d70479f2d9f65d3fe2","ssdeep":"","tlshash":"4221038df6115c42925ef99238fa0562e9120c81c7e0e4677dcbc4c648316ba886d9c7","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-06-06T14:33:38.631953Z","times_seen":748,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=59.0.1.41.38.43.1.1.1.1.1.13.11\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_configuration?organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026version=59.0.1.41.38.43.1.1.1.1.1.13.11\u0026x-region=us-south1\u0026group_id=2\u0026jsonp=__lc_static_config HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncontent-length: 1745\r\ncache-control: public, max-age=600\r\nexpires: Wed, 04 Mar 2026 13:43:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5089,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4913), with no line terminators","md5":"1f9bf615a766a7cd8438fed43c9a42bb","sha1":"c21c3b77325b972e17d9fed28a539c1b5a9b069f","sha256":"990aff67333f6e1c9cf078b1a8df1b7416b1d202e4c0299f41605a08c88c0bbb","sha512":"702988c394bcedf70580927a875647e76fbe18f73a2c55971c1b0890c54f1ffa81f246b83158a63fef191aadfca6a31a57e2ce2b901a822299c15e378c632030","ssdeep":"96:H/993/mCi1bgrdQkP/9tw/mCvKNvKG8mTGFP/vCLq:z14IdQOu18b8m65K2","tlshash":"66b14116835fc4bb6277c19963cab70f35485138b1ec0a3fe464d670a1862c7d60aeae","first_seen":"2026-03-04T13:33:41.523094Z","last_seen":"2026-03-04T19:55:04.413087Z","times_seen":3,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 91065\r\nx-amz-id-2: oJf+nuoJeCiMpwvED7HYV5MmV4B2DzFG6F3gg6ZpmSTXtFLcZ6+edyyOv5HjaI9EfM3OsWFwRKU=\r\nx-amz-request-id: 8S4CK9ECCNNYVJ78\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"a6f34694a8892178a7e449b0043d1429\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"a6f34694a8892178a7e449b0043d1429","sha1":"33d658afacb80d35cdde497bb530f08e38e23132","sha256":"766f82c583cabf2b73af2e8d6dd0595ab3ce6bd55c4b9841edf555a1639d1263","sha512":"396caa64116ac49e99f11da3c95eaa7b926f4f9eb08ff5b9aec7ca6d43d704fae3a2a2e75178db4e4082381e2480d788d4b31007dc91a091312ed1279681f978","ssdeep":"1536:nRalahFemQUbzfAgaVLBbB1RZNhmSiVdOFf5Z1Uk6VcD1s7aP0HRb9Knism8zu2E:n+abbzCPPRZjYPOFf5Z1U1uO7c0LOiYa","tlshash":"e193024fea06c57f99655c8012609993a8d1b84f0ca3b793eb588e0907dc946fe37d37","first_seen":"2025-07-18T11:22:50.653674Z","last_seen":"2026-06-06T20:45:34.473249Z","times_seen":626,"resource_available":false,"data":null}},"time_used":2681,"timings":{"blocked":779,"dns":350,"connect":213,"send":0,"wait":480,"receive":638,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/3.B2M_fyvk.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/3.B2M_fyvk.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWyZpq7f-qyi_4fTQsrUBFtmYj0XMBt3o5EdJ72NDY-_8ThCVEtKp-ZqY5lFsncgrQ23i_EgiApGYbFEUw\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\nx-goog-generation: 1772545407081332\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 138438\r\nx-goog-hash: crc32c=6dyE0g==, md5=j8K+zsm7tawGmqNEaLdiFQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 43576\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":138438,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48033)","md5":"8fc2becec9bbb5ac069aa34468b76215","sha1":"8a7dc639ebbfd8beb2ad59fe57b9a63b7a7f18a1","sha256":"570206c6c8ec5a0c0eff5a74a683a6dccbb08a24a5919ffc5be31680c27b4757","sha512":"72dd74a528d7ac7229e3f599a179b34d74f2eeebe24cda1598736c8c8e49e328094a505b12c562e554f5f4784d224be797a3cb95bb794246ed2d9f95cb4b3281","ssdeep":"1536:vgZQUuQC6WDvhFCvB0Hx6J+vXlKAwTwH7nDPWnYlkChX8qg4JklHYD82:vgKUuQPWDvhFCp0UcDOnA5sFikRYD82","tlshash":"fbd3f8e83992f5626bf312b700af5817733c192b280c4990a211fdddb5b845ea17bf9d","first_seen":"2026-03-03T14:45:10.188122Z","last_seen":"2026-04-09T10:49:40.066961Z","times_seen":977,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.min.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-176bb\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 970713d5641c81013813a9efb58ce139\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":95931,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-06-07T19:19:31.473411Z","times_seen":20198,"resource_available":true,"data":null}},"time_used":1782,"timings":{"blocked":766,"dns":242,"connect":1,"send":0,"wait":214,"receive":25,"ssl":522},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor2.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor2.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 12015\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2eef\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c4d3b3b134c4bcb95121acc712573f0f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":12015,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"08b1808e2230fd8765775aacaecc6048","sha1":"6938cf4392f65962c360813abd5cbcac71933b18","sha256":"632ef4b8179994b1fc9e014cbe796825cd3d4f287b0cde2073a032727325c073","sha512":"6a735a9ae1b419fe1426c3ed7614f7517a7d38000a5892aaf7f1a951922bd952a247e2f64a69dc46b8ca9040171c41f4667c0f256f738f9d3207794d17e00f33","ssdeep":"192:lXG8twMBmByAXFdhrX+gz8DjOKuywLb8GautaA5+JKKgYW/G8pTjgPQ7kXSN7aJk:BG8TBurdhaE8DQZNalJKKKjjgPQqS9a6","tlshash":"d342afb5dbbbcc7a4c0c6f8944a5ffb025304baa5d55b4b79eb7390ce7681a02a42610","first_seen":"2026-01-23T05:01:52.483819Z","last_seen":"2026-06-06T14:33:38.640476Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1500,"timings":{"blocked":1274,"dns":0,"connect":0,"send":0,"wait":216,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_keno.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_keno.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 21322\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-534a\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c7d9fc916f00fa62f0b74e9d82dd814f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"f3d3231964cd6c0b98aceaa07e9626b6","sha1":"2fdcca8cdf610057e37e86e9c679f87d959a1821","sha256":"3075e79d3c7ef852ed0a95aa56324509b499446a6d8a454fed94f1fdd102fd90","sha512":"78837a1effb6ae7ef05256cac78af4982ceb76f36f77362f29caf29fff7f2ae6ec01d11c89ec4c87c7ffb2a9ec9ad7a6d2ccab97b5b0145c649672baf097858c","ssdeep":"384:yW63kJiUaadwYIM4oZt3zpqdyaNJQMqr3t5LwR2hD83hZTf2xL:96UJNlwSVtqdyPtZwW83HqxL","tlshash":"20a2e1c5ded60df36e6a639225e06525854ccbc29ebdd24a00e2b3d83a903c773dd3a5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.564607Z","times_seen":880,"resource_available":false,"data":null}},"time_used":1716,"timings":{"blocked":1482,"dns":0,"connect":0,"send":0,"wait":217,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 143\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-8f\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 62aedf28be2a09eb1bb16a8e218b941e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit gray+alpha, non-interlaced","md5":"9a413aaa3c056af34c80628bee9e4586","sha1":"a676a5b3e90762c8c4a9314985e9abf2bad95666","sha256":"5aa5f649a8a53a15e0b65385149db1ed4f7b6286ff043f5fd96445173fc8d6d3","sha512":"ce054b7ace97a2c6922c028af0a5501b442ce7c10110ae85e5df72a542355e9ae5cc0a51b5ec6d9d577517051b30378466cbc61d9830542d47fbe36b04c440c1","ssdeep":"","tlshash":"76c08ce12a204a28faa603a22a3811d0f820b2782929474800284837401212711ea6c7","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.561681Z","times_seen":906,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/index.css","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/index.css HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d33-13bc\"\r\nexpires: Thu, 05 Mar 2026 01:33:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5052,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"33009c301e789707d7c69505ff50d74c","sha1":"cfae09fd67a040052da9da88e0b6b7184c68a4fc","sha256":"bbef70cb02415d56036f01eed877aca7e946f6ce14f39ce52899b1c19f3360d7","sha512":"54d3eff35b7e2e5b03386955f05ce0bad1aa1d8586ae9f70efe9ba5660ba33a7c18b0840083e190af9bbca26d9ad7d032945a4e5c08439ba7b2f121ef268e2d3","ssdeep":"96:U5KsCmC+sCMCW/rnidi/kisClOC3vyb1CWg1KBscndYYC5xNESG0cCTgfeJ9SXEl:Jj1wDW/ridisisCltqbI9GscdYdxNDjH","tlshash":"d0a13259a7f60604681fc1943dd2a759a239c043a24fcc3df6d2204caeca1db72a7bd6","first_seen":"2025-08-09T14:13:17.039422Z","last_seen":"2026-06-06T14:33:38.541577Z","times_seen":559,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/4.C_rgEAoe.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/4.C_rgEAoe.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWwnXVf_8NbxydJ2YvTMiD6mZpHRWoynw8fGxuarBDncwMTKjAwewuZWbkQ0NlwRP0eMHcgZLviZUjbw\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\netag: \"1771376dc07da48b3f03339d86d57b7b\"\r\nx-goog-generation: 1772545407017531\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 193\r\nx-goog-hash: crc32c=C03sAA==, md5=F3E3bcB9pIs/AzOdhtV7ew==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 193\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":193,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"1771376dc07da48b3f03339d86d57b7b","sha1":"a5861ebfff23a92ccd1ce6b8a517b6f877d50a63","sha256":"6e148df31d721a0ff08563f2d676751786e01418c86ee54ee8f0e88aa46ae26a","sha512":"6038efed0774fd61c7bf6558d3ea24ccebfada1041fa2c1606263a19f8700043a18f6e368ed550fc61f644eb7b81f8cac01498f30cc56a103295911b28e436b0","ssdeep":"","tlshash":"afc022563060f3a502bb0ed00033e02af32a402cf0ebfa80a65cc4f020630530a26b1b","first_seen":"2024-06-24T12:34:02Z","last_seen":"2026-04-09T10:49:40.045057Z","times_seen":23532,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /css/base.css?20240823 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:17:43 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971a4e7-2a835\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b7a634ee03d4cf3ee79f37fd6169013f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":174133,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (539)","md5":"05af91b494845ac53747a6d8764b97c8","sha1":"161db8ff7a66fb31e12771ab87fc490adc2e1fae","sha256":"d91291f4785c691ec6142e4315dee74780961fb1a0f9e73a4543e0e80b35f377","sha512":"7099c8f3a7bb963d69f62a25045bb03f2fa5452031f5b65974cbd1179059bb263268473aca0144c9f61d475034bdf0d9563230510c5fc52d46f61c19631449ed","ssdeep":"1536:11H5u9h1KXKFfCoYD8B+5yZbosh3kRRHMOFCaIAVUT2sbGVyGeDzb2NcdYqaGN+3:YWXKFfCoYD8B+xDzV7sbGpeDzbi+SX","tlshash":"a004dc0ad0ef218b717bd8b530abb6e5e119815ae1064f7d726c33bce1fa65c8132e15","first_seen":"2026-01-23T05:01:52.474463Z","last_seen":"2026-06-06T14:33:38.639902Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1754,"timings":{"blocked":755,"dns":245,"connect":1,"send":0,"wait":215,"receive":23,"ssl":508},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/newlivechat.js?20260126","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/newlivechat.js?20260126 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 13 Feb 2026 05:00:40 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"698eaff8-2dd\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ab3d8ef22ea6435cab7e3f927196cd9b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":733,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (668)","md5":"82236be894134d60c1165840a2f1f432","sha1":"299865c8584f72365c7f4d87d99e8702c4cfb68d","sha256":"ccc9ca0fdd0b8e6f3cf3145e5ad7b9730cdf9573d46631916fa5055e1f6f84bd","sha512":"8ba9b5c320cdab328fef9faf00a641ed97c0e36eafb46b330637f90cbbc8bf503e0ccea92c33e6a886f53f37502fea66f5ec4722787c2334f6ec41ca58bbe768","ssdeep":"","tlshash":"2801d089bc45b076ab56326c713bfa07516213156844683348ee87bbeb32e9b410358c","first_seen":"2026-03-04T07:05:29.810152Z","last_seen":"2026-06-07T13:41:41.691747Z","times_seen":176,"resource_available":true,"data":null}},"time_used":1756,"timings":{"blocked":765,"dns":242,"connect":2,"send":0,"wait":214,"receive":0,"ssl":520},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/nav/promo_sponsor.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/nav/promo_sponsor.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 45701\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-b285\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 935c9f98f9f0815fac31a0c2b923eb03\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45701,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 110, 8-bit/color RGBA, non-interlaced","md5":"4392b15e336dc870834d64c829f8c150","sha1":"af6de84ddea52908d6434951bd12c2bfbaff3b7e","sha256":"ff63b8ecd5b681b2e0a3d2cff1a1d327145839ae919ac0f7d025857d61656992","sha512":"1333809c4c3e8fc3270763dc4fbecb8f5f808ca657a9518428535a48639468581e05740782ee9af1e0b6db0ac359bf9e89a967cf941d919a94ad9be95a2dc071","ssdeep":"768:9PTkysWeomEy3WouE7U2vCRilIf/QODRMbZA0M3e3TZWeYEG6A6NAHL:9PTfPymLyARJhVAA0MO3TZXYBHL","tlshash":"ed23f12eaf46e09b6913de65cdf10081c417d6c7d49c2c35fc9e8c39a6355b4d8aab0e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.490361Z","times_seen":867,"resource_available":false,"data":null}},"time_used":3429,"timings":{"blocked":3172,"dns":0,"connect":0,"send":0,"wait":216,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.v1c2h.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:04:47 GMT","end":"Sat, 25 Apr 2026 16:04:46 GMT"},"fingerprint":{"sha1":"1C:C9:FD:7E:97:94:2D:F6:83:69:BD:B4:E6:8D:95:32:F4:4D:46:82","sha256":"21:90:B8:8A:F7:B9:2B:5D:AA:2A:35:10:FB:CF:36:D7:EE:7F:36:66:21:67:D1:AB:F8:47:93:19:2B:6C:C4:B0"}}},"request":{"raw":"GET /global-activity-entry/js/rain-icon.js HTTP/1.1\r\nHost: www.v1c2h.com:51300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:00 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 09 Nov 2023 07:48:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"654c8ed6-88a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\npsc-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34985,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-06-07T13:41:41.691214Z","times_seen":786,"resource_available":true,"data":null}},"time_used":1139,"timings":{"blocked":-1,"dns":349,"connect":212,"send":0,"wait":344,"receive":0,"ssl":233},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/error.js?2025092501 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Oct 2025 02:03:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dc8c09-28a5\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e131c92bc18e5c16a51586fb54ffbc2d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10405,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-05-03T20:56:57.980817Z","times_seen":476,"resource_available":true,"data":null}},"time_used":1143,"timings":{"blocked":929,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 3222\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-c96\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ee701574de0421ede08ff921a2f550c1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"0f7cd96cb7cef4b9217f90e92920ab6e","sha1":"36cc27443ed415c168ef9e700224011fcc56dfc4","sha256":"cd8bbd1b5d1b7309612fe10c894f8c0a3a5ca889331da9a56414f373464501c5","sha512":"c62f01a4b4c4e59533179f7bd4b710964fdf1127a07ac56d7ce0e1908b8b351586dccb548e58ebb9424365894bb70acc33da4c41d3c2399ea78dd17c6c36b804","ssdeep":"","tlshash":"af614d6d6d9f238d11e99491f491b0ca0c31cbef74805d1564f7cc82ee91f5748398e5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.57822Z","times_seen":896,"resource_available":false,"data":null}},"time_used":1588,"timings":{"blocked":1370,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/6.DOO3t-_-.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/6.DOO3t-_-.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWz7YxQkfEi0OkfP155hcNhQgTsUAtCgdNSPxnidynWFlJMEXVnrLDKmbxxOzENcavh2cgXHm0nK8XrMgA\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\netag: \"a8e2b53982d152df0eaec74958f27053\"\r\nx-goog-generation: 1772545407047752\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 847\r\nx-goog-hash: crc32c=AoAT9A==, md5=qOK1OYLRUt8OrsdJWPJwUw==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 847\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":847,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"data","md5":"a8e2b53982d152df0eaec74958f27053","sha1":"0bff986e88e2713c3d3ec2641496883eecc2acb8","sha256":"9c47463b03fb3737ba6f86f9136a8d3b45e4bb03d2bf66c53e17c6461815ceae","sha512":"1be83a22adbfba76ace6c0541d1198ee40c7784321e6e226fe100a063693a4a055d941e7824381a73264e4a0db7dfcf20febc1c75dcf2f953a5aaafba3579018","ssdeep":"","tlshash":"7f012fd938c398b0c32784cd21b899b2f57c0e4864fd40d0f5d86c8a3b221b1823aeb8","first_seen":"2026-02-25T12:54:39.727904Z","last_seen":"2026-03-10T07:35:49.440775Z","times_seen":718,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/download.png","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/download.png HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 456\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\netag: \"68354d33-1c8\"\r\nexpires: Fri, 03 Apr 2026 13:33:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit colormap, non-interlaced","md5":"1a89c1b0da2dd8e949b7cbfbf97b0207","sha1":"eb7047b074d6e8ab5453ccd9450d30ff781e9988","sha256":"941720c6f4b421e3b7a1312f8c713c13cd6aa7033a04089795c59b96c5d50a9c","sha512":"97ff9190823f66f21d090c88aacfc49526e42d24127bc465ac9ddf4ced53c2981c14627752f77d57d85d8971752101819b9332480a65ec0c2612e8688b8ad26c","ssdeep":"","tlshash":"12f0c091268c9c1cc3dc5cbba3b69756fd18555141035c40bc79c06c579502979f89bb","first_seen":"2023-05-10T13:44:32Z","last_seen":"2026-06-06T14:33:38.564142Z","times_seen":770,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i202506274933fa50064c8d94db51e297e3b319.png","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i202506274933fa50064c8d94db51e297e3b319.png HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 591\r\nConnection: keep-alive\r\nLast-Modified: Sun, 15 Jun 2025 05:27:25 GMT\r\nETag: \"684e59bd-24f\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a31f299773b4b3060fb832b424f871f4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 1-bit colormap, non-interlaced","md5":"d390244b30c22d100a24ac05d9e4e979","sha1":"978cd2d10293408b8ad2b62d647ba17ce7f1b07f","sha256":"38d18e132913c6fc5636d430c1226ecdbc29ad80b55faa4a7aad46cd084c44ea","sha512":"27e7300242911590b438a1f533420319984bf694f46a03cf96a5af250d4f74b46e78180a18f7adeda216e95e11b305f65317e604c2aa7fa7a1619a2379e4ef67","ssdeep":"","tlshash":"96f062d55151be10901011012d46e893807030eeebf30b1d450b413270b824ee7296e2","first_seen":"2025-08-07T15:42:17.327108Z","last_seen":"2026-06-06T14:33:38.62882Z","times_seen":636,"resource_available":false,"data":null}},"time_used":1467,"timings":{"blocked":1252,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 23 Jan 2026 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8A:70:8B:EC:E4:B2:BB:0B:50:F4:08:3B:8E:01:06:9A:78:09:DE:56","sha256":"76:C4:42:D2:6F:73:AF:11:79:4E:88:57:E7:C9:2B:55:82:F2:5A:20:77:F5:B6:86:D1:C6:FA:65:2C:72:28:95"}}},"request":{"raw":"GET /mxstatic/banner-notice.js HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:00 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 27 May 2025 05:27:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d33-4951\"\r\nexpires: Thu, 05 Mar 2026 01:33:00 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18769,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"resource_available":true,"data":null}},"time_used":1260,"timings":{"blocked":-1,"dns":345,"connect":214,"send":0,"wait":356,"receive":0,"ssl":345},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/luban_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/luban_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 26796\r\nConnection: keep-alive\r\nLast-Modified: Mon, 02 Mar 2026 04:06:08 GMT\r\nETag: \"69a50cb0-68ac\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b5fd057fd1470f20d5f3e7e0e202c254\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":26796,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 123 x 283, 8-bit/color RGBA, non-interlaced","md5":"ffe365267ca41a6ac449bb20980c1a72","sha1":"9dd11a3d5d7d1137204f64adee91f9e62e163b10","sha256":"0bb459461e38692ac9fc1b915e789bc78d8ce139ae408431a603dd4caa1e0359","sha512":"74bf777500baaf8233a03196f0f1e4f63983c0667f421b274945be89a3dcfd98efb1688dcf4bd9a786d4643a7e1e70274609bc87f7194e114004b28999f97ebf","ssdeep":"768:kFM2rFV5sLBBPeVOnQ8Tzxvq5SOHScfqM:Mbz2LBBPd9Tzxy5SOtL","tlshash":"50c2f1dd5c68dfe0ca6cd505b8d8097537fdf80998b516e091f87802e8bb72428e913e","first_seen":"2026-03-02T07:28:25.817676Z","last_seen":"2026-06-06T14:33:38.642173Z","times_seen":180,"resource_available":false,"data":null}},"time_used":1713,"timings":{"blocked":1468,"dns":0,"connect":0,"send":0,"wait":226,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.validate.js?2017121201 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-ed9a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 213d600081361d8de586e3102aa7a71e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":60826,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256)","md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"resource_available":true,"data":null}},"time_used":1175,"timings":{"blocked":951,"dns":0,"connect":0,"send":0,"wait":214,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 2400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Nov 2024 05:04:35 GMT\r\nETag: \"673584e3-960\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: dfcaa6a1fb27e1eef46592fb362c8704\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"da69e30e16cfe1ddbf85e3aa3642b21a","sha1":"8530f19327891df0e585355279ce85507e3ffda4","sha256":"c74d62e601ba04d4d92df4ef116934762c23316bca9f65dbd2c2b4b6e73fd431","sha512":"3bf68ecba7a87746a369e9e3d69422cdca616c6952716c27ae50528aaed987ce69a1a8d81b2d327be14914cd7f567dd0c2bef5075eff527cac9e9fd7cd091bfd","ssdeep":"","tlshash":"17411a95bbdb6a13120982a620fe6002ad210800d9f2bd6538db4c733ce07f21964fed","first_seen":"2024-12-13T19:22:27.987299Z","last_seen":"2026-06-06T14:33:38.507434Z","times_seen":658,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 396af4c0282bfa6c033e365aa7eb2c26\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.538575Z","times_seen":905,"resource_available":false,"data":null}},"time_used":1815,"timings":{"blocked":1601,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/icon_eye.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/icon_eye.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-184\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e297a1de5af4121fb1eae8e4fa789571\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"25caaed99359f8457952ec929497c610","sha1":"d79b842381cc35b013b72e8eee86aaff32cc68b1","sha256":"ae84f234ff196c67c9d72336ace3a039460ef08dbd54bf288de428d8dfd4365e","sha512":"626735e0ad18bf56854307da6e5a63b269f014ff6b915ca132c17f951e882beef470b275b664693b25a6be6853ae0c0677e6696f3d4678b3eaa4a612dff2de5c","ssdeep":"","tlshash":"6fe0c0d31b1dbd30cf5801373e9157143962b2846283b108b7845102d8c63593cf7fa8","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.546278Z","times_seen":895,"resource_available":false,"data":null}},"time_used":1365,"timings":{"blocked":1151,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/c21119500a71cd1dfad1041285222895.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/c21119500a71cd1dfad1041285222895.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 91132\r\nx-amz-id-2: x/9wNj0YUWQMVyhqLgcFP6OdcU6CBOwjHODhJs34sAi1/O/PgIH0mXjdjqX389CQSRh+FBtX+9g=\r\nx-amz-request-id: 8S48754C411PKG0M\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"44c360f70ad7205af7be4b9e72ad8206\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91132,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"44c360f70ad7205af7be4b9e72ad8206","sha1":"aef9ac8c9276f5fc208a1bfb2cdf1abf4e2556fa","sha256":"264b1eb2b87680606d9e9de6d96dc31b8825180e5588765252081d2772eb98b5","sha512":"b93e0d07717567f4121e6eb60f35009e85ede4231eabbd57bd5f7ac58e900b84f070732c432354a60caca3e1dd41e964599a39f0bce439dcb93eab74662849f1","ssdeep":"1536:1d8GPhwJdntG/Yn2TCkjtSbZuF9G8HwCl0VZQkEToysVq9py3AUCctpjHQSFP:f/2tCw2VtStmfQXTKyVq9py3AUCcttP","tlshash":"3b931245ec9f3c26622931115d6f6cd38ac991a7e4b7c837a4f3b2be3405586fe28d09","first_seen":"2025-07-18T11:22:50.67008Z","last_seen":"2026-03-19T10:33:28.657026Z","times_seen":470,"resource_available":false,"data":null}},"time_used":2773,"timings":{"blocked":787,"dns":347,"connect":216,"send":0,"wait":471,"receive":726,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor3.png?3","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor3.png?3 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 10466\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-28e2\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 26344863e350097643946b9759bd617d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"4ac6040378c52082239823adc971fe93","sha1":"f5e1c0385b576f11d3a18aba66f36abd7e895055","sha256":"3a1689108f773fc9d3a86757ce359ebe90f4543680be838bb9d82bd359e3986e","sha512":"f8ab3f0e33f548141655d8a6b1e7792835511ccef503434db65b5844d0e4c51b7667fec661294d453316b2b394a371980973c49fa144f1f707bc6f77191ff375","ssdeep":"192:M3I4RzpFzXCPwiIjmqoG+Hw66/VcNMOVejNfd++tTfanWgSO3dY:MYOzpFze9Ijmw+Ht6/CFVwNDtTfanWgs","tlshash":"d922bff15ec9a29bf8add03794362f05b6d73f8ac4ac71576724f893e48c4512c228e9","first_seen":"2026-01-23T05:01:52.443661Z","last_seen":"2026-06-06T14:33:38.614185Z","times_seen":223,"resource_available":false,"data":null}},"time_used":1495,"timings":{"blocked":1273,"dns":0,"connect":0,"send":0,"wait":216,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor5.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor5.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 12004\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-2ee4\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0a947ed9c88825d8f353db8e4da89656\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":12004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"e772d932f095a917115ff85857088d0f","sha1":"1ba7b6967a2fb9f291cbe99bb3b3b9a0ed125c50","sha256":"00503366d78e5d7e3b29fb8d8c072ee6ded94655d9d19c0eab97216666ea06af","sha512":"b547dfd1a2130094169366d050119fca01bdfe6857a2d2cb65083271fa2bb6591e2c005f8d9f0de583b2a28721d7e90ffad3e460232a3931e1fc61257ea2e447","ssdeep":"192:mPoZpPVYl4jp4mMape1FWCyxwtefLxwC4+LlkFROlSJc7AmNZlpdJnrwD1jT:mQZceNZpe1FVyxw0Ls+WFxuAg/Xns","tlshash":"7042bf3da8d0abc56dce902c3a2d398203870dd466769d93f76cb477b36e162341dc65","first_seen":"2026-01-23T05:01:52.451331Z","last_seen":"2026-06-06T14:33:38.643859Z","times_seen":224,"resource_available":false,"data":null}},"time_used":3186,"timings":{"blocked":2962,"dns":0,"connect":0,"send":0,"wait":215,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /tracking.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWyWrbSX5ljRYd-t8n8OR3YaNRwP2_SyIkoCZ4se3Bbl2CdCJSMe_XrV3pyMGTUqcSfSHH1oIao\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\nx-goog-generation: 1772545407135476\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 100997\r\nx-goog-hash: crc32c=0C+lAQ==, md5=LTKjnKToEIsdtAHlBtmPGQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 32759\r\ncache-control: public, max-age=28800\r\nexpires: Wed, 04 Mar 2026 21:33:01 GMT\r\ndate: Wed, 04 Mar 2026 13:33:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":100997,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"data","md5":"2d32a39ca4e8108b1db401e506d98f19","sha1":"ddafeb5f3def94e42c1c5c9f4f89804ea2d26736","sha256":"a1d49f8e5be67da4b3921d0f7cf628b007871101160e6eb6d746bcb440da9a45","sha512":"142665a3e052397ebfafc0b60c203aa3e1dd95905ad5e8708272bd75639cc9dc8d5ae9b4896bc7836199c3ff12aac2d390bfd3fdebca440681bf07b7c09767e2","ssdeep":"1536:E5hboeri/BevgjTcAhWeypynDx4Wwwpw84Io6eFlIUYow8:Evboeu/kYHyp0DPheF4oh","tlshash":"e2a34ada7282b03453f786e7a17fa216b3392818340d8420f17cdd6a395a9c79177f6e","first_seen":"2026-03-03T14:45:10.225758Z","last_seen":"2026-03-05T09:29:13.614557Z","times_seen":167,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":34,"dns":21,"connect":1,"send":0,"wait":2,"receive":2,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a4hskh.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Jan 2026 00:56:32 GMT","end":"Fri, 17 Apr 2026 00:56:31 GMT"},"fingerprint":{"sha1":"6B:86:00:72:D5:5F:9C:50:C7:17:88:7F:40:98:98:9A:FD:9D:E3:3D","sha256":"CD:44:64:6D:51:24:0D:31:BC:19:51:30:3E:3F:FD:B2:DC:11:DD:3C:75:33:4A:37:DA:24:69:03:50:D6:29:38"}}},"request":{"raw":"GET /activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 106930\r\nx-amz-id-2: n3kZ1o5r+aM7FuWT825JYnzMYTPtOceNV69rsSsoka9Xs1fG+5XgBH9o4UdXTlZdjoAuWLeXEEA=\r\nx-amz-request-id: 8S42S1H87CTSQ3QJ\r\nlast-modified: Sat, 17 Jan 2026 06:23:27 GMT\r\netag: \"7907a7882ded0237441091b52c3b50ea\"\r\nx-amz-server-side-encryption: AES256\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"7907a7882ded0237441091b52c3b50ea","sha1":"209414f453c53fcf4e63f7ea0a97a550d8aeea67","sha256":"df2155b8cffbead53e3e14bcce48b057ed7675416c59fb30a119371e6c3e97e6","sha512":"2bfadbaecc029a20dddf059c4391b947beff06a641016ae6464b11abd7ca41b5d4789f3fcb77c3ec65ddd3538508e47704e682b1d2f1c18f90658dd6c279a546","ssdeep":"3072:kEfWMVC/yIjXMLpQQDhMaQEXn8vTiWzyToWR3YjkC7O:kSD8yWUHhnoTdyFmP7O","tlshash":"c3a31254bda0f6a3d67fe7e9ebc5075d6f9f424a8e59c22c60343528ad2f9c28036170","first_seen":"2025-07-18T11:22:50.671167Z","last_seen":"2026-03-19T10:33:28.684969Z","times_seen":471,"resource_available":false,"data":null}},"time_used":2599,"timings":{"blocked":763,"dns":355,"connect":204,"send":0,"wait":499,"receive":569,"ssl":206},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/9.xhyEK0_l.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/9.xhyEK0_l.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWx84yCfsifW97bqXiJFQl8APv_96Xk4silfpuTaGPPDHM8Rxoe6SShOT81DQT9jMvRvJUkH8tw\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\netag: \"c96a39460d2b0a92409b2b92f3da88f9\"\r\nx-goog-generation: 1772545407047468\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 74\r\nx-goog-hash: crc32c=pjIEnA==, md5=yWo5Rg0rCpJAmyuS89qI+Q==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 74\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":74,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"c96a39460d2b0a92409b2b92f3da88f9","sha1":"c1ad7e3c7f38743ebadf589676726dad6799a9d5","sha256":"af2012b0cdfa449f186df2f8dc9b3e64b48b8c5c630cc8d3c4df61973499e7c4","sha512":"c6a642b4f09c7dc0b2679c972cc99e4c1e00e268d309aae062883d3eeeb7d3e39bef53388dd20aae7f733da57ed2374c1b12ded0997cbca2762b4b03c332cbfd","ssdeep":"","tlshash":"27a022ca38ca32ae020230300f0f20c0e0b8c02c030e0328800a0200b2300a002ffc3c","first_seen":"2024-06-24T12:34:03Z","last_seen":"2026-06-07T08:09:45.62326Z","times_seen":18421,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_08p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_08p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 14696\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3968\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a446ba548af57ccc65e867c966fa6aea\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"ce8af7d88dfe5a8cc857666523c01fea","sha1":"370b5c460e31540ff1c8685fe2188adfc8fe3641","sha256":"7ba510715c55f7c648e19a82b9690f58ac0136c370be907bcce569c08bf03a74","sha512":"b9764ef8173289fa4b4214274745843e1cbcdfbbb7b1cbd5d1ee9e00beb3e0c0410b714bc466bf7f9bd3ba7515cb562460b1c175e03c25900418ea4bbfb68679","ssdeep":"384:XJXE05RJmFuDKsllhSHwRJ5GotcrxjYvFx:F35TmFuDKsRXurdI","tlshash":"1e62c0bb453095b578e6b81e0cf21a8b37b94fadf54e18665202f0ef60969c38e1852d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.545138Z","times_seen":879,"resource_available":false,"data":null}},"time_used":1939,"timings":{"blocked":1261,"dns":1,"connect":1,"send":0,"wait":221,"receive":5,"ssl":450},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i2022109557596bf60a4a37a8fd6570231b8312.png","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i2022109557596bf60a4a37a8fd6570231b8312.png HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 228056\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:07:34 GMT\r\nETag: \"6344ddf6-37ad8\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d83216dc78689984938549bb8e7e0bd8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":228056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 838 x 572, 8-bit/color RGBA, non-interlaced","md5":"ad437106303315b23ca37c00fac9b9a7","sha1":"f503a3d13adaba3b253e4adb493181f86c50bb6f","sha256":"9624ab5cf4b378ccbf9525a00dfbc12c923cb62d887e8bd6a69c4d140c6a8133","sha512":"36cf78c0da7bd3530167e12f2bd3a0f75c38a745f337075d0b493eb41d6e035a2e7fe461df7a771e94eb42e69f419eb3af283b220bb211a2b652d8f55d47558a","ssdeep":"6144:/LkBXH85hsNRgjSxVQldvROEZ7dhzZA6x/qQ:QqnsNRKOVwdvgEE6IQ","tlshash":"122412ecb69b980fef3d1147925c0db4e0f820043b1c9277a155e9b7e8d21a939b5acc","first_seen":"2023-05-05T17:23:57Z","last_seen":"2026-06-06T14:33:38.577024Z","times_seen":798,"resource_available":false,"data":null}},"time_used":1531,"timings":{"blocked":1244,"dns":0,"connect":0,"send":0,"wait":215,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_return.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_return.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 778\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-30a\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ff2e11a7e55c08391e5934b8d2da1954\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, interlaced","md5":"fabab84476aede515f6619fb53cec396","sha1":"84650df8e118c2c101bc0bf6e20d9c76d4303b06","sha256":"8141cf949879defeb74a01e369563041075c8417c2f3e8789bd07fcdb6499552","sha512":"99f267bd6c596ca4ccf617f05a2c86edb2ae6a805fdd5ff3458c66853e87760d215225373e71cbdae688936cbcb88441bc3138eadbad694364fcfc7490eb50c7","ssdeep":"","tlshash":"d70120c5d7761db0c2c161b7163f9a8b1a0b8516a805a10d2e8634b39945f842d8679d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.610821Z","times_seen":900,"resource_available":false,"data":null}},"time_used":1820,"timings":{"blocked":1601,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/modal_reminder_logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/modal_reminder_logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 14074\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-36fa\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:03 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 32d81f31b0cfc7a5a2552ad935933e61\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 569 x 555, 4-bit colormap, non-interlaced","md5":"3494fbc85e95ef708a1db6668fd2e401","sha1":"b9fbfc60416cd990012546e74b0fdb38bdbebe19","sha256":"3167f9728906a03ceaea850d57533fb5c253a38b94cfd55d245f714d7f18afac","sha512":"78791223a160d4012f76fad660815eb9fa01d4beb0bc98de01288e66b477a3c739a4b8ec0fcae6263fc66aee0eae43780d1abb663dc25b635bb9f702bb0eefff","ssdeep":"384:ZArYvJEV26jJlaWFjf8KvQdlbT3mc1qm+wTR:WcxaJlaOQRN14wV","tlshash":"0d52cf1c0cdd9c4dbd74129169409f8b5c70abfab9f051eb88caf218b6af9402554f23","first_seen":"2024-03-28T04:38:14Z","last_seen":"2026-06-06T14:33:38.577631Z","times_seen":735,"resource_available":false,"data":null}},"time_used":1839,"timings":{"blocked":1613,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 7362\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1cc2\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f4c833343ca8e86179f3d483f6cb4c6a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"450da5e1024050be47083963bfeef8a1","sha1":"498dc30e72d3f82ddc7d12b8a8cfdb2fa1aa4323","sha256":"b8eb162ba4dd5f1752300b9625aa98f924eb55d937826b2a227f86ffb51f05cc","sha512":"af4c3f1367a37f623dbe211a17f3d55c9211e388d879d22a286b23ea5ab353adbedb3375199b7a50a8a1e391b9027f22d0102baa7c719533570c3b86a8f04bd2","ssdeep":"96:GY2gCFi+8zRv9iku2V0zRWTFatQL8R2zRPJWs1Y4v/iP0TnRiNXoHAY334hrK31Z:GQVsklKrt0wKE4ugnANYgY3blMu4xG","tlshash":"c8e1ae64bdf180d5d29dbc8d7fd6d063e82b8fd78180722658aec40a55a40b1e8a0a6f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.551591Z","times_seen":903,"resource_available":false,"data":null}},"time_used":1582,"timings":{"blocked":1361,"dns":0,"connect":0,"send":0,"wait":215,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/close-x.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/close-x.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 1101\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-44d\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LbE5eoveIiQcF7sOWtdeR%2Feju6YZAtnjcLj%2FQhuFzCgedLHElNOrJE1qWpKMKrti2%2B1V3pXT01Ghis8clsvHvC630D4Eh0yoI%2Bb9%2FoCjQmY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d71401b19f18deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit/color RGBA, interlaced","md5":"6d53ba3fe6c7f1b97871c37f610267c9","sha1":"911d9c2f4efec81d5a7edd84bb7a4f1b33dd8560","sha256":"a1c35b21ff48ff6181a0f1f443508abff9690316942a1d4974614c2c79f0d420","sha512":"8538e5f48126db6176b784162592998bc86fb1ccd88318b4d69334d1ef5fb8037c79ba2bb295f03836c315bbcf102a89e3b70630b6a46646c4acf5127ce4319d","ssdeep":"","tlshash":"0f1186836728cb31c123023a9399630afa184d52b61757cc59cc6c0fce980e2555c61e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.639297Z","times_seen":605,"resource_available":false,"data":null}},"time_used":910,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":910,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mxx9.tv/","fqdn":"mxx9.tv","domain":"mxx9.tv","tld":"tv"},"ip":{"addr":"172.67.145.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T13:32:57.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mxx9.tv","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 18:36:12 GMT","end":"Mon, 01 Jun 2026 19:33:33 GMT"},"fingerprint":{"sha1":"27:0A:3C:D7:08:CF:26:29:AC:FF:0F:64:91:21:9B:46:AA:76:05:B2","sha256":"99:82:D9:C5:92:45:A8:7B:5C:16:3D:05:71:D6:7C:62:71:9B:23:F5:4D:B8:A3:63:9C:C1:BD:84:84:96:B4:AA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mxx9.tv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 04 Mar 2026 13:32:57 GMT\r\ncontent-length: 0\r\nlocation: https://cn.1mebetx.com/home/register?code=32654\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CGftzdNgRbpaZgsllSarQ6HePYyas2nF00SXDqdUGsS4%2Bp8TFlf56QXhBpKkn1etSHyrpNsRCmaJwV79fwdnwcv4Stm6hCI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9d713ff96b4c527d-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":99854,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T19:34:24.271823Z","times_seen":16219631,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":39,"dns":7,"connect":8,"send":0,"wait":11,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"mxx9.tv","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"mxx9.tv","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/game/Game.js?20220202 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Aug 2025 05:10:21 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"689d6fbd-f55f\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 01908a681dfafd2621ef5a1868893a61\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":62815,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"resource_available":true,"data":null}},"time_used":960,"timings":{"blocked":-1,"dns":202,"connect":1,"send":0,"wait":216,"receive":5,"ssl":536},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/js/captcha/geetest_captcha.js?20230927","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /js/captcha/geetest_captcha.js?20230927 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nLast-Modified: Tue, 22 Oct 2024 05:00:27 GMT\r\nETag: W/\"6717316b-ad4\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 26d9d0a11667df58328cd92ef12fa261\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2772,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"e345de06bb4a6932b96037c5da2c4df8","sha1":"21d7b304e5a5dd24b62da0e7948922207c552c8a","sha256":"72d61c5f4a81b60d7e425371ab3bf7f672dbbc29e58e6765622d008bf36bd64b","sha512":"9767a703990e25c6c6815ab9d5396851f77d8610526c7ed9c965bf02d406d1dec9eaf41df28fad7dc59a914f03b2d48025f07fde6b2cf1ddc369c151f564c917","ssdeep":"","tlshash":"625116799976cd824d1fa0b7a75f9898d601832bf505c9843decc5ce9f274888091fd7","first_seen":"2026-03-04T13:33:41.555388Z","last_seen":"2026-03-14T12:44:47.989828Z","times_seen":16,"resource_available":true,"data":null}},"time_used":706,"timings":{"blocked":-1,"dns":51,"connect":1,"send":0,"wait":214,"receive":0,"ssl":438},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_football.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_football.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 20588\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-506c\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9620b40175178c51a405bf8dd3f5c7b4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 1057, 8-bit/color RGBA, non-interlaced","md5":"1070cd5b06840cf7f154e66c09ac305e","sha1":"8864ddecf4ae0db0790bb5c901da76bc0b31c84a","sha256":"c76aa339cc81f581354af830b7ac9984cafbd3836e2f1e53762b7baa720cb43e","sha512":"cf434b41eca22162d4aa5377e62103bb0966b4dd4974599bc19f45ddf801e84aca49fd57a2d2a756b7edbd36e5fbf49195c5bc593100cc69e6b8caaa3f6733c3","ssdeep":"384:JEgvqB07FQV4hlkvWknpVtQCdWUKxk76w27R/9ThToBdAm/:JExBu2gb29nKqc7R/vMH/","tlshash":"df92d046d332f232e578f5229567c5de221f2d07099b0f1a489df013ace56bae189e0f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.562669Z","times_seen":900,"resource_available":false,"data":null}},"time_used":1376,"timings":{"blocked":1143,"dns":0,"connect":0,"send":0,"wait":226,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dingxiang-inc.com/ctu-group/captcha-ui/index.js?_=1772631180958","fqdn":"cdn.dingxiang-inc.com","domain":"dingxiang-inc.com","tld":"com"},"ip":{"addr":"47.246.44.187","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dingxiang-inc.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Tue, 19 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"E1:48:59:CC:B7:C4:8A:BA:0A:07:24:38:BE:64:21:78:32:7C:1B:36","sha256":"E9:D1:91:B0:30:03:1D:51:3F:5C:C1:C9:4D:10:8D:BE:AA:D4:7E:BE:9B:65:94:06:F4:82:97:FF:43:99:C0:E8"}}},"request":{"raw":"GET /ctu-group/captcha-ui/index.js?_=1772631180958 HTTP/1.1\r\nHost: cdn.dingxiang-inc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ndate: Wed, 04 Mar 2026 13:33:01 GMT\r\nlast-modified: Fri, 04 Jul 2025 02:57:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6867432d-43915\"\r\nexpires: Wed, 04 Mar 2026 14:33:01 GMT\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nvia: ens-cache15.l2de3[462,462,200-0,M], ens-cache7.l2de3[463,0], ens-cache3.se2[491,490,200-0,M], ens-cache6.se2[493,0]\r\nali-swift-global-savetime: 1772631182\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Wed, 04 Mar 2026 13:33:02 GMT\r\nx-swift-cachetime: 86400\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9a17726311815473968e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":276757,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65321)","md5":"f20fbe4ba15ff136b5082a5a3541c49d","sha1":"3cd52a254611b3707ba10767a1ed86cc255900ba","sha256":"e53ab5be072532086a4288c12d9cec8fe8e98676d4aedfd2615c927c8b916c35","sha512":"cb1610706ef61ff6d8564dcc67466e0a96134107a4caafa8ee743033b541c66e24963dbb553ec7aade5f163572a9b4ddd9f0417a68ec3dd0e666534e5340a632","ssdeep":"6144:DLl3JD13W0TQCs7qo51+OD8vwEPhzDu6CZxf1t6taX/DyhD/+Htb8lJvOtKQkz:J9DHxD2xz6aX/qz+lcJOtKQkz","tlshash":"ce446cf7b2e0984e043a90a58d3ab47c116d1a11d034cf6ac9dffcda879e219e35b9d4","first_seen":"2025-07-16T17:50:21.878476Z","last_seen":"2026-06-06T20:45:34.442706Z","times_seen":135,"resource_available":true,"data":null}},"time_used":802,"timings":{"blocked":117,"dns":107,"connect":21,"send":0,"wait":523,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.eaafacef.com:2053/entrance/api/config?status=1","fqdn":"api.eaafacef.com","domain":"eaafacef.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eaafacef.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 23:00:20 GMT","end":"Wed, 27 May 2026 23:58:47 GMT"},"fingerprint":{"sha1":"E2:BC:02:0C:59:2E:20:3F:82:FD:19:3C:B0:29:B6:6B:5E:67:EC:C9","sha256":"A4:D0:6E:A0:6C:29:61:D4:55:1A:6D:C7:D6:9A:E1:04:04:A2:A1:22:C5:42:FB:E1:3C:D6:4A:15:B5:A4:3B:5A"}}},"request":{"raw":"GET /entrance/api/config?status=1 HTTP/1.1\r\nHost: api.eaafacef.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 57\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, Content-Type, Cookie, Accept,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BjjHijnFLrbZfVqV70gnT3eHiu%2BozwLNASaFajF%2BybkaBD6xnY%2BpS8PG0gpOzBgzl7MJ%2B56ZqqyCNW%2FCuSNSys%2BOqHs%2FY6NK0FDuVPoeac0%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9d7140154c207dde-ARN\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2232,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"4da555f4f86c4a85d530cb5e35d96406","sha1":"6719ec9a675bfb52cfc753a21ec9d3a2698b2150","sha256":"eb2495a301c9eeef656661e7895355ebfec3c026f44fb4cdc54de12afef0e469","sha512":"5b5638bfe8b7d783defe544be4ccb3d811da457b2748188e7f4c78c98a7f218f28edbc80fbc17e97e9c3415b7153ed87e080483a0aabb077810f876cb28fba36","ssdeep":"","tlshash":"7c41af7653ac36f1ca9a52c0848f37dad17e7b33c948efa77e0d6a1881712b2544912f","first_seen":"2026-02-24T23:56:27.951647Z","last_seen":"2026-03-19T10:33:28.66908Z","times_seen":35,"resource_available":false,"data":null}},"time_used":1087,"timings":{"blocked":96,"dns":63,"connect":8,"send":0,"wait":884,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/service/verifycode?x=0.29855557458005477","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /service/verifycode?x=0.29855557458005477 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-; JSESSIONID=02194A41888DE93C72B46BD867E09B71; _vcid=02194A41888DE93C72B46BD867E09B71\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=FABED58DE2BA6B164D924E3DBE432803; Path=/; Secure; HttpOnly\n_vcid=FABED58DE2BA6B164D924E3DBE432803; Domain=.1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: a4ec8b8cbc69c142f8c0cd479917abce\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1066,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"3cf3dc5377e655092a4b57c86760ba7c","sha1":"01e5e3d4bf2c5475488f6a9bcc5f2d71c7798e22","sha256":"2f71b0b2dfa39cbfd7c2b7243a62734aedb6ec26d2cafe2d237a1875124a58fd","sha512":"73eba0cf730f08275d897b29290daa4a90ccbf0ab7ae241967b8e19d404b749227bd533a2134ef35a56581a32aeb3ec81cdc08b9c7c8f9b4b9387925ef2a96bf","ssdeep":"","tlshash":"3a11655fdb9be321af2385ba53610722818ad456be4426781da0e2f5e510cf49b4434c","first_seen":"2026-03-04T13:33:41.561615Z","last_seen":"2026-03-04T13:33:41.561615Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1174,"timings":{"blocked":915,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","fqdn":"secure.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"2.22.225.83","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1 HTTP/1.1\r\nHost: secure.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncontent-length: 760\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1776,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1776), with no line terminators","md5":"85bd0d6da97a7827f5dd676d0d1abce5","sha1":"8e66763d6be78b29791e985a0565a5c89ff08842","sha256":"f5838307e3e252edf23febea2ebe52ffdcf0250fc8b7aa1f9e8ba24f7fd939d0","sha512":"6acab59ffc6fa7ce62377efb80c7c2fa132b348c549d85e3f0cd657542a8dbe7271473c22b4dcbfebd995a8d29834733392bef6d46f9a36bd870aa50d677dac9","ssdeep":"","tlshash":"c9314173aa00c91d71748231bd9fb08e895d534e8644acf2b29422fe0ad0ed98173e29","first_seen":"2026-03-03T14:45:10.156081Z","last_seen":"2026-03-05T09:29:13.872428Z","times_seen":149,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":38,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/sponsor1.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/sponsor1.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 8439\r\nConnection: keep-alive\r\nLast-Modified: Fri, 23 Jan 2026 04:32:15 GMT\r\nETag: \"6972f9cf-20f7\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 1439964bfc394f549a39f92d4c1d5640\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8439,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit/color RGBA, non-interlaced","md5":"65b6723769cef37e0c6e5850c7137bc8","sha1":"d5258baab5f5cdaa29b6853558f16dd6b6435d00","sha256":"161ead6af798bef1ea9b6091a24df2b0f741a0ee0415f2abc11a4d115e0fe874","sha512":"3eadd356a2de604911fbdb8559dc65c517403c7fb09996464d92ac568240a0ab4f4c64be689fdb42d00ef0e285668654504522f6f960c8619074b27cc3981314","ssdeep":"192:jrGlvpl6wAguuMUgTy7s135bVNZFPkk5Ne3AY8TBcnEq3zrGa:3GlpJKuMe7A39VDlkk5VY8TB6zaa","tlshash":"7f02afbd8888c53efc1e8d6c62b06347bc3a71ec84398133465ccae6516c3a4e509f6b","first_seen":"2026-01-23T05:01:52.476079Z","last_seen":"2026-06-06T14:33:38.627422Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1956,"timings":{"blocked":1279,"dns":1,"connect":1,"send":0,"wait":224,"receive":1,"ssl":442},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.carousel.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-5e3a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a97ba14f84a81e1e9fe8b97156b3df52\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-06-07T13:41:41.679746Z","times_seen":787,"resource_available":true,"data":null}},"time_used":955,"timings":{"blocked":-1,"dns":217,"connect":1,"send":0,"wait":216,"receive":1,"ssl":517},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T19:34:24.271823Z","times_seen":16219631,"resource_available":true,"data":null}},"time_used":1471,"timings":{"blocked":1185,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Feb 2023 01:02:20 GMT\r\nETag: \"63d9ba1c-c4e\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0bff6a37c964cac975025967989e0493\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 373, 8-bit/color RGBA, non-interlaced","md5":"a64222f0baf49b7b54175cb4b70c7772","sha1":"179e5f57fdd5dee04578274231a5445b76b83ae2","sha256":"382fcd4debce444b68de702fa69d2b8935ba546457f1a36d358d312baec1f35b","sha512":"13ef9e867c04188713a5812ed810ccd9f80771648acfed7ee5a3b7ffe0862f67233d1136de6440ade5854d2a14012fd6d7f1751c010a6f8dcc708d4c6d640291","ssdeep":"","tlshash":"ad514cc1185c2e117ffd4130cece1ff99c9e2da667e0a29d8639d1926da4310f4a5b8c","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.493319Z","times_seen":905,"resource_available":false,"data":null}},"time_used":1607,"timings":{"blocked":1392,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/img/arrow-left.png","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:02.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/img/arrow-left.png HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.vrfpshbc.com:2053/global-activity-entry/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 04 Mar 2026 13:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 710\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\netag: \"60ca3dbf-2c6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eacQUD4Q6SotEMzIPX2kqH%2BiqFSbnuzq90%2FPs%2BDPbgYcQUjMrcbcyxGTuZ81IHMm09rzoXv7o5qPJR8CZMa%2BHUcxU%2Brmg5uimbXjje2GcWo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d71401b1a208deb-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 34, 8-bit/color RGBA, interlaced","md5":"75283be3b7efd575f15a3c05ec9a83e5","sha1":"8646eadd0f93308cd0bd224242393f505e920f7b","sha256":"14dde123a93666ed0e806b324627c3cfef68a77e1ec346677fd6d1d05187685a","sha512":"f647f432cee300847d1f2bf7a0974885b9bcf773589cf0644ffd0a97282546ddbf6731f08658fa11732d150f17b5849db18c8e5ed1d586043e443806b60239ad","ssdeep":"","tlshash":"03014eeb13b47f50e7a1ac372d82d3280eac89b57514468c01401ab98c7e4cead983b2","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.567512Z","times_seen":601,"resource_available":false,"data":null}},"time_used":823,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":823,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/widget/static/js/7.qYTqns9Q.chunk.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.36.77.179","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.livechatinc.com/customer/action/open_chat?license_id=19463678\u0026group=2\u0026embedded=1\u0026widget_version=3\u0026unique_groups=0\u0026organization_id=d45af0f5-ff1f-44ac-97e0-5c9471a8ec59\u0026use_parent_storage=1\u0026x-region=us-south1","date":"2026-03-04T13:33:02.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /widget/static/js/7.qYTqns9Q.chunk.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://secure.livechatinc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.livechatinc.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AGQBYWyuZvwTLoJs6PziGY6XMSYniDwrve7z-dVQKWf0OuwGigcB6zimX5feuuH2rrBGfNfWGLE9DdA\r\nlast-modified: Tue, 03 Mar 2026 13:43:27 GMT\r\netag: \"d541ce2d754402b833cc65b76eaea2c6\"\r\nx-goog-generation: 1772545407041597\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 40\r\nx-goog-hash: crc32c=jQQqwg==, md5=1UHOLXVEArgzzGW3bq6ixg==\r\nx-goog-storage-class: STANDARD\r\naccess-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 04 Mar 2027 13:33:02 GMT\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-length: 40\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":40,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"d541ce2d754402b833cc65b76eaea2c6","sha1":"c36a92a0f5cef497ce42b1e8b4c72c8d9bd3786b","sha256":"80353503e48ebf6c2ae9f70184d3e758f64bacf48afe147e039df807509200cb","sha512":"f8cd5cc49f9276c580419958bf312ee0a311194fd41d116ee709e56401d769511700031ec9f3e6151f8da6b7e13b16e374a231e31cb00b92413ce5c751c2a0b6","ssdeep":"","tlshash":"f090044530d334753111111c453f5c0551144c4c05d55730c010d5551f514f4571fc4c","first_seen":"2024-07-04T09:32:22Z","last_seen":"2026-06-07T08:09:45.613581Z","times_seen":29837,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/css.css?20251226","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/css.css?20251226 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 04:43:56 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6971ab0c-1f83b\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8683bf00cd80cc96c44378cdf0464d32\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":129083,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (525)","md5":"f33659928ef4927bfd85af4f42f0f555","sha1":"f7b01fa2de028214ac7a57d2dbc915ead275d674","sha256":"da37902f2ef9360be0efe17c7a82c74d1e5e9906bb8118060b885833190349cf","sha512":"ef3ee25c4a9f363c5ccdc947cb479e421dd1c90ffdb0eacbeb09c767f206474c84044715545ba08733bf05f4f483967d8ff63f5c095b420cdc6d8b8c2cc42123","ssdeep":"3072:qNlIZVV0pv2kohJeqCfVkY2t1cicY270HaLMZ9R1oF:qNlsP0pPohJeqCfVkY2t1cicY270HaLP","tlshash":"79c3f8239252204bb137c6557a9da7b86369c003d6436ffe72eebadad16e19403337d0","first_seen":"2026-01-23T05:01:52.463709Z","last_seen":"2026-06-06T14:33:38.643298Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1811,"timings":{"blocked":781,"dns":236,"connect":8,"send":0,"wait":220,"receive":14,"ssl":548},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/messenger.css","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/messenger.css HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-2410\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 833b497904376a3869ff8ff3f499a53e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (538)","md5":"26f774e67203df0b4387b8fdee38643c","sha1":"d46d750b7882c8c3aff3690472c6ad6c5c32d546","sha256":"3d3b344953f5a8668a3a045c902c84e530407997885301cfffd4a1724b6b37f8","sha512":"d2fbe717e58dbc07551690f0d18256cbef2b33adce004da7d83adb34866764ec94ea6ec5d91a9a65754f0239cc98dfc4b7caefb1a1b427a7e5818671c03288c2","ssdeep":"192:Qi0KrdIJjkB1IbXwdRoqXaS3TIFTKC32XifM1N:QiBrdIJnbXwdPC32XeKN","tlshash":"a812f022c5c51927133fcb53add557584f238b03aa1ed4ad66deec4fc70ae6812e630a","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.505581Z","times_seen":1049,"resource_available":false,"data":null}},"time_used":1727,"timings":{"blocked":751,"dns":243,"connect":1,"send":0,"wait":214,"receive":0,"ssl":508},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:00 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-7f20a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:00 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ee0c080531fa2e6f5956b034cd635904\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":520714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002)","md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-07T19:34:13.959633Z","times_seen":15820,"resource_available":true,"data":null}},"time_used":1188,"timings":{"blocked":-1,"dns":197,"connect":8,"send":0,"wait":221,"receive":220,"ssl":543},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/close.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/close.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 1148\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-47c\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2fa47c0ba3fc3be7ae91a5003513643a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 21 x 40, 8-bit/color RGBA, non-interlaced","md5":"64ead6c5d9cbfe3e933c97c2cb20dacc","sha1":"b7b034fd70b27180d27daa9c8bacb50ce721f025","sha256":"55aa71e8f5f59bec62fc6361e10bcf106d21af39a087c4009931884fd03b5229","sha512":"869b8e2b2c8d8ee615c302cbff59fd745f0cb1f32afbca0c89a469b4d1ab61bbe01905b0a8ac07527aa4f763fd11dad2141a58706334062f37dc6267f55dda80","ssdeep":"","tlshash":"0221674dfb8068029445c5c75dfa8033ea234984daf0f861b487e4151ea12b549496eb","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-06-06T14:33:38.539202Z","times_seen":909,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 20040\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4e48\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: cf73b8c3d5f5ac6a83b447a65034569c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"86baccc2262d17c30a1554f6b346b1c8","sha1":"696ce785c5c17611fecb6dd78d9662c141deffd4","sha256":"dfe93dfcc0d88efa36f759f6b0e758a0b37bd91aa65bfa7936763eda17ea6f9f","sha512":"858d5d94817390043018ef671701f57776bbf7f566ded8fe30966a65fcadb9feade8d3c1677f677b9c69b59eaa4d5e818af5e39ec08cccc9281c1dc4517a18d0","ssdeep":"384:ApJHP0rldn8i5UqqXdb3WGGNBIUbj43bXDrzctPOmWRh:Ap90rlddaqqXdM/IUHIr4VOmWRh","tlshash":"53928e946c68e9c1c97a840e246b1f7555a0f1c8edf2f3f06b93e0595c0b868ae90ded","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.562195Z","times_seen":894,"resource_available":false,"data":null}},"time_used":1388,"timings":{"blocked":1153,"dns":0,"connect":0,"send":0,"wait":223,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 6153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1809\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d0aba7f2d30c07d4c89cbc76180f3963\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"89203da3a7f6cd69c626446854368222","sha1":"0a861d62cd091a150ce253ecedf0dff49c80b3f0","sha256":"ae58de0a439617b67724ced1eee3bc04d8103d1a8f34a9ac362d1a842e06d2e7","sha512":"37b0293f4c467a53f8b4527c40345e89d407811a4e7894263663847ecc5406c8d101c2dd9711f4fd099ec325b9013d1337154600b0f87b8fc3e5252a771993c5","ssdeep":"96:tnCr4K+CdLuWy5kOy2k17lRtUsvqI8ydwBlz2gcwNkABBbbk/eH+Tm4Mi0UPftR7:tnCr40dKOOytRhFNaNTDbsxCdixHtUQ","tlshash":"5dc1aef06ab50164f022342747b70504a4167fd89974bc9063bf9f8defe6743e868ad1","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.634332Z","times_seen":902,"resource_available":false,"data":null}},"time_used":1365,"timings":{"blocked":1148,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_12p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:32:59.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_12p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 13381\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3445\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ddfadf78f6a13b43c0eba65dab19fd8d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"771df357a82b3f121039b605126d9031","sha1":"49ac1b1ce8829f54c43e4012c0b21f2fffc6fea7","sha256":"7020ab66168f898a06e3743b3793745da0a9d6017bae2934e842e6ec4addc094","sha512":"acb489f3f721c83653262e26fc5831cff21e293becedd745153219f0300318977a485df8717b9195639e7a4a8760c2a988dc1b18a8a4bf5b907da84674cc4c5f","ssdeep":"384:XJXE05gzzzzzzzzz2Qz9IcDmF/COICUtw6ei/CXd:F35gzzzzzzzzz3xydLZUtAt","tlshash":"4052e14f486980fb060929e40fa043559e9667ff4f65ae34c0d27db7942de5b2fa8423","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.506475Z","times_seen":891,"resource_available":false,"data":null}},"time_used":1483,"timings":{"blocked":1255,"dns":0,"connect":0,"send":0,"wait":223,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=32654\r\nCookie: PHPSESSID=0vre1qsiqnd8kobpvv1eafbdqh; _code_cookie=32654-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:01 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284018\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:04:35 GMT\r\nETag: \"6344dd43-45572\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:01 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8803c58d1981e6938541946558a76eb6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":284018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1005, components 3","md5":"0b9750ad0104aa2243554d5b8007f99c","sha1":"a4fa7203acf5d89e0a8bcf976ed5d7eba62f30e4","sha256":"d234723f8ad984edd04a5dac23778f6832fdd954187461b8b09d46f542dd41e5","sha512":"6cfbf1045d4ca6a956f1bfdbbd39ab5fbbcc01a64612269dbc69b0d663f37ff8b289a657542ad0e00f54e8533e025306c5810ad6fff71782b65f4afeee65ca25","ssdeep":"6144:r+Ywcq6S74AwBaFtWcSnU0aOe+shTOMLO3jpT9a4:r+Ywcqp54aF8pU0cTOMLO3jR9a4","tlshash":"fc54223006e0e7531a7012f36f579fbb5e33a37d68a5da0c69ae168f4c4a35426f204e","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-06-06T14:33:38.502591Z","times_seen":850,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":218,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-04","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-04","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/tick.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/tick.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20260123\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 13:33:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 444\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1bc\"\r\nServer: gocache\r\nExpires: Thu, 05 Mar 2026 13:33:02 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 33e5cdc8fc346515828be9095a8ada3b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":444,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced","md5":"077cd6729828909df9e8d387b91bdaa9","sha1":"e18a6a43471158c5af525d6fce505a5695a87e49","sha256":"c3dd497f34d2204de6f86a554ca97321a269d2d35482c4b79249a2cd95476783","sha512":"fca1c13107960e24c1fe4e2d26da0953e9fe707dc8a7f5127c349afecac92bfaa98d551d9c031fd1c3b71eb3ede634ced3ac7e5e971ed23a2b21562e28798f0d","ssdeep":"","tlshash":"60f05c52ab957d1dde5895721b8d025908b24204252a0b4cc00cf0765ab9bc17e51079","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-06-06T14:33:38.566159Z","times_seen":897,"resource_available":false,"data":null}},"time_used":1364,"timings":{"blocked":1150,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/css/style.css","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"172.67.186.168","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 19:45:33 GMT","end":"Sun, 03 May 2026 20:40:36 GMT"},"fingerprint":{"sha1":"E8:73:95:3B:A2:A4:0F:A6:0D:A3:4F:F1:13:4E:85:09:6B:D0:63:66","sha256":"E6:14:C1:3A:A4:50:D6:F3:4D:3C:52:EB:9F:ED:B9:43:C4:13:78:55:40:E3:CD:29:24:A1:C8:5E:C2:24:0E:AA"}}},"request":{"raw":"GET /global-activity-entry/css/style.css HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60ca3dbf-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sGkj9A8TvvMWHYoBNZrB4q9phazh8wipQ21rHaoRFVMqnFQVxS%2B9d6kkFzE1jP%2F8qMNbiAEvaccbZvL35f1TASnLjHFCiMv%2B0E0u6rh8zjU%3D\"}]}\r\ncf-ray: 9d7140153c4727f7-ARN\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"0c6d034e188bab046fdc5e2bf379985a","sha1":"2d488cf25911a2fc18a528d7cc379ccf0cfe81b9","sha256":"4d22d7a96ba44fa03ada1e71245b3ee64e1e91a1bbe9287957429ab8a1ab0f5d","sha512":"cb7466d46ac336aa2c569e1c8ff81e4576d7b4882259a8e7b278e89158345eaed5e71567878a6e78a3ec54fdf339e86857695fadd6c84194c0a54de40240dcb4","ssdeep":"48:FLYxjPtWs2MYEuZh/Vzlj2TTc4JnAWXorJfNlfUstDTj54JI74koECOH8WzurfYh:FLC2f1YYDO+h0HfYNsu+zjfrQ","tlshash":"9991cc7d4b0722044637d6587bd54b668638d063bb0729de7bd506ce0b91fdc02b1aab","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-06-06T14:33:38.542966Z","times_seen":663,"resource_available":false,"data":null}},"time_used":1025,"timings":{"blocked":88,"dns":38,"connect":27,"send":0,"wait":835,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/news?try_platform=4\u0026status=1\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"20.205.42.30","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=32654","date":"2026-03-04T13:33:01.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Sat, 18 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:61:41:AB:64:77:4D:5A:95:A7:A8:63:9B:8D:8D:4B:8B:AE:53:30","sha256":"BC:73:A6:B8:F4:3E:16:4D:0E:72:C6:ED:25:1C:B9:26:F1:68:6F:09:B9:10:99:CA:B1:E7:F8:BB:43:29:46:1A"}}},"request":{"raw":"GET /api/news?try_platform=4\u0026status=1\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Mar 2026 13:33:02 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":526,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"89024785bd55f5678be3bc1468eea8f8","sha1":"b81ba2b6e9f20c768ed3a871694d7608bd0c7994","sha256":"5f76b505f5177b7432bb18dd72494e0ef602e2c5cd9cb0570f1f06f43ee74709","sha512":"6883217e10ae5f224ee65d5e8bfe9ee80bcb5d712044a6fec651377815cb3f8709d6162a05fcdfc497601dfe625cf486de11071c7878dcc45b688a265a8fcd24","ssdeep":"","tlshash":"b5f0c9722a3cf8161d8c084702fdf25566e9b3c918ecc619b0cf4e01a5a11f187d5a22","first_seen":"2026-02-26T00:06:05.8952Z","last_seen":"2026-03-19T10:33:28.63726Z","times_seen":28,"resource_available":false,"data":null}},"time_used":2077,"timings":{"blocked":844,"dns":323,"connect":218,"send":0,"wait":374,"receive":0,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}