{"report_id":"0e1e4a29-1fb4-44b9-b2fb-8cd68ee9be32","version":6,"status":"done","tags":[],"date":"2025-11-19T23:21:43Z","url":{"schema":"http","addr":"www.ipeklawu.com/","fqdn":"www.ipeklawu.com","domain":"ipeklawu.com","tld":"com"},"ip":{"addr":"52.229.162.112","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"www.ipeklawu.com/","fqdn":"www.ipeklawu.com","domain":"ipeklawu.com","tld":"com"},"title":"forbidden","dom":{"size":5297,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (519)","md5":"be09fe97932056c74189fd3d0fc6f8fa","sha1":"33ea33d50e11e85d670426ea7edd01b7726d4a56","sha256":"88126fb109e61128c89ceb7b3808358ef3e21f74be28b5ae150d6050c0aa9d25","sha512":"50ecb9f06fb2104d33a95e2986b90dcb006986d4f6788c097aa91789d7712a8f74d2d2be190133657bd7fca6019c55f1cc3be6ee8b19b6a148e92fc13b645358","ssdeep":"96:09/7K7zdsn7HTnVj7Z757DHBVdqA0NEy5i:0Jumnjxj91XHf50it","tlshash":"c4b1d8a655d9500eb2f7534cf4637f6c420b9143c22b8e59f61c0dd2f768a931b1a39a","dom_hash":"domhash032bdce2c878c17de13e9ce874c8d77f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.ipeklawu.com/","fqdn":"www.ipeklawu.com","domain":"ipeklawu.com","tld":"com"},"ip":{"addr":"52.229.162.112","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-24T23:21:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"www.ipeklawu.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"static-content-m.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2025-03-07T04:29:51.378972Z","last_seen":"2025-11-18T10:51:32.717166Z","alert_count":0,"request_count":5,"received_data":264683,"sent_data":2433,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.ipeklawu.com","ip":{"addr":"52.229.162.112","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2021-06-18","domain_rank":0,"first_seen":"2025-10-28T10:01:54.559728Z","last_seen":"2025-10-28T10:01:54.559728Z","alert_count":2,"request_count":2,"received_data":11212,"sent_data":924,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static-content-m.wb27jlt6u066.com:9587/images/forbidden/theme_d11/icon_lock.png","fqdn":"static-content-m.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-m.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F9:E3:9C:84:1E:CD:8E:24:CC:AE:52:66:42:B7:C5:10:59:12:0B:83","sha256":"14:0C:9E:A9:B2:47:90:72:9D:92:97:E6:13:FC:7E:25:68:4D:E3:48:62:AC:1D:8F:53:15:25:C2:67:26:62:A4"}}},"request":{"raw":"GET /images/forbidden/theme_d11/icon_lock.png HTTP/1.1\r\nHost: static-content-m.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 19 Nov 2025 23:21:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 5220\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:51 GMT\r\nETag: \"62d84dd7-1464\"\r\nServer: gocache\r\nExpires: Thu, 20 Nov 2025 23:21:23 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 208f59e24883b0631d7f339efffcaa9c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 58 x 121, 8-bit/color RGBA, non-interlaced","md5":"ab4de69584ef345a2b2e29b16a3a86a1","sha1":"f20ea8cedeb72d30e6fbef712b5dbcdc41fbb383","sha256":"bf0b2c3b8ed74ed5208fc483c72d11a32cf3dcdb24d8c8f1330137ebb7978c36","sha512":"d7f50057c2cf01a16a423ee28881f89e0c8fe09d3486d3def1e4234efab67537ee711e3f9d01a46a3eb1bfa2f9f251906d35a45e119aad9da476ebd0fa776a26","ssdeep":"96:O2SQG9c/7mC40x1E9OFkA6hMc76BMeJ2VOeT0J+5af6NN7fqD/m+Qz9:3SQGAmC77owKhV7X9OeTU+EfAN7fqDOd","tlshash":"55b18f97d4c08913de1706b781a4057558ab045f7e7247f7d7827dceca8189a2db8e33","first_seen":"2023-06-09T17:39:24Z","last_seen":"2026-04-04T09:00:33.818271Z","times_seen":88,"resource_available":false,"data":null}},"time_used":2542,"timings":{"blocked":1052,"dns":560,"connect":3,"send":0,"wait":437,"receive":0,"ssl":485},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ipeklawu.com/favicon.ico","fqdn":"www.ipeklawu.com","domain":"ipeklawu.com","tld":"com"},"ip":{"addr":"52.229.162.112","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipeklawu.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 31 Oct 2025 00:00:00 GMT","end":"Thu, 29 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"87:AD:DF:65:FF:58:1D:2D:F8:DB:AD:6B:A9:3F:F2:75:A4:B5:B6:21","sha256":"EB:F9:C9:36:0E:46:E5:7A:EC:C9:8A:66:CF:B1:96:D2:3D:A2:B9:D8:86:6E:D0:78:9B:4C:34:C8:F3:75:DE:B2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.ipeklawu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 604 No Reason Phrase\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 23:21:22 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"604","status_text":"No Reason Phrase","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5390,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (515)","md5":"716c4750dcc448d87363b5dcfd6c35cb","sha1":"8e41c88871f839e4ec00d5197a9627bde5ca6fce","sha256":"53ab41420bcb09665ffbfd1c4daa2b615ec1bf6a367f307bfdc0a43a1450e396","sha512":"767e7b84d0ab8d6b88d0e93536d849f969c81457ee68ed638bbcf7c771aa4b44b222d9a391c423362ce7166056d550e9e40e38066d11083b00b757e7a8bff350","ssdeep":"96:xF9/7K7zdsn7HTnVj7Z7b7D86VgqA0uEJSK:3Jumnjxj9HX84m05h","tlshash":"79b1c7a665e9500ea2f7534cf5a37f2c02078183c62b8a59e61c4dd2f758a931b1a3da","first_seen":"2025-09-27T07:58:40.236591Z","last_seen":"2026-04-04T09:00:33.813727Z","times_seen":48,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"www.ipeklawu.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.ipeklawu.com/","fqdn":"www.ipeklawu.com","domain":"ipeklawu.com","tld":"com"},"ip":{"addr":"52.229.162.112","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-19T23:21:20.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipeklawu.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 31 Oct 2025 00:00:00 GMT","end":"Thu, 29 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"87:AD:DF:65:FF:58:1D:2D:F8:DB:AD:6B:A9:3F:F2:75:A4:B5:B6:21","sha256":"EB:F9:C9:36:0E:46:E5:7A:EC:C9:8A:66:CF:B1:96:D2:3D:A2:B9:D8:86:6E:D0:78:9B:4C:34:C8:F3:75:DE:B2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.ipeklawu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 604 No Reason Phrase\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 23:21:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"604","status_text":"No Reason Phrase","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5390,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (515)","md5":"716c4750dcc448d87363b5dcfd6c35cb","sha1":"8e41c88871f839e4ec00d5197a9627bde5ca6fce","sha256":"53ab41420bcb09665ffbfd1c4daa2b615ec1bf6a367f307bfdc0a43a1450e396","sha512":"767e7b84d0ab8d6b88d0e93536d849f969c81457ee68ed638bbcf7c771aa4b44b222d9a391c423362ce7166056d550e9e40e38066d11083b00b757e7a8bff350","ssdeep":"96:xF9/7K7zdsn7HTnVj7Z7b7D86VgqA0uEJSK:3Jumnjxj9HX84m05h","tlshash":"79b1c7a665e9500ea2f7534cf5a37f2c02078183c62b8a59e61c4dd2f758a931b1a3da","first_seen":"2025-09-27T07:58:40.236591Z","last_seen":"2026-04-04T09:00:33.813727Z","times_seen":48,"resource_available":true,"data":null}},"time_used":2515,"timings":{"blocked":1149,"dns":523,"connect":204,"send":0,"wait":217,"receive":0,"ssl":420},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"www.ipeklawu.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-m.wb27jlt6u066.com:9587/d11_images/forbidden/theme_d11/logo.png?1","fqdn":"static-content-m.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-m.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F9:E3:9C:84:1E:CD:8E:24:CC:AE:52:66:42:B7:C5:10:59:12:0B:83","sha256":"14:0C:9E:A9:B2:47:90:72:9D:92:97:E6:13:FC:7E:25:68:4D:E3:48:62:AC:1D:8F:53:15:25:C2:67:26:62:A4"}}},"request":{"raw":"GET /d11_images/forbidden/theme_d11/logo.png?1 HTTP/1.1\r\nHost: static-content-m.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 19 Nov 2025 23:21:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 12239\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-2fcf\"\r\nServer: gocache\r\nExpires: Thu, 20 Nov 2025 23:21:23 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8904d4717b608f28a1364a36f58c8ad6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 229 x 114, 8-bit/color RGBA, non-interlaced","md5":"ee41e0d7bf60dcc65139b59ea557c6c8","sha1":"4027803ec21308ffbd81383e68cb70abdd146484","sha256":"31d8682218e26c9c4aa70f066ecad079a0291fc5efb344189b90c8615cb3c473","sha512":"07fd22b12b0d8bef045af84c9dc8104ead5078fd730c57e1bfb4a3ad759ae3a03c4d9c5098635e0e82b50f4317adc3404efbb8c7d60a45f324d58c0956c7324b","ssdeep":"192:yBrNVmoVH4HC84ZYflAy7Ex9DtdMeToeIfIHPw3KziX8dCAQOOhQrSQsU:ylCPZf0nSfIHIazw8dCAQOoQ+0","tlshash":"fb42c044bfe3a63ed05d1ba5b061cc5be1ce97f78e1e027a415d6e15c80b58818a1b3a","first_seen":"2025-09-27T07:58:40.233344Z","last_seen":"2026-04-04T09:00:33.81616Z","times_seen":48,"resource_available":false,"data":null}},"time_used":2595,"timings":{"blocked":1059,"dns":572,"connect":3,"send":0,"wait":439,"receive":35,"ssl":480},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-m.wb27jlt6u066.com:9587/images/forbidden/theme_d11/banner.png","fqdn":"static-content-m.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-m.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F9:E3:9C:84:1E:CD:8E:24:CC:AE:52:66:42:B7:C5:10:59:12:0B:83","sha256":"14:0C:9E:A9:B2:47:90:72:9D:92:97:E6:13:FC:7E:25:68:4D:E3:48:62:AC:1D:8F:53:15:25:C2:67:26:62:A4"}}},"request":{"raw":"GET /images/forbidden/theme_d11/banner.png HTTP/1.1\r\nHost: static-content-m.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 19 Nov 2025 23:21:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 11388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:51 GMT\r\nETag: \"62d84dd7-2c7c\"\r\nServer: gocache\r\nExpires: Thu, 20 Nov 2025 23:21:23 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 60a61ecf2d945f0bd4fd31196786fff4\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 228, 8-bit/color RGBA, non-interlaced","md5":"bbf065889cb6a26b17c33226622c4959","sha1":"6e3f1e881f606376cd14a5562c876c7275d1d472","sha256":"e2769b90424bea4b8c9dd2f09357667b548e11401329742464da1a1d3ff7ef70","sha512":"66b7a18871af9c38dfb8e4d7deda9e79c7e3365582bfcde7e2d7675cba565af567da4b1b77864727207aa6b3a8d3c7f1c8b854299bec4fdec935be4f88603934","ssdeep":"192:DrNywC/orUudlO7eifwVnVS47L0cuM41vecFTbv9B5UxXtK3StAaKfHXpe1zsgTv:PTrUuHUeifwVnVSsbK1v/v9PKO1XuDWq","tlshash":"bb32d182637e584dca2c96653bda19eaece1f35f5f0908af716198a06c042d0ffc1681","first_seen":"2025-09-27T07:58:40.22583Z","last_seen":"2026-04-04T09:00:33.820593Z","times_seen":48,"resource_available":false,"data":null}},"time_used":2607,"timings":{"blocked":1072,"dns":571,"connect":3,"send":0,"wait":457,"receive":2,"ssl":492},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-m.wb27jlt6u066.com:9587/d11_images/forbidden/theme_d11/bg.jpg","fqdn":"static-content-m.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-m.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F9:E3:9C:84:1E:CD:8E:24:CC:AE:52:66:42:B7:C5:10:59:12:0B:83","sha256":"14:0C:9E:A9:B2:47:90:72:9D:92:97:E6:13:FC:7E:25:68:4D:E3:48:62:AC:1D:8F:53:15:25:C2:67:26:62:A4"}}},"request":{"raw":"GET /d11_images/forbidden/theme_d11/bg.jpg HTTP/1.1\r\nHost: static-content-m.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 19 Nov 2025 23:21:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 208186\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-32d3a\"\r\nServer: gocache\r\nExpires: Thu, 20 Nov 2025 23:21:23 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 30d2e85f02e01a836e747fe61a275d8a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":208186,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 750x1334, components 3","md5":"5f4ab3a43093026f021970054dcef990","sha1":"bec85937f081c4bfdd804bfe7d6c687b324dfd72","sha256":"ea8fb36fca8d6ee0d075fceb08ecc6ee636d2069eda9d3bdf5d7ba32e4f30caa","sha512":"bc25a88ec88f6c7e551e08bc155964ce0fb05fe12ca4cfd5b5b6d33618e5adf17fcfd55ae4c5e107fcaaa4729e1a270f680387e0217acd1050f83339dfa5f01e","ssdeep":"6144:9772gryzA8fUz2QJblslVRQolmJ8jjip7nyh:976goseBQo4ojipLyh","tlshash":"33142278776badd22c76463d2c41692754d42f888963f3b1cc96ab08b58df0ca7fc990","first_seen":"2025-09-27T07:58:40.221136Z","last_seen":"2026-04-04T09:00:33.817624Z","times_seen":48,"resource_available":false,"data":null}},"time_used":2864,"timings":{"blocked":1062,"dns":570,"connect":1,"send":0,"wait":435,"receive":300,"ssl":492},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-m.wb27jlt6u066.com:9587/images/forbidden/theme_d11/bg.jpg","fqdn":"static-content-m.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ipeklawu.com/","date":"2025-11-19T23:21:22.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-m.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F9:E3:9C:84:1E:CD:8E:24:CC:AE:52:66:42:B7:C5:10:59:12:0B:83","sha256":"14:0C:9E:A9:B2:47:90:72:9D:92:97:E6:13:FC:7E:25:68:4D:E3:48:62:AC:1D:8F:53:15:25:C2:67:26:62:A4"}}},"request":{"raw":"GET /images/forbidden/theme_d11/bg.jpg HTTP/1.1\r\nHost: static-content-m.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ipeklawu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 19 Nov 2025 23:21:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 25432\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:51 GMT\r\nETag: \"62d84dd7-6358\"\r\nServer: gocache\r\nExpires: Thu, 20 Nov 2025 23:21:23 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 53cb5172335920b8e392beb87124690a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25432,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 750x1334, components 3","md5":"7819a1a751f90f5af0370d4e932a2eb7","sha1":"b489c5f285077cbd7ce4115c9305585f1f72453b","sha256":"5c35f5bba753864fd90cb1a8012fdb76d3535558e43deaee01e889aff190125a","sha512":"4239767819eeca3884e7f51e1438f27e2147f05097b47f520f3b8e12adb02c769f312947794dbb627f132d3dbb6d47d87d3a78bd21c9b23229b241d0345be8c4","ssdeep":"384:MrzqNZYjS6rSL+prjWb379eMKpqNaqOU6pNUxj+s0lp:EqjYGcpMLmqAUgQI","tlshash":"1fb2d065e8aa0e1cf4f179b68100ed9dd42a5d16dfc7236dfc22366bb36d52390088da","first_seen":"2025-09-27T07:58:40.229671Z","last_seen":"2026-04-04T09:00:33.819929Z","times_seen":48,"resource_available":false,"data":null}},"time_used":2619,"timings":{"blocked":1061,"dns":569,"connect":1,"send":0,"wait":423,"receive":67,"ssl":495},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}