{"report_id":"0e9b6751-ed03-41c2-8fa6-396db0338dd1","version":6,"status":"done","tags":[],"date":"2025-08-18T01:45:14Z","url":{"schema":"http","addr":"d3bqx5dvn4460l.njzbzmfg.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.njzbzmfg.top","domain":"njzbzmfg.top","tld":"top"},"ip":{"addr":"154.207.77.76","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"title":"萝莉 - 吃瓜爆料话题合集 | 热门内容分类索引 - 每日大赛"},"submit":{"url":{"schema":"http","addr":"d3bqx5dvn4460l.njzbzmfg.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.njzbzmfg.top","domain":"njzbzmfg.top","tld":"top"},"ip":{"addr":"154.207.77.76","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-22T01:45:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"pic.ruubqy.cn","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2025-03-28","domain_rank":0,"first_seen":"2025-08-15T04:21:18.224798Z","last_seen":"2025-08-15T04:21:18.224798Z","alert_count":0,"request_count":40,"received_data":6594463,"sent_data":18196,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"stats.aazfwxb.xyz","ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-05","domain_rank":951653,"first_seen":"2025-05-08T23:43:27.930243Z","last_seen":"2025-08-12T15:35:12.882929Z","alert_count":0,"request_count":2,"received_data":6061,"sent_data":880,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d3bqx5dvn4460l.nefcvtm.top","ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":27,"request_count":27,"received_data":2940940,"sent_data":14307,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}]},{"fqdn":"d3bqx5dvn4460l.njzbzmfg.top","ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":161102,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-08-13T15:12:46.750635Z","alert_count":0,"request_count":1,"received_data":405735,"sent_data":401,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"75cabaa694772e45b2ee3d32608818ba","sha1":"5b7147b6b284896fdfd65020075e439ae00c4b02","sha256":"cdf91797af06c3d3ac64af3fbd511a25069729174cb1bf72a7fdc44fae38a20f","sha512":"d155d8e3e8b92461563b52e1031029d977b9047f405e874a0616a317d394bdcaab45303cc98e9e78eafcf7aa8455318edee51115daaea4f213f0e7725e221f24","ssdeep":"","tlshash":"d5c08ca780001213157bc022488631e00eb3199b04900859ca32efc2a0b4c6c090ecac","size":146,"data":"","first_seen":"2023-03-13T16:33:50Z","last_seen":"2026-05-16T18:05:04.594212Z","times_seen":14566,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6500d0819044b735b19e66a2af45c909","sha1":"ee22d2a41cf2da3445d6dc90b74c43057b7b1552","sha256":"dbb8a7c5a9bd757936e8dc0f0f1b3bb121d37eccfe5bc4b46820cc2e87611f67","sha512":"d2cc5b3677ef78331b5bbeaf21506ad64815b42a981340fc4fc41265326b871ae7875b6b3d43572ac09112f2ed6b818cfe204c06234e2d87571cc288bbf49405","ssdeep":"","tlshash":"3b118cdc7565f4e603c250e9842f2907f33c6a799869e4c44154f8f0acfa469875be16","size":1000,"data":"","first_seen":"2025-06-19T19:09:15.866863Z","last_seen":"2026-05-16T09:05:54.605784Z","times_seen":5170,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6192443df5eb86d686a760a0c705b2e0","sha1":"02c212cbe974c4e90136bf7a46b07ffbf90c2b81","sha256":"534d0fdc3ad66ab867f42e831ce0adc9dd527a7cb6572b00f96b5865cb5e019d","sha512":"80cd9959e4aa349a734b19062bfd10e2ab0166ef0974362a1e4def5273aafa70ad7096596c435547c62e5784651691603da238bc47a8120ad7eadcfeb240590d","ssdeep":"","tlshash":"e5e020512b960c874ec470b5b6c766525d26f204048a91b8982dc7e283d9ce9065bf78","size":360,"data":"","first_seen":"2025-07-23T00:56:23.151958Z","last_seen":"2025-09-12T11:48:40.06048Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1a7f8805bfaf711f28437f8ab936ca9","sha1":"6f6d4f865195ee84d2cb4349f785ac3e2529decb","sha256":"1c47e66880af5210a71b11dae6f3b7fd15259b6ca025b933604e17850d06d774","sha512":"20aebba0ad67acc54c70b1f7d703fbf3538dabef5b0de519cb75baaadc117eddd3dbb475a669bf0a2b049ed2d54c55110c79c950e1c5ef934947dabc2da0ae60","ssdeep":"","tlshash":"a201241dbae31458b61337389b3f4389787015032428db88f84ce681af60c2594feaf9","size":683,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-05-16T18:16:50.061713Z","times_seen":31984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9708d0405c961b65ce6f48fbd643b9b1","sha1":"a4f531d5e15b971abfb69de55b3bc882c4efc0c2","sha256":"b743d020915ef4e5e9db8814c6b40914b3842c1db438154eb0a74c2c7146f084","sha512":"eb8f7e0fa867bfb7242ceb2f8a545cf7c7fcd6c681b891c631ed8fed7148a41e980cb9e871ce55529d0ab67dbf722cc7dc86f786c52be183bae7cb5ad1252752","ssdeep":"","tlshash":"ed4111694d06d22566441078ad0fe74127ca9367bc4cf701f2ecda486faea2ce4b9ce0","size":2016,"data":"","first_seen":"2025-08-12T15:35:38.85271Z","last_seen":"2025-08-24T11:35:33.368401Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e50ebfcefd6cb362885dc70437b0b101","sha1":"e6e5d4b64aac6e38387e236b4b02315fe29fab79","sha256":"f1f9bf4ad7f37b1525d117e49369dc6d7116efca1c61f2de3c9b2b837bad2d2b","sha512":"0ff4be125d40b9d058327b4a9878a0a340609b5bfddf9134d12f57e8efa05b2ce3625f97ea0c16e574b3fef4602d377552a5bb5c1e2ec49a66a1b96f3b70d7d6","ssdeep":"","tlshash":"cbc0929c80e3e080a55a2229729e838929f2800b2a96e72bbe1c81486f0059e45385b0","size":144,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-05-16T18:16:50.064129Z","times_seen":31960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/assets/DPlayer.min.js?v=2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d4c06fcdaf7eff11abe92dfc672cd32","sha1":"9ea7452a7e254d629a5b8228cac7f50963634b6c","sha256":"b56e3355bd9f367512b1b1280f3dad089ba306c0d43eca22793d52f9e9d0e074","sha512":"dbc8ccb227033be3fda38dce4a421198c9461630610f1a4ac31a9ca9868884fe8b4ee7a468d46dd105dbf1f726f90537bb1d95c2f2e0a45363f4d6614dc232e3","ssdeep":"","tlshash":"6c11571208888436024260d0874d9f0f7eb2633684995b53b3aeabec5b9ac5dcc2b462","size":1000,"data":"","first_seen":"2025-04-13T03:23:15.029327Z","last_seen":"2026-05-13T13:55:22.651877Z","times_seen":6278,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc1af75c8f35e87a934187b92f33a5c4","sha1":"4f74631fa85a30ef08470096c6dcd327998eb0da","sha256":"1b7df7bca4b77d4eb89def2abd24f2dfcad17c381a27fd542b41470a5947c7cd","sha512":"17d83c21e542d73cada5c02f21761413a4f463863412ec9c4d3248878ca231ee4db25b395d4de70bda9e638492148fdf2eed52891361afa0e662c9e2d4fef0e8","ssdeep":"192:UDKhafGfAG/QN8QgVa5yvpLkq4mDycdJH06y7zQ/evRJbVhZ8WRqh9fd5gMlpJSE:Uehm1ERBzmSb9pv","tlshash":"8f220e0c9ef35079b127303e5b7f524872799113520dcf057e5ce290af60966aababf8","size":10509,"data":"","first_seen":"2024-08-22T17:15:56.551765Z","last_seen":"2025-12-09T05:35:05.322868Z","times_seen":960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/assets/player.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4fddf8525d2da6fa0e24d94674fb9f3","sha1":"4149060a09da22bbfaa201f413d1f4b446fea1da","sha256":"8c7d71d123ec4f91eec964ba54ad1b8ed87f18d6952bec4b268137197eb42685","sha512":"db14528dfdcffa6605438ddfdf5f5dc40fddbc01e62faf85f41c80b72487ea3958e26ae50aa12ecc59b9379be8fe2a519cb70383f9bf65f2f721aaf163fcfa94","ssdeep":"96:PC2C62HyiZWWlP+oErxSiUtIEu7VfAn1PO8NUWzShC4Wp:qXLHyiZDlPM1SptIEu7Vf+uhCv","tlshash":"b0812e1c68f75021525bb0f68a6fd118b2344a870208de20fe0cab5cdf6953e46f2bed","size":4099,"data":"","first_seen":"2025-04-02T09:15:20.181739Z","last_seen":"2026-05-09T16:37:48.352088Z","times_seen":2493,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/clipboard-2.0.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad98572d415d2f2452845a6068a913c0","sha1":"6674f81dd01c76be986cf0a8172d1073e56d7ef4","sha256":"baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1","sha512":"3c88ac453f2615f771c7df6032ced6018e46a7e0ad8d86312af17ddf0f32580bd7e78f1404d0031eeed091abe0afac911be6aca1ca9fba4e5cae335de73f6ce9","ssdeep":"192:RJBFlYPHiG9JyHg4LyAahp1v/N/MosfkApXMdgmkpj:R9yKG9JKziVF/MF/XMmmkpj","tlshash":"d7126599b291b0b15ad731a8412f920ff3766869708b90d0d279d4f0acbcdde4463f2d","size":9034,"data":"","first_seen":"2023-03-07T12:41:35Z","last_seen":"2026-05-16T18:05:04.575666Z","times_seen":17483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bc102016899b24c77e9c95a22f063c13","sha1":"8c020ef51e507f0af8d6fd4bcad8c9457a4dfc6c","sha256":"3913329daf0872fefe111917f6584d602e95744e75d57208243f4698ec1f93c0","sha512":"226679eb8092047ba6fc32939662ee86baf76f91fed7f3b72407ae24cd1f004106edfddddfade06562cc52abd1133312c074eae7e9cb5063b6345a1c50ed945f","ssdeep":"","tlshash":"dd900202882b1dd82ca00009817d3c88f381299b01f0d4082804f056ce9008e0a081d0","size":55,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-05-16T18:05:04.606351Z","times_seen":12373,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f644ded6bfc5d620f0c03a6978e7921","sha1":"3b83566660b779a041666866b7c81a28959ff40a","sha256":"003ca60c4cf5c0c65a3a2349a9ec7031584bbfb841829c5802b07bce41bcda61","sha512":"bf86cd65413307310fa5915f31d655c5630128345318effaba6d91f1b534fba5dd8b7cdcff7bba38781544fef2b36182ccf52b6dedde1b5713464606b318e023","ssdeep":"","tlshash":"5bf05005d0d386ebd9bb3b1216c74b843ba2698b7ec67f22719cd7499f004ec5478ac0","size":607,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-05-16T18:16:50.066774Z","times_seen":31339,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"36c5b99772d821752789e963ed9a3023","sha1":"602e8f9dca590d4922a2905a000dd0ff649574d8","sha256":"5f4794b8ef7384a1ba2983d8e1765f152d17a43dc479c4369903ce50b7c82e70","sha512":"bc1ddb43c233e304b61677916cffb54fa84b1eb41584f00fc05fc8d200092fdbcbd6b147bbeeaf9bb378bf2def24525fbe150ed36a64d50479e5fd6c08a64e72","ssdeep":"","tlshash":"0f1168cdc853067c166b0acb1ee306c82352a58be446c22732edd74e9fc42d458397c0","size":966,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-05-16T18:16:50.068Z","times_seen":29338,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.aazfwxb.xyz/js/script.pageview-props.tagged-events.js","fqdn":"stats.aazfwxb.xyz","domain":"aazfwxb.xyz","tld":"xyz"},"ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5753a2e8435a3e73e95b4c761b67331f","sha1":"8d3edfabb4475135efb69efb6575726922681db9","sha256":"42178833804370f71809af7abc9161d6530056816f4f1a4e820fe039e648ba0d","sha512":"6f022253925d397e84cfdfc2152f52561b2e01fc45f949b97824309e32524ca8c77126ac505db06aff4f08705f8eb4ce241ad99f4523dafb7830d6d632f32189","ssdeep":"96:1+IiQIswSy6fetDkKn5BATGq+8AxzzCMI:0InGD55a6qWxzzi","tlshash":"9691b5ed3a02b57664b99137626f7216b13b2a93680844006435dec53c28feb6337ece","size":4510,"data":"","first_seen":"2025-06-12T22:28:35.769513Z","last_seen":"2026-05-15T11:08:00.647226Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d829d81d2d148a0a3fe68ad0cd0d9fbf","sha1":"1f646fa03f4a87148d5d39ce98107441c245b6d7","sha256":"f54fb0fd766ead887194b0688d3021d2d0a554144f2336622596b58911b336fa","sha512":"1ba40a145f8ab0499bb38439a21f23b84694d1b5063f12547cd75e139cecba4d6e5b171bda8fc75f774db622b778ef3bc95c1a931340183484402705a6fdfcee","ssdeep":"","tlshash":"42d08c308771f420c42b0947e733138a30c2420b5644c00bf36ce48c2f18e823aa84f2","size":222,"data":"","first_seen":"2025-07-03T15:28:00.068764Z","last_seen":"2026-05-16T08:12:03.657541Z","times_seen":2861,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"eb16af754e434cd101f88fc88cc22c19","sha1":"dc186109d140ea5c162524f9212294a2f35c6383","sha256":"2c1f74ccb5f774b80398787751a36a7d50b7b35a65781c67e0b89c1989b22e7d","sha512":"4bea2e29bb3cfcb3607deef3b47079b9d96c99ad9dad747cc2717e329c704a710de32eaf0715f7d9a815fe3dadbcdbcc075f57eefa72c202dfa7bcb6df82d398","ssdeep":"","tlshash":"24e02be30874b47a402f85cfda7047cdfe52180f78066205720c13482f00da77151c94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.316413Z","last_seen":"2025-08-18T01:45:23.316413Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6999a82270635edf52ea83ce72e09397","sha1":"881649fbabd373d44ac665c843604b6d5513b8d5","sha256":"5feb1e3f47e3dbc54c43e63d4d98ee7ee2c2fe1db92e29e150010fb0a905e9fe","sha512":"54594f6305c4f8ad19dced33d202ac8a4d5ceb8a7a53d71b33b96e69c2eb6bdd7ba2db458b20aed23f27f569dbc4c5fce72912d17ac76d44472b139be568a829","ssdeep":"","tlshash":"64e02ba1086894be542f818bc67167cdee72540fb9067407718c174c1f00e671171c99","size":347,"data":"","first_seen":"2025-08-18T01:45:23.318121Z","last_seen":"2025-08-18T01:45:23.318121Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/gtag.js?id=G-B2LTNVGC4L","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"33a9b69f784501cdb8a0c58f2f68f6a7","sha1":"fb8b0370f498e49e017f289cae6bc20234f2f4b1","sha256":"c94ca6d3c3db11e31bb31538f7e733db40d5b39e0820fcbaae6d847037b4428e","sha512":"853010d8f3d78252f634b29716930399b982ac4b1555eefe60bc1c1a48d157dc573805c685fb7b1de72ce32c7750f690777396a7e941b22c2742e2efb661b1f5","ssdeep":"6144:tkDe7WbEbUAOfns+vZcMDYesTQT8PVMxPMbznmsCt:aDeSbaU1s++yUHn38","tlshash":"4d841ade73c674665396b478803f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","size":381492,"data":"","first_seen":"2025-05-03T07:00:02.073922Z","last_seen":"2026-05-16T08:12:03.614131Z","times_seen":2521,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce94b2bd5091972d57a79b9ac3aa8f01","sha1":"0fe8d3e2e69e0bbc01df8577ffc3600a0435a5e6","sha256":"8b2c92fa363114af874f8598bcd16934d2404a8c20473e31a5d7a4e63e13fe94","sha512":"01a40dabc2c7a14191aeb87d093748a8be593f73822ca3f2e4d1e2ed028865ad1269bc2c043e148904897abb75e74d4e48b7fc18b61d4e47b67dc447e37219f7","ssdeep":"","tlshash":"5fe02b610864f4ba402f818fd67167cdee72580f79067047710c13483f00f631271c98","size":347,"data":"","first_seen":"2025-08-18T01:45:23.319935Z","last_seen":"2025-08-18T01:45:23.319935Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f4c15b7a700d02d082e616f959946ab","sha1":"e609a237c6abdbf85394698fa9488208380df012","sha256":"969c22a784b5b067e35b423c263e57cdf4e19da936b5b57a7883c8b9bb771741","sha512":"d92c37e98f4d337ecf3c3b63540aaf7a4fdc23aef12f24d34151fbce0aac42449c515b2749e65590221d3f1023ee5f0156641187ff2b247696cc1c5f47d6765a","ssdeep":"","tlshash":"f0e095e14c68943d412f81cbc77047cdde5b741fb0065446724c03c91f00e731161c94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.321568Z","last_seen":"2025-08-18T01:45:23.321568Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"aeece28fd2f5ca6f941430b9f50f0f55","sha1":"3b48a8cac221e6108e451fae496f03ea9b192d2f","sha256":"3fa102a296e3fdff6e1a3fa7c529c36fce24bf1daaaa92caba1161e23bcbef35","sha512":"3b2925d2a553ed23ba19911f3eb1e98740a5afcef6002cb4d0513c356e960cfea85eb090527e979d0a3bf0bc438c8e20d0e1d990f97ec158c8950676f89ecaae","ssdeep":"","tlshash":"fbe02b520860d4bd466fa3cbc57087cedd92540f70155445330d13481f00d7b3299e54","size":347,"data":"","first_seen":"2025-08-18T01:45:23.323418Z","last_seen":"2025-08-18T01:45:23.323418Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1d7bcf38920ce51e3ae15f9ae9c9519a","sha1":"1f143f96b5ba3a0266691db17eeb98e9d35cbf2f","sha256":"33a1984cc2844309c01435a0bc49f59755b607c302c0f3274651bfcbb32abec9","sha512":"ac72a7a79c494ffd1125600aa37ac6c4c41dd3e8667a61ef4033cde66c34ea5451eac14f6d0322a6b005933f8dbf72c369c4ac1d29722a9f8545a56f8263d0ee","ssdeep":"","tlshash":"3ee02be21c60d47d416fe18bc57057cded52240f7c065045310d0b4e1f04d6b1191c54","size":347,"data":"","first_seen":"2025-08-18T01:45:23.325034Z","last_seen":"2025-08-18T01:45:23.325034Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-16T18:15:25.197228Z","times_seen":279421,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bdc558813f430f5ea1a55262783bc120","sha1":"2f06d4c305709c4dd2c13695d8409bb466b39bfb","sha256":"be9e6b7af2e08fce73e6a117b3d057f8477f7ea5c42051b00d1eb0fa93ffc1c1","sha512":"541898decba68a92564b1c2c12566a88fc67acb62fdab67f24a59daa2bcfb04c4c063d9f8b809cb22d648d285a4e458800c78e1e48c6281fcbe9354dc0761f77","ssdeep":"","tlshash":"dce02be2096094bd402fc1cbd57157cded62780ff005a106330c076c1f00e6b11a1c56","size":347,"data":"","first_seen":"2025-08-18T01:45:23.326513Z","last_seen":"2025-08-18T01:45:23.326513Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e74f28be5c8473ddd3eb46a9a34adf9","sha1":"d0105607fcc8d0b77e928a5fa96403d9ee31d334","sha256":"d48a8141b043e7d566d7a28367cca55f4e6e0169a841e05a1454ce4a464d4b69","sha512":"bee300cf41b00c82629eb482a3f3458adf9bd4461b62f3dea85a07dd1d823dc4153029c2bc80917e437945629ebb5e286120b7b599fb56d60c2c17a2bd03c23e","ssdeep":"","tlshash":"dd11ab0865d6a995b753f039cbdf9846b135882b21ccdd04784ce3e49f2183947b5e8c","size":1000,"data":"","first_seen":"2025-04-07T09:38:32.671167Z","last_seen":"2026-05-16T13:00:14.080326Z","times_seen":2890,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"feff2f8f429f43a19a8bd2cb52e98739","sha1":"8f48ed3d546bda9b647ac2fd060d2e801e4dfa38","sha256":"e7420531b1691a20f53f9dc455f363313764821bb22fde64cca46327d758d895","sha512":"c2561e88d2f45c26eb9ce5c21271d116b1522a140790b228a5fd6670bd4000b953eb0806f70cb7196ac1422e812e47f55c4096b5b6ae24f86c29c8a18f128e4f","ssdeep":"","tlshash":"e5e02b550c68ac39452f829fc57087cddda2140f7047910d320c079d1f00e631152e74","size":347,"data":"","first_seen":"2025-08-18T01:45:23.328996Z","last_seen":"2025-08-18T01:45:23.328996Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/layui/layui.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f2f5acbc0888752ac36267bd03ed989","sha1":"ae52320868fbff98210a63b41145c18ec8efb7a0","sha256":"56e10ef4ad4959862f9965872fcb93aa5e06fdb5a58c573190310914c5a8ed1f","sha512":"39010b2183fc0b8988d30860e1409ea8f5510463b967b8a1cf94947048ab0f7c122a9245bb345704bba9eaebc7405a76c159f35b6654b7c5bb372bae9033f107","ssdeep":"","tlshash":"4c113204fc89a89c052a1344067f893ce4196d257344c0f474f6c1ed65f60da90dff5d","size":1000,"data":"","first_seen":"2023-04-23T06:53:11Z","last_seen":"2026-05-16T18:05:04.643721Z","times_seen":4842,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c40a44fc6ff59f1dad527068017ee456","sha1":"e006f3e2bad0cdaf81887ee8643d3452823761a6","sha256":"6f3b0a1aa8bd33bdf0765d4158335b7d32f55b66504f9c5ec54dd6f4915dbb8c","sha512":"2adce7b272abe6e6f5c6b3ce1eec6fc26a1da9e8161d34fa1c5d8c3869c15eb7e79d0c9ccbbe2e7778d3e7bae45a61848bc7898bf0b0c5d70a45a1bf634d4a5e","ssdeep":"","tlshash":"e2e02b52086ca8ba452fc28f897057cded52540f7005510a714c074a1f00e631151d94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.331269Z","last_seen":"2025-08-18T01:45:23.331269Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"15c6d7a314cef469dfffa11917f3386c","sha1":"c86985595900eecac757ce001e823123a6755430","sha256":"2805976b92b23312b93a854de4ae2c6c4da6bb6ae7d2128cd1c18374a786bbc9","sha512":"a265913f048a7d0472267d33f5cf602fab27658afc41fac83935cae510c989ee73228ea6751c601770dd59f88c339ebc13187d8f62310f06dc07c64a49b157e3","ssdeep":"","tlshash":"dae02e1a08acac79412f9acfa5b287ceeda22c0fb506610e721c035a5f10e6b2251c95","size":347,"data":"","first_seen":"2025-08-18T01:45:23.332768Z","last_seen":"2025-08-18T01:45:23.332768Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0c8774e8cf79ce457662ce7f0fc47436","sha1":"dab702c2066ebe0467182e759c984a023721c459","sha256":"1703ff444a69997bc4db664e84c44421a080079edadff18c3a426094a25f79f6","sha512":"83013d51b80150b86fd55286d8d3e12e0473b814ee5322499eb517b80f1369dc6577d4f0b08b2e6764f94d682e5368d8c3543db3c05f5f766509ac0e42a80394","ssdeep":"","tlshash":"34e02ba908689c79416f9ecf85718bcdde521c0fb445614e311c03495f10d7b2571c95","size":347,"data":"","first_seen":"2025-08-18T01:45:23.334327Z","last_seen":"2025-08-18T01:45:23.334327Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9b6329ea2e0ceebc7bc4adc1787ed7b4","sha1":"2d0cab855c16e7d2874e9525ecb97f0c406ab59c","sha256":"0dd59bd03de0c1bf1328e17a0bd31d18b61c291119ba1b7695d9bafff027440a","sha512":"0aeef0e065d628fb72ddb36aac78cd6431dfe97992be1e458003a061eaf69c1096cef888f965f9021e15690b7411371e4affff4584b23d33c4ce0ba02252ee6d","ssdeep":"","tlshash":"0ee02e1208aca83d413f828f8e7157cdde62e80fb816600a320c4b4e9f00e632252c95","size":347,"data":"","first_seen":"2025-08-18T01:45:23.33572Z","last_seen":"2025-08-18T01:45:23.33572Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/tbxw/js/zzz.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","size":50811,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-05-16T18:16:49.964293Z","times_seen":33403,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc168729f6c1afd1ae68cdb5f84891ab","sha1":"c14d61d3159cc008968ec48716eb7e796079edfd","sha256":"db11ee3591c7e3c7145c4855e18474dee9aaf8559cee11accb336135540d1217","sha512":"b17220a1c8bdd597ef6244c97bd6c3c85376fd12b73e620a17d20af62355d1ce89fa6e9d88425f035cdfb621ece039b8e8bdae4d9c63c3517283dafbe7760e98","ssdeep":"","tlshash":"b0e0c29208b8a839522f818f857097cded52a40b7006a04a710c1f491f00ea31151894","size":347,"data":"","first_seen":"2025-08-18T01:45:23.338667Z","last_seen":"2025-08-18T01:45:23.338667Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"676d311e04c2dbc74ac47dd753b3fcfe","sha1":"054ce46914deeb5e8c1e014189f0b0bc76b7ae78","sha256":"2aac9fb6058daec764bc848ad3fe74d7ab405bd5dcb722fef44be0a6a82a0f75","sha512":"ed1e954c1cb6afb9f6eead326307e8178f3d084c2e9a9a6e3d0b223f9599d3006a30645e58a24a080c799cd79dc71c0b52af16a41a1e7b4e8230461cbe55741f","ssdeep":"","tlshash":"dfe02b610ca894fe813f82cf85714bcddd72a80f70865009331c034a5f08e731271c94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.340116Z","last_seen":"2025-08-18T01:45:23.340116Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5c55fed8f338ce065d94035b8337a45","sha1":"bd7af7dad48691e0a8129f7133d9b7e69d7bc963","sha256":"701d94e492c1871b3fe4223fd41e29e7ac1e6e172bbb3e82161ed6c7bf389417","sha512":"73ba7ad34d04797b33c5e78df5ee1f670b8d69cada79450770dfa882b17b1f133e9f30d6df71b58f6f73ce266784c28f3b7d1e82b3205bc4ba81523abd03a27b","ssdeep":"","tlshash":"f2e02b1249a8a439627f818f857347cedd52341ff009e049320c034c1f00e631561d54","size":347,"data":"","first_seen":"2025-08-18T01:45:23.342112Z","last_seen":"2025-08-18T01:45:23.342112Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9590395622294a0325b2dbaf2abf1d32","sha1":"c9eeb70c08ba5e2e1bea796ae0c8e63b879732da","sha256":"3ee070447d68ca9febc6d2723e5806ef6996c0ae3fdeaf2b180cbf6c79971b08","sha512":"92f8f58c66395d2d28290d7eee780cdbe66f8419d07c530f59ff7d9158f80952ad4b59ea2960bc7920d1c1f0fe674654c304690e7ef10764251d22d2ee880d55","ssdeep":"","tlshash":"c8e02b11096cc8fa453f828f5774c7dddd66780f7401514f320c43480f50c6311a2cd4","size":350,"data":"","first_seen":"2025-08-18T01:45:23.343701Z","last_seen":"2025-08-18T01:45:23.343701Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7f2ee3200967e37ca9d1752d0d5edcc6","sha1":"c77f95e02dd5aa309957f2198e3644faebfd478c","sha256":"73e76b1db83375a8ce16cac82c8287f1525e622a0bccf42f48e25a41e7cda986","sha512":"d95a1f1a20f203542b8d94a5c449bab5702d94df366cbc50781ab43be898d17db5097fe0bd73057ae20293a8e7ba8137cb2bf7598af8ac79925217706c5d672e","ssdeep":"","tlshash":"f1e02e1608a8a839a2ef828f85b187cede72588fb006e04a320c0b481f10db72261d95","size":347,"data":"","first_seen":"2025-08-18T01:45:23.345169Z","last_seen":"2025-08-18T01:45:23.345169Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ced08b91225d829df8f507302e7fab6b","sha1":"80ab1993ed41a1ed300f7a9f7903345193b17e4b","sha256":"64a42c6a6129aba98a5f91f3c1fa6e822dd24a06f2b5b9f8293fde4aef6fd2ec","sha512":"7a0bb08dea6b300ad04b37bd11d381c78b3656c4f2d109c93023a318065cb44f2b639a7d60dd02236e574a0f132086bbab3976f631c5bd8f31e361d58bb59315","ssdeep":"","tlshash":"29e02e1308a8b87f896f828f85744bcddda3681fb016a00a720c076a2f00e731262c94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.346806Z","last_seen":"2025-08-18T01:45:23.346806Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6e6bd34dbde5030c7f81ad3125a34a0","sha1":"21b8f21cba1014c0ca7ebebcffe0c14d9cb26bd1","sha256":"6b59703c378324282307d003e5a30e04a20062a53af5a7d2a22d7f2b9e75544c","sha512":"1603fbe4d5f43cab3d6e18e43e12bfb163477c7bdd06da02fa894575a5fcd47e83cab1ab7dd26f6032e5b26a0d740d0ebdde39027e40e531a510cf1c8167a879","ssdeep":"","tlshash":"74e02b690d68943b4aafc58fc57147cdddb2140f74569409311e07481f00f671161d54","size":347,"data":"","first_seen":"2025-08-18T01:45:23.34839Z","last_seen":"2025-08-18T01:45:23.34839Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c083a6e2f1228449c84e4dc646cdce56","sha1":"b52d1ea184bfad6812550c0aac308949ab606ba9","sha256":"ad8510c79fb54686b80bdca75e28e60e5e80b44cb043bc38bd8bcb73657c9414","sha512":"8557d67ce3270f1f4a054bb9b4da9bd165cab45b4b21b2f1042e829fffdd54b84a6677b74d2358d03da1d4323d4e3f547101e1e3c990b652acc5273a5b7588d1","ssdeep":"","tlshash":"cce02e220caca87a4e2f83cf86715bcede76d80fb126a04a321c074d1f00e633266c95","size":347,"data":"","first_seen":"2025-08-18T01:45:23.350012Z","last_seen":"2025-08-18T01:45:23.350012Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"448291cb63ab771a41cb2e8b03523e9d","sha1":"3ba9b272956bc0f29291801b44192b84d7a9efc9","sha256":"e83ec035a05a7506dcd0f48930339f409d749eed08707e7fd265dbcc8d222301","sha512":"14ee8b30b0d5649bff17bac99f029798fb7f6ea86e10601d48de1a7cd68c27343ca24e81fa72f5d84f821c38e83dcc2c9fb455ab1bd0ede2e6c52b4adde62462","ssdeep":"","tlshash":"e2e02bd30d68a4794d2f838b897447cdee92140f70069049310c875d1f40da35251f54","size":347,"data":"","first_seen":"2025-08-18T01:45:23.351553Z","last_seen":"2025-08-18T01:45:23.351553Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4469ad83443dacf96d981fd7acc1906f","sha1":"0b40d16f4c013865e96df68961ee3f4a4ca677a5","sha256":"98d5fe625fc72fd02c6c927a3a3a2f70d0f558a3019a55fbd2bf13578f33c3e6","sha512":"71f8ced532588d3a8ae35c8019de294fe247667985ee7b0b5c27b5dd5e83cdba18c84fd3d96ebfeddaf940f2df93a6a787365be80bd24c916109df7334437d01","ssdeep":"","tlshash":"d8e02b1509acac39492f87cf857097cedf53580f74055409320d036e1f00deb2195d55","size":347,"data":"","first_seen":"2025-08-18T01:45:23.352859Z","last_seen":"2025-08-18T01:45:23.352859Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"132d9cfdd4a2c2ce354a7048c5cf8961","sha1":"8870dce7536740f505bb92748f0dc7eef3efba3b","sha256":"529c468b57f2e9193cce60c89da0f9d51d70201b2c1312fba0dd8e928a8a68b4","sha512":"306f69f0187fa35647033c6419a4d41fcea489c1091d5edaa3f1ed8ccb0981e4e5adcc1ce4baab058bebeeaf968954a691b06729c3c0cc278dea7fed5fdeee19","ssdeep":"","tlshash":"52e0c76208a8a8b94d2e828b8570c7cdde62280bf50ae00a328c03881f00d63266a898","size":347,"data":"","first_seen":"2025-08-18T01:45:23.354221Z","last_seen":"2025-08-18T01:45:23.354221Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fbb76f222e01ce5e46111deab320f8dc","sha1":"ab88b071758a58cb9fcbed579bea3ae28d71d7df","sha256":"09c0f9e670a45f0713a5234ac735ef7c0773a2850c71e761bcadbef6cdb74c9b","sha512":"e915699bf350292ba7873d1f4ba217b547605bc22d5fba62fc1dc48a85ba97867d0324d64c441626546f61198c33ed7ccb6c80e65fc51d5c82cedd82199e96fc","ssdeep":"","tlshash":"18e0c22a09a88879892f878bc578d3cdde66244f64025049710c474a5fc096a1255895","size":350,"data":"","first_seen":"2025-08-18T01:45:23.355494Z","last_seen":"2025-08-18T01:45:23.355494Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5eacd8512e9f6909a4aac7f167f0f3ad","sha1":"46afddc15bde31a2117e96d5ffc876158f2c4950","sha256":"c7b5a3e7dc67e984ae015479fe2272440a1516b4373c6fef8e1a7120e37fe727","sha512":"8f58a1d9cb4505da159f6268012b082aae96602ac6ecad2e6df714514f6b5b04323cb23b2f79c6481a2af4d5caf4e7a9158cc45ec22f91c5ae0903787090ed95","ssdeep":"","tlshash":"15e0c21a08f898b9892e8aabc978c7cdde56240ba0069009310c038a1f00e6a1659854","size":347,"data":"","first_seen":"2025-08-18T01:45:23.356881Z","last_seen":"2025-08-18T01:45:23.356881Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d329847c53b74bc73b0ca73a4e63d2e3","sha1":"a7245f5bd0fe04ee515a07c95930e96035707917","sha256":"3759c51a6a6abc0826d462c5b5e22e6eb8230305c44f42a3e33f1d8bd6d349ce","sha512":"ffa2bf3157b0f358bc3970a471cbe0838b3e1949c836f77d96731342b7ca13bd486ca0a987c5df452b3bfc1398011f2011d13c6d5b21593b4a98101910660173","ssdeep":"","tlshash":"5fe02b5208aca87d4d2f938b8770c7cdde563c0fb0165049335c07481f04d631959c59","size":347,"data":"","first_seen":"2025-08-18T01:45:23.35824Z","last_seen":"2025-08-18T01:45:23.35824Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"12a8230286340618a5fc4923682ca11b","sha1":"4b3521cfd2326683682a23b9695a4372501a9b07","sha256":"dafa94bdfe4440b4b3b5801dc0c085bc3609198d542a872a3ea37365937cab55","sha512":"50d4045448b9f0e1bf5ff42ac9a31af1ae024fd6cc1abc69ad0f76c716efb15578faf741ff0ed147360f4d7f42596d27c600edd077f03c4193a1b0889f3b250e","ssdeep":"","tlshash":"d8e02b1608ac9cb9492f878f867197cdde522c0f7005600e310d074b1f00dbf2555c96","size":347,"data":"","first_seen":"2025-08-18T01:45:23.359661Z","last_seen":"2025-08-18T01:45:23.359661Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a68886e7f7b8069ee1fc66486bf344d4","sha1":"7d26eaa367e8a67df52ea709ef9a87100c65b4ba","sha256":"ab053aa2c0da8823c3d407868fd9a31dc21ed14e983a9acf49c5e22979a22ab8","sha512":"76737ea3d2f24c35cebac0b58cb22bfb8d8defe10e2296a31774386aa8cc96eb14cd81264a4953411fb06a1fedc69abcf42f5b9ccc7d1cdad058f45243598c3e","ssdeep":"","tlshash":"00e02b5208b8a47d896f838b85708fcfdf52140fb005600db30c03491f00f632559c55","size":347,"data":"","first_seen":"2025-08-18T01:45:23.360847Z","last_seen":"2025-08-18T01:45:23.360847Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4febd5913e5ca700b582a66f338847f","sha1":"6e6b6deb22cecad7787463fd9b2f271e81f4a6f5","sha256":"a110cdbf2c07ec0e84913b07d5424d427b62a1ff3dd8fd8d709f330864876ab5","sha512":"1ded93cd41586dd4b3a69217941b4eb8ef05291f01c8983a4e3a119ed10dabf01bdadc1664f515bc5a3bb3717b163e3cb6c7a15f7c5335475fe40f505fd41eef","ssdeep":"","tlshash":"4be0c2610c6c98be4a2e868f8675c7cdde521c4b6009614a310e03781f00e661265d94","size":347,"data":"","first_seen":"2025-08-18T01:45:23.362607Z","last_seen":"2025-08-18T01:45:23.362607Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"57c84387cd9424c4cb57e115386d1b90","sha1":"72f2db6a91b56fa1095b27eaf5c80d6cde6b9aa0","sha256":"b2fbdceeeeb2afe9848d16a1d85649f3b6fc1689f0424c416b87dcebcf8701e7","sha512":"04626291bbdb50a64dc2cbf9553f4d244df871d940777ec1c6087a1979f9d466039b8ba90f3a30103eceba27ad4929e8720173c3fc9fc8b72a652e195e015a04","ssdeep":"","tlshash":"a9e02b520c6cd47d4a2fc38b867887cdde62140fb105710a720c07491f00eb31271cd5","size":347,"data":"","first_seen":"2025-08-18T01:45:23.364269Z","last_seen":"2025-08-18T01:45:23.364269Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6db52c29fcea6c1ae7d012bd1dc6d77e","sha1":"eb0b87ad5d1f8bca800886bf0a880043b4d9ec40","sha256":"4e6e4c45a8c5b4fb938aba21f30d9db17914dee9cdfd5276b9e3ba4921d95968","sha512":"f674b08be1247850f177d0728f1ed94c396900b79bd7343494f45edfb23506b3d156f8c5e440bb96eb3cd6f60f8db51914d29be4fc1219f2cdb511f9dc952821","ssdeep":"","tlshash":"6fb09b530765c87495fd5140d5951848d5450c1b494c96ed314c41909b5c5672419144","size":128,"data":"","first_seen":"2025-08-18T01:45:23.365908Z","last_seen":"2025-08-18T01:45:23.365908Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2dde10d245b658861b61039211f9194","sha1":"6d2b4acf4a722e46465f8ea2fd2ccbe6b9b7f14e","sha256":"11e2addc0929488b42391e2b8ad18bc33e7f1d2fae6d026f26133eefb760463c","sha512":"19a796dc996b374a53646f359bf256a94f43cb8d2d4aee2a062c92b748a0a7095ef7f30ada3fcca3104be3aa2ad34792d36b129266be2bc43c190cbf7c49db8c","ssdeep":"","tlshash":"beb09b52175584705aec4141d5a91408d5460c1b8c4cd99f714c45649f142772419504","size":128,"data":"","first_seen":"2025-08-18T01:45:23.368025Z","last_seen":"2025-08-18T01:45:23.368025Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250331/2025033121100523764.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250331/2025033121100523764.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 31 Mar 2025 13:10:39 GMT\r\nEtag: \"c86b364405e8853e95860dc9987a6d21\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 13:02:31 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 80425\r\nContent-Length: 103568\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12713764380637010480\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103568,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c86b364405e8853e95860dc9987a6d21","sha1":"9f88138876b25b7db8e2a0eec7b3a02be2396cca","sha256":"f0c560df3b2dfcc2633021563904877d8f72e8d89171bf3b7852683b112c391d","sha512":"a38d7192b7edf1cea5c3b27b7df3c2c2d156e1bfc4ccd0e1020f80ad4babff03b228074ed3bf4dcd712d7b76409163bf1747d647e3448e0cebf6d10eb48f9083","ssdeep":"3072:W9SUv7pzjsOBMI0HfzhzJg/jaZxrs/6bDk9YGQrC:jW7pZMI0HfztaG3IfYPe","tlshash":"b0a3025829ccbf88037e46afe5cd4ff143846a4b0cb5866619eca94ac8db91d5fc871c","first_seen":"2025-04-05T00:13:31.821697Z","last_seen":"2026-03-17T23:24:32.433614Z","times_seen":1764,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.aazfwxb.xyz/api/event","fqdn":"stats.aazfwxb.xyz","domain":"aazfwxb.xyz","tld":"xyz"},"ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aazfwxb.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 03 Jul 2025 08:45:52 GMT","end":"Wed, 01 Oct 2025 09:43:36 GMT"},"fingerprint":{"sha1":"6C:BB:4F:2F:16:2A:53:60:FC:B9:6F:67:D3:6C:48:6E:0D:7E:83:D3","sha256":"49:C7:EB:51:26:74:A1:72:4A:8E:55:69:14:2C:F2:A9:43:2A:05:FA:4C:48:E1:B9:04:91:AC:CD:78:54:DA:28"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: stats.aazfwxb.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 120\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 202 Accepted\r\ndate: Mon, 18 Aug 2025 01:44:53 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 2\r\nserver: cloudflare\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: GFy5HfOTupvUfAZj1UWB\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x3%2BPZxCbsmcf7NEAcoxr73n61NHzgwa3YGmPCb2uU2jRgDzMpzzCbkH1PpREHU8%2FUl4%2BL1CSRbk43ZAX6a1JyO7Ft9XO9eiOMlHRc%2BACkQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 970dba81ea6debca-CPH\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-05-16T18:07:33.873399Z","times_seen":412532,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":47,"dns":1,"connect":0,"send":0,"wait":434,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250813/2025081320533244783.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250813/2025081320533244783.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 13 Aug 2025 12:53:36 GMT\r\nEtag: \"ebbcf4c3823827782c3ef22e3711d317\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 00:00:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 61\r\nContent-Length: 184880\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14684117858193958030\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":184880,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ebbcf4c3823827782c3ef22e3711d317","sha1":"2c74ba4589f3f91abd608fb08f76ab7b8b1d0011","sha256":"a3c8bd04b8e9d0e4975d2759ec8d9cb9d55d93c0f3e09eb82e4fb763570b44c3","sha512":"4f79752c96889be4d95b8bb286c84117c3a6581c3ceb37a6b1be7a411d7336d12ec94513eb60348cc6da3580881429645bdaa82774a0ab98189fba4dc1517c47","ssdeep":"3072:WJlG4g6LzIzbgVlFsKUd1Ly0LL/nD+Es1LOi2k7hpKJm/a+bdp16XIRv:WJlGCIGlaKGWMzSl16kv3a+pp1GI9","tlshash":"9104239085645839fdfc00ecfa33b252bd1ee33f6a9cd1d82b99e5d44e9e9a20343145","first_seen":"2025-08-14T02:42:28.170111Z","last_seen":"2025-08-18T01:45:23.192819Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":12,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250807/2025080722164947931.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250807/2025080722164947931.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 07 Aug 2025 14:16:53 GMT\r\nEtag: \"2d4296acc2c77341c8d5e8ee9357c620\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 08 Aug 2025 05:19:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 145\r\nContent-Length: 87952\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9061304192259853132\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87952,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2d4296acc2c77341c8d5e8ee9357c620","sha1":"538cc3b6eb0643b91995e56f768d74fcfc74d5de","sha256":"69b2c9a750bcfd33d43916abded951e3092634b2ddb8ba4e14f2625030390ed1","sha512":"35324d06f673fcea97296ce6b3d95f77d5991be8244114410e309bad3ee050836718177483c8be053c8a16a854dc71e5548c04afcae774dcdc56b52dbb1e94c2","ssdeep":"1536:pnDD5K9FBbH6MXkzxn9WLhtyEyHuVeLEag4H7EOBOzrj4YXyzM9jSSabVlgSVS0:pnMnBbH6MXskVoEyH4eo2oO8zrcET9Vg","tlshash":"1d8312d1f19f851b1422b62f743c8cfa94571795f2a08a57b880f43b0b68fbc895527a","first_seen":"2025-08-18T01:45:23.197603Z","last_seen":"2025-08-18T01:45:23.197603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":13,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250813/2025081320180438915.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250813/2025081320180438915.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 13 Aug 2025 12:18:08 GMT\r\nEtag: \"2f18a64a95a8ff8f54a5ce3e8b2ede14\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 05:15:03 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 717\r\nContent-Length: 171936\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3163650029750844178\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":171936,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2f18a64a95a8ff8f54a5ce3e8b2ede14","sha1":"0b5ce238382d3051ffb784a1ed46c54eb5a19664","sha256":"33aa17bbe889b25e7507c38bc94c28b8630045ebc5b6cb76182e3bc9c11da49d","sha512":"fe86303ae19673c0244132209b7d764edf499588e9263d1f203be9c6b25eb08a2673626477d1b335bd231e39763d7993d24924d9a52a9fc3670c37e1b93f49ef","ssdeep":"3072:JIzhsKXL5T7WUTHwlRYBgT4vkYkb2/nsByq8g7lxQ1bWEyAwACxs2VLIcUZ:EBtT7jNgT42bSnayaxqPyAwVY","tlshash":"47f32281df1f2018f32e0eb68c04804ff4fcee5dad45c6f7a99644f928a9b5521d61a8","first_seen":"2025-08-18T01:45:23.200976Z","last_seen":"2025-08-18T01:45:23.200976Z","times_seen":1,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250809/2025080916150124309.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250809/2025080916150124309.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 09 Aug 2025 18:00:06 GMT\r\nEtag: \"409b79f1464e7afcebfa5d982e93ee06\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 09 Aug 2025 18:01:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 274\r\nContent-Length: 106320\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14239974783582648762\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106320,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"409b79f1464e7afcebfa5d982e93ee06","sha1":"87e0991102a370bba5b83bceecfa9ee54d0d116a","sha256":"58bdc0f6ab72f15f7274177007f8ac523b87f95835d9960f64a0dcb7d56797fe","sha512":"ce423a385f5db54f73455b04e9f06e4fe980f87116ef4890d60d9894effe3458b8e0248c360ab8ae4fe1a4372a31a28cc001e56f507690923bf0f8268da8fac9","ssdeep":"3072:FjEY2adL3MpGT8R5I+PTkqQhS9rcAXY0YAL8:Fg6MpGYMDqeSvY0fY","tlshash":"77a312826c0ae74e2b33018f98821fb457b0593bb0d3a7d3c472a9bfc1e855b99575e4","first_seen":"2025-08-18T01:45:23.204464Z","last_seen":"2025-08-18T01:45:23.204464Z","times_seen":1,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":134,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/position/20250808/2025080822350512706.jpg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/position/20250808/2025080822350512706.jpg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 14:35:10 GMT\r\nEtag: \"60825ab94de670ef620cc014ca62a745\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 09 Aug 2025 07:45:17 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 794\r\nContent-Length: 93520\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6719436589498441871\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93520,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"60825ab94de670ef620cc014ca62a745","sha1":"4e0c66b08f1fe36dfa3a22e8867fa507906fff1e","sha256":"3830cbcc821bf1a2e935de9c44ef59549fbbac5cedaafaaedbe258d14ed0f430","sha512":"fb1583b3f965b3895d07ea24fff91ede3d52ab735c1f185004d1d80b505405a1cf517938778b18e8dcfb712941bf61cd08594df83704a76c321561262b9f6b01","ssdeep":"1536:AL9kJe779GXJSle+vJ0/CCZLpu+K7v7ZwWGfBx579pRekgC3CG:ALuu79GoWaCZL4bVwWWj5RpRekx3CG","tlshash":"e59312401b9f18487ae5bf9bd1a435b06e73cff2dadbb1950e4ad5387a4a7e90c10c44","first_seen":"2025-08-18T01:45:23.207522Z","last_seen":"2025-08-18T01:45:23.207522Z","times_seen":1,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":135,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250808/2025080821024050577.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250808/2025080821024050577.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 13:02:45 GMT\r\nEtag: \"9cff40f732efca82ad566673637995b2\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 09 Aug 2025 04:30:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1508\r\nContent-Length: 105424\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4574414077936545435\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105424,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9cff40f732efca82ad566673637995b2","sha1":"d01068f844cb23d3ef4cd42cbf118dffbd339269","sha256":"f55fd84a3f86f4e33bec7c40b8cffb30d23e0083ae2187dfb8ceeba85d8e8b44","sha512":"6ae0647dcff923bc1e4a8f425135df805501f9596bfc58d33c676ffd944255a3d14c598fc6df8109c692cd980a7842f5e8adb726625e986171bf6cf98c93f142","ssdeep":"3072:rUhXCUbzGlcsYIPD9FXPuIjwa/2sGt3TbZvlmIdKazl6:rUZLbzGes7Dzljwa/jGNTbZvlmzsg","tlshash":"60a312d9beef00b6f756097c747a394e08d6b9bd7260e3f804584e84ab0021def59b16","first_seen":"2025-08-18T01:45:23.21034Z","last_seen":"2025-08-18T01:45:23.21034Z","times_seen":1,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":139,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/tbxw/js/zzz.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/tbxw/js/zzz.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:18 GMT\r\nx-hostname: server-8\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-c67b\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: TTTJI6VkiNcoVQWGGkSPYxYsUx1eKRepK1LgNU8ok1zyWu9pghd0OA==\r\nage: 813\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48316)","md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-05-16T18:16:49.964293Z","times_seen":33403,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250817/2025081721184669689.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250817/2025081721184669689.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 17 Aug 2025 13:18:50 GMT\r\nEtag: \"256a831e28bfe3b3d148469b683d613f\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 17 Aug 2025 22:00:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 122\r\nContent-Length: 163520\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 627102869727632014\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":163520,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"256a831e28bfe3b3d148469b683d613f","sha1":"e65ca833740724ee23c5020aea18858d4345e061","sha256":"3908b5597be8e8e7abf24496005b2aa92fb296db6839c65b7705530ce1f72901","sha512":"a7892fa1e5ac64d855b247985758f24cb787f12ba22e750412d6adfadc93eb2997eb128b590f8006d8036706e9d39a8c464d43db3eb5468982c8f5a49b1f0395","ssdeep":"3072:xYfQHzDoTpoRwfodF5B17GRP4E91cn6ZAybQ/AFjFCJxwZ7OCFd7F:xYWzDoT+RTT16RP4EXc6ZAy0izFFNF","tlshash":"1ff312b968055ee659f33de66c44244c02719fdafab93b3e0f48359f900a44849e22bd","first_seen":"2025-08-18T01:45:23.214225Z","last_seen":"2025-08-18T01:45:23.214225Z","times_seen":1,"resource_available":false,"data":null}},"time_used":487,"timings":{"blocked":225,"dns":1,"connect":12,"send":0,"wait":8,"receive":22,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250813/2025081319004898819.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250813/2025081319004898819.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 13 Aug 2025 14:00:05 GMT\r\nEtag: \"9a18f8e79c0e4316ffc4f188c31cc6a8\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 13 Aug 2025 14:00:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 430\r\nContent-Length: 190992\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14779007983048639297\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":190992,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9a18f8e79c0e4316ffc4f188c31cc6a8","sha1":"70ef2cb82932be34040075b846c842ea50509565","sha256":"8e7ecdd5f695db577fae12bc46f8d9ff8b17c652ce1f88f831668fd88a3f276d","sha512":"5f429a01989d6fb8b3eaee613e9bccc536c9be0845e04cab091a647e8c5c84e16f20e37e5c7242623b93ca788bb784078148e25b9708fddf785e447a3c960f3e","ssdeep":"3072:26AUwY672hjXVfHkbghK2kq736KEDn/59QPdR2dqifo0eKNa/FGhgA8zh+NneDTv:dthxLhkskS73pEDBSdRcqC66Fch+ETzD","tlshash":"3214125cef9b6b063ae12dd0cc98d0acf15d592de8b306714bc8205c5a67df28da1af1","first_seen":"2025-08-13T14:46:48.768217Z","last_seen":"2025-08-18T01:45:23.216634Z","times_seen":4,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":124,"dns":0,"connect":0,"send":0,"wait":14,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250331/2025033120580351818.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250331/2025033120580351818.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 31 Mar 2025 12:59:20 GMT\r\nEtag: \"be61f57858733098febe58b1d33da29d\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 11:19:56 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 180\r\nContent-Length: 81984\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2638465559229241483\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81984,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"be61f57858733098febe58b1d33da29d","sha1":"f30a018c277eaab0d91bb45b25b4302d8c138102","sha256":"d9b16ea579ee06ade19831e9964aea66d3ceb755b5850bb8ca6f785027ba80d1","sha512":"9e05e58c1b3a00e1fcd74c6872a3d791da15ad14589a3f1cb8f4d42069d0f1f3455de0f80cbd323e05f7146c576d6f12e2c6d9daf44b7129ec85af03ac4bf00c","ssdeep":"1536:DXXHWJP1922NHr0fKC9pOJS0RpJkGPvoFxkSIGlSSw+BOMtUNbtq:DmJPT22NL8J0/JPPYiSw+oCU5tq","tlshash":"7a83126d03d0a6f422f0a88195da3d9015c7394188b799cf3be0743e30aaaedd6ccf16","first_seen":"2025-01-25T19:22:49.058341Z","last_seen":"2026-02-20T10:59:53.229295Z","times_seen":1891,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250726/2025072618203252457.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250726/2025072618203252457.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 26 Jul 2025 10:29:08 GMT\r\nEtag: \"4d1f3ca0e2ed55519fac72d5d8ad7585\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 10:29:53 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3183\r\nContent-Length: 122272\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5290810033979648996\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":122272,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4d1f3ca0e2ed55519fac72d5d8ad7585","sha1":"1e55364bc45b0bec73291b29673cb19db5ae662e","sha256":"54e1d16943b8c28ab5f3e2c3bc71f53677c2ae03b76aa1023c41c7c0ed297922","sha512":"9d687e38532be6a45e1403e1aeed30a55c11ce4243c8a122a719b1e2c4539784b03afa4de34bfabefe715de08dc5aa94bc4debdbf10dcf10d7449117212218c0","ssdeep":"1536:X+HLPM/xNVYNqKMnCz2li33MVWuM2RiYnOExJXh11YGOhvPqTA94J9MlmiIPT5ZP:Og8zBvM1nBRYGOh3qTp9MUiwZ6ul2cz3","tlshash":"85c312b8d71e6102345daec6bc82c04566ea53b9a781e48b61c2f335c25dd03ff468e9","first_seen":"2025-07-26T16:15:42.435194Z","last_seen":"2025-08-24T18:31:39.372734Z","times_seen":118,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:24:00 GMT\r\nx-hostname: server-5\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-14e4a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: WAPfEwDpfshLygSD460s54MNzls_dsXH0SXSBl3sfg5RmAf0B4ckFg==\r\nage: 1251\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-16T18:15:25.197228Z","times_seen":279421,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250813/2025081321481993760.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250813/2025081321481993760.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 13 Aug 2025 13:48:22 GMT\r\nEtag: \"bf1aaf41231c71c8d71edc8f6d565889\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 06:45:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 193\r\nContent-Length: 106192\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9919682852331318056\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106192,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"bf1aaf41231c71c8d71edc8f6d565889","sha1":"2a2c84bddb7970b36e5dae37a83fdea3b0271349","sha256":"418210972c6e710aa1bf2636b3c336642afdfc6226faa7cfbcfc172152d42db7","sha512":"978d592d94d3c4016bb6898245e64f4cec80125a6e9276128c2cdf74f8d3ca98dd78ad4f173c9709022c5ae4a405e34bf7d99524af7b0745f65accb9fe4d0fb9","ssdeep":"1536:LS0TL9tBqJ7coMKyeoi0pRM7rgTCmpACPdN6uhmM3NJ5aln5dNqa742Tg:LzP9PybMde6OUTCmpdTmENzaLGeg","tlshash":"78a3029851ba9530f49da41bee043c0679f36aeed141e08e910b736e01e5c75e928fba","first_seen":"2025-08-14T07:49:17.793232Z","last_seen":"2025-08-22T10:12:58.085581Z","times_seen":4,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":116,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250811/2025081122515154169.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250811/2025081122515154169.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 11 Aug 2025 14:51:55 GMT\r\nEtag: \"e713f506b8bc1cc74371efb0e240635a\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 12 Aug 2025 00:00:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1013\r\nContent-Length: 86928\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7814624267012272519\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86928,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e713f506b8bc1cc74371efb0e240635a","sha1":"3f1eea71d3b0f65ebb69c96ab633ce591f8515ce","sha256":"43619d690073be14e0fb86cf19f9c32a78cc5f4306dd57d67933a3b73f654046","sha512":"d10842c2be11d8f9a75e998d8ba2e522ce5429d3718dce10e1612619b1692d995f2dfba87f859375afab0c6c491cdf8b718b4fcb5f2896b35b46ec82bff1e32d","ssdeep":"1536:2HjHl6jztL0KdiO5NhWL2hZosCcXQGGwJMrpuyBRHNagkevT5VtA2J9bxVKkm:2rl+LtyPohGfpuYRwATFAU3xm","tlshash":"c183129dd7c32e224c11b4db690aa98dabf1762e40cceceb1c51b552114a04e372deeb","first_seen":"2025-08-12T02:48:46.105774Z","last_seen":"2025-08-18T01:45:23.221934Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":123,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250517/2025051715143399078.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250517/2025051715143399078.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 17 May 2025 07:15:54 GMT\r\nEtag: \"e3e4b49b1edbbe44bcc1cfda9f7a5c18\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 15:05:34 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 73044\r\nContent-Length: 588992\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15602164561085574999\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":588992,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e3e4b49b1edbbe44bcc1cfda9f7a5c18","sha1":"2602a188f9222012333f5342efde8ec885575ee8","sha256":"2a78045910fcaf4ddd06b7ed4012586031848e59da2cdd1a69743f0a8a57b073","sha512":"c871d753662c06b241a0a4e2d4603977659299cb851701aac68cff4247f49daadcb4b88690982293160552240049a3cdbe9755bac343471e0c81e3deff1a60bc","ssdeep":"12288:Mf2vaUnfvUr1Pl+HIpGbTT9zXpEj7a4CL6iFuINRnA3IXadzr6kep4K:Mf+g8bdzXCXDeXYb3IXa51ep4K","tlshash":"0fc4233586b539a472963f1dae5e6a130bcd3abe4c479668ba120ec50733e3c5350b73","first_seen":"2025-05-17T11:20:20.63672Z","last_seen":"2026-01-25T20:11:28.702256Z","times_seen":1614,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:31:22 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-1cc5\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: yOd-u_ikiFo6xtwkRdG5zdO85Qshwv270H6H2vsZMZjNFOZPOG_t2w==\r\nage: 809\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7365,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7365), with no line terminators","md5":"e9078eef34fe9a44e44bdd55b48fdc55","sha1":"73ef00229810ee179915661786d9b66b7fc2d568","sha256":"ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f","sha512":"dbf200ca6effc6bee2f7e8f516dafe6b25fa66093f19fff117a8bd87732a3ca0206480319d5f733eb07d18f564cba1dfc6143587cbc5ea1d5d370948d8ab3921","ssdeep":"96:7OyDQi4ijYyC43i7hlVVZ4LyLk5bYsBE2rBOB:7OQQfyPCoiFVqHbrBE2rBA","tlshash":"45e1cc71b1542cd4702bc222b4a87cbfaef8dc02dae3265ce5b8621b85c15b7957d34b","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-05-16T18:16:49.994023Z","times_seen":33237,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.njzbzmfg.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.njzbzmfg.top","domain":"njzbzmfg.top","tld":"top"},"ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-18T01:44:50.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"njzbzmfg.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 Aug 2025 10:51:00 GMT","end":"Fri, 14 Nov 2025 11:48:14 GMT"},"fingerprint":{"sha1":"E4:0D:56:EE:97:93:B9:5A:D0:77:7C:D1:29:DC:56:A6:46:3F:E7:4D","sha256":"17:CA:E1:9F:61:E8:ED:1B:B0:C7:6E:93:91:99:A1:E6:9D:D0:76:A7:E6:4E:92:AF:C2:24:3B:D1:B9:87:8B:06"}}},"request":{"raw":"GET /tag/%E8%90%9D%E8%8E%89/ HTTP/1.1\r\nHost: d3bqx5dvn4460l.njzbzmfg.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Mon, 18 Aug 2025 01:44:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y%2BTZPf0%2FXtkjfdeT6Yg7SLMuzDZ6EVJSPkajG0hofdb2k%2FTyvUeA9x6RrG7HAXLBElmMPbC3CRtqqDbVebJWNgoCGAk1EODsd6qJ9K%2FxGbVR2PLBjoGgrSo%3D\"}]}\r\ncf-ray: 970dba740a89ebcd-CPH\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160484,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T19:15:02.391625Z","times_seen":15292673,"resource_available":true,"data":null}},"time_used":1225,"timings":{"blocked":397,"dns":327,"connect":26,"send":0,"wait":431,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/assets/DPlayer.min.js?v=2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.js?v=2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:38:46 GMT\r\nx-hostname: server-8\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 09 Jul 2025 11:41:02 GMT\r\netag: W/\"686e554e-4a62d\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Y0C3KaA4bz5n7Xzd7Glw1LDEe3EAJi4wGbArenrfpT52MgBYi4Csrg==\r\nage: 365\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":304685,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3389c76a9bdfc175b2320c69cb50c3f3","sha1":"a3c1bed703ddcba1d5500f026f3a5bf5dc047423","sha256":"b69684e66805160a2699b8b414758f48136a177165ce426dcdb3e59d74277932","sha512":"fff709842ee8deefa4a78345b0a3d1fcfc9db48ecd61b2ead709db1df1b2f309252a43e456178dda7da55fd39be9d00376806f3a9e6f41202a2889d52f04eb97","ssdeep":"1536:PFri4r9aKySaa3rzg7hSwaKySaa3ref7j3MEwOMEa8vTDadMcBjOsCSwixK1LzVj:HNDyMgjKbixKVhjLIR2INivkS","tlshash":"2654b20b364131340262afe8c6db534a36347310e9729729f65ef9de8f9d84c6427b7a","first_seen":"2025-07-10T19:56:45.010303Z","last_seen":"2026-04-12T07:27:23.699813Z","times_seen":5326,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20241203/2024120321043549510.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20241203/2024120321043549510.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 03 Dec 2024 13:04:56 GMT\r\nEtag: \"270c23bb6b155cc2f205ceb7711dad31\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 21:03:32 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 51567\r\nContent-Length: 123872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6523970766174758833\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":123872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"270c23bb6b155cc2f205ceb7711dad31","sha1":"7a210bf1c6eed26d1b0ceca91a5e301651c0f60d","sha256":"d5eff0e960dfe769b56c7b31cad6194dc35c03b9860c88463601d0a803d81850","sha512":"76f1616cac5ee10c2d9792e292f63f2cbfed718c83408f6166a143578e7889539080d616d396a8d7c1af24eec83d9ff46b42fde8aabd0d1edeaaa7406b85b741","ssdeep":"3072:/W4f7Oegaj/Mf6R0nPKOB/ARD7uTRXTVjus4GXiGH3L1RzsjnsmCebYV:/Hf9xj/KtPx/aD7uT91/4AH3zsjnNMV","tlshash":"6dc31343c56b627318594543c1893faedc17c803faf66608c86ef9e9d116bda9a3c3d8","first_seen":"2025-02-02T04:28:56.959782Z","last_seen":"2026-05-16T08:12:03.630076Z","times_seen":2055,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-5\r\netag: \"65b36999-3fd8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Q_iSSy10IXhI7eSd0xMxF9fMmoCyk30r3O7phTGw4hhTAShqAzcZEA==\r\nage: 253\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-05-16T18:16:50.00793Z","times_seen":23183,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250808/2025080822585940885.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250808/2025080822585940885.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 14:59:04 GMT\r\nEtag: \"1d79fbf2dca9e36ebb64a1e517dacbc5\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 08 Aug 2025 16:25:03 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 135\r\nContent-Length: 150496\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4546652683573378189\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150496,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"1d79fbf2dca9e36ebb64a1e517dacbc5","sha1":"e9e476b937e9851a6d799d063100911ac315a32d","sha256":"cab4db1bc02ccf4cf7dba03d3bcb6c28b7cdde08cefd053af29290426beb9fc1","sha512":"008020a1e3ab8ea5721a13f900d3320f716ed953084822f60fb1fa9e4bf4e9cc811c55648b00e7678b479526b05c4a42cd9eabdb46fd799ef5fe1b6ccf5aa59a","ssdeep":"3072:t/wnv2qHE+qPJdFjnF9H39hGLeeiQZ+VqnLI5O4VVw:xwnv2qHEltjF9X9ahiQZiSLI51Dw","tlshash":"49e312ac36306451d67a15478c843f48d1a5eeeed4e1b36c88c791ecdfee90a22e5f12","first_seen":"2025-08-18T01:45:23.23087Z","last_seen":"2025-08-18T01:45:23.23087Z","times_seen":1,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":22,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250815/2025081518205816187.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250815/2025081518205816187.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 15 Aug 2025 16:30:04 GMT\r\nEtag: \"56c0e0e1e74f2777adb3195db0eb0019\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 15 Aug 2025 16:30:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 680\r\nContent-Length: 225008\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7563791386497092718\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":225008,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"56c0e0e1e74f2777adb3195db0eb0019","sha1":"6fd6ae9c364a0d68323e716299c510c6f5836812","sha256":"d5825048dc35f8c105ae1d89c58ff7f206039ee123c055552c5507c1dd362d22","sha512":"9f4b0bc7aa01e3f9c0d56e70b4370286a97b8c7569c70ee186ff07e19c23462fb0599b94ab44016af9f8779f240a615a70c072933565f175aaf55e0ab54ca6d6","ssdeep":"6144:aRu8NhIWSdWbN2tAvMFS3VZhrefX4DvlOou/xD:aRu8TIWS4bWAvESlZhOIDdOnZD","tlshash":"9424222d93668d74e216e676b67a6c21c23ed021f99722106cf92177b68332353e173f","first_seen":"2025-08-18T01:45:23.233753Z","last_seen":"2025-08-18T01:45:23.233753Z","times_seen":1,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":102,"dns":1,"connect":22,"send":0,"wait":22,"receive":55,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250729/2025072912491348170.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250729/2025072912491348170.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 29 Jul 2025 04:50:35 GMT\r\nEtag: \"f0bb23e5b9a2e070c1bc95d056d721fd\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 29 Jul 2025 04:50:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 141\r\nContent-Length: 274144\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7471626609951631105\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":274144,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f0bb23e5b9a2e070c1bc95d056d721fd","sha1":"697c4c55161c7db4b148c139ff1e74e1b74adef6","sha256":"52bb329c3a2364590dbc6d303e1ee2fa94ccf7230b4437db9b70a0a1d9bf4658","sha512":"fd6251e82780448e60637d9cc5c82bd6577a53fc5daf6053601c7f1d1a8f5d3fa8b58453eb638491e2d19b9ebeead80119138a569dcc8443e03277d088dbeee6","ssdeep":"6144:PZbJNg6k1pA9VPXOo3ddfVAIhw9CAZovWhksjNtZYaaO:F7k1iH2o3bfvrmoOd3YaaO","tlshash":"6b4423e03812582ed51c0ad99fe2978eef822682b411d464d49ecfdc4ed89732ce8fd5","first_seen":"2025-07-30T05:44:13.290606Z","last_seen":"2025-10-09T09:03:46.058905Z","times_seen":2752,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250725/2025072515412747041.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250725/2025072515412747041.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 25 Jul 2025 07:42:14 GMT\r\nEtag: \"a34d900e45febc08eb0a98df6b37d11d\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 10:52:25 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1832\r\nContent-Length: 105936\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15524036348445385701\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105936,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a34d900e45febc08eb0a98df6b37d11d","sha1":"2e38eee1b78f2f81c87cf83a1d293ca0e556cf7e","sha256":"f1fa028001856dc69c65fa126c6d9b7fd30417cb5fa73e75d0278489d24914e0","sha512":"84a5a17ba57361c446d75d1ec3e0ca6f1267fabe5f9dd6d5b5b4130c07ba6511dd71ae65d41fd6ba028533661f3d7736175a38db2ae7f10a68ae72c2e6864d3e","ssdeep":"1536:yLhxKZj/OfaEzJyjyYDGcy6KJsDbUSK77Af7rsm7wJLPL2XH/kJmc5qh5wpEqYU6:ySIxyPKaiUjVUZz2cMcgKEqpJWSYR","tlshash":"3fa31250d1d761d9c3922362703b620f73ca72ae63ed3e7d19310b41eb81781a9ba5bd","first_seen":"2025-07-25T11:00:36.763532Z","last_seen":"2025-09-01T09:10:34.632496Z","times_seen":125,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/layui/layui.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/layui.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:19 GMT\r\nx-hostname: server-4\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-471d6\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: AmVGeAgIQf8P3N7aUj-8NNbDV0jk-qN0gHcYYYypgSUzz39Kfh8mbg==\r\nage: 812\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":291286,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"70ed0e8151d23de969de514bfd802a56","sha1":"569e6c1b0ac0b8efaa7dc0015b691334947a9665","sha256":"92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95","sha512":"947eeb19fb055b07a191ec89625941abbdc8b2247b447dbec2e3958ebd3aabc34ac07a79c559e4752bd49bc44db77d500913aab4fae300077556e347d084b1a9","ssdeep":"3072:tVo+F//NOM0SF0Mz0pZN6TPKWjZIpYCrYtJ+8CZrcNBf4XcIiOb9:Xo+FdO3SF0Mz0Z6TfIpPS+8grcNBQcIZ","tlshash":"02543a9d758574b3237360a6406f990eb17b093daa0a8060f166d4fa2dbdc885237f7f","first_seen":"2023-03-07T12:09:26Z","last_seen":"2026-05-16T18:16:49.989522Z","times_seen":33631,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-4\r\netag: \"65b36999-4104\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: YX-RGWBvxsHDs8CjLlilrWeiq9xwUfZSKUgO7wpClHLMoWHsO3RxkA==\r\nage: 253\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-05-16T18:16:49.999908Z","times_seen":25202,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250817/2025081721170938537.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250817/2025081721170938537.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 17 Aug 2025 17:00:05 GMT\r\nEtag: \"b4a8a4794053326d918fb37b80c025b1\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 17 Aug 2025 17:00:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 506\r\nContent-Length: 131248\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2545548499669689983\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131248,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b4a8a4794053326d918fb37b80c025b1","sha1":"ce261096f1ba0803dd9ba4df5ef4b15de801474d","sha256":"3d1d6641ecbf2a072dbb32eb96d3f0d78791c958eb3f6a265e0bbfcdfaaf2b07","sha512":"d08d742625b686d78140a8eaf8eeacda5b6f16eccbb86d7b39c28f7bb905366f6957a0b2960c4d82f7f73994088ad247d0631ae7662a2ba8a779612c80ff6a82","ssdeep":"3072:KlOwtAiMYui82cmUpq4iWQlOosWZn+YdYfLq2m/v:KlOwKs2WRWQcorR+YCGB","tlshash":"f4d3127e730adc463d5c9e75d2b6de39bbd421c52258a248f9c3d5f12b2066321ba84c","first_seen":"2025-08-18T01:45:23.240831Z","last_seen":"2025-08-18T01:45:23.240831Z","times_seen":1,"resource_available":false,"data":null}},"time_used":658,"timings":{"blocked":314,"dns":1,"connect":13,"send":0,"wait":8,"receive":17,"ssl":296},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250811/2025081114470783591.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250811/2025081114470783591.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 11 Aug 2025 08:15:05 GMT\r\nEtag: \"6476418e4f03266a8fe1954be1e64a65\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 11 Aug 2025 08:15:06 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 184\r\nContent-Length: 165472\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6147907569198227806\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165472,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"6476418e4f03266a8fe1954be1e64a65","sha1":"9cfa8b583e28a04e212f23873a0bf5bb383946ad","sha256":"9dd5a6e0a23376a6c13247823b11e8e8add35d1a87d00233be09da059adb1ebe","sha512":"eb37d34a4a204e16fc91b2077a20315c1b6f3614952532f5abda7a1008285ee87243e1988f90386f2e099a046d1e542acca2202d2684de71068fa54810e304ba","ssdeep":"3072:BeaxdzjY8N+dH46q60vVXSigeWFvj15H1sqX4W2YLhYi44Q8CTIULGoFw0v56j7g:BdVjl+R49M9v5H1svwei49TIULGuv56I","tlshash":"89f312c9354bed956ab0b5e715fc4ece7b19e143484b170e2eaa50ecabc8d40c2db19c","first_seen":"2025-08-11T09:09:33.966251Z","last_seen":"2025-08-18T01:45:23.243487Z","times_seen":2,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":133,"dns":0,"connect":0,"send":0,"wait":9,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/assets/player.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/player.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:19 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 09 Jul 2025 11:41:02 GMT\r\netag: W/\"686e554e-1003\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: t6tVYWyfgaIOnbJQKUtfyNbboKPzHZ7xtSdLxNL2QQhduq7U7Ki30A==\r\nage: 812\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b4fddf8525d2da6fa0e24d94674fb9f3","sha1":"4149060a09da22bbfaa201f413d1f4b446fea1da","sha256":"8c7d71d123ec4f91eec964ba54ad1b8ed87f18d6952bec4b268137197eb42685","sha512":"db14528dfdcffa6605438ddfdf5f5dc40fddbc01e62faf85f41c80b72487ea3958e26ae50aa12ecc59b9379be8fe2a519cb70383f9bf65f2f721aaf163fcfa94","ssdeep":"96:PC2C62HyiZWWlP+oErxSiUtIEu7VfAn1PO8NUWzShC4Wp:qXLHyiZDlPM1SptIEu7Vf+uhCv","tlshash":"b0812e1c68f75021525bb0f68a6fd118b2344a870208de20fe0cab5cdf6953e46f2bed","first_seen":"2025-04-02T09:15:20.181739Z","last_seen":"2026-05-09T16:37:48.352088Z","times_seen":2493,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/gtag.js?id=G-B2LTNVGC4L","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /gtag.js?id=G-B2LTNVGC4L HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:19 GMT\r\nx-hostname: server-5\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Tue, 29 Apr 2025 08:16:20 GMT\r\netag: W/\"68108ad4-5d234\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 4cHquLpnXn0fyk-lf0_5OS2YYbzfhUIPUI7r8x2MD7rOpIuleK3Xzg==\r\nage: 812\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":381492,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6129)","md5":"33a9b69f784501cdb8a0c58f2f68f6a7","sha1":"fb8b0370f498e49e017f289cae6bc20234f2f4b1","sha256":"c94ca6d3c3db11e31bb31538f7e733db40d5b39e0820fcbaae6d847037b4428e","sha512":"853010d8f3d78252f634b29716930399b982ac4b1555eefe60bc1c1a48d157dc573805c685fb7b1de72ce32c7750f690777396a7e941b22c2742e2efb661b1f5","ssdeep":"6144:tkDe7WbEbUAOfns+vZcMDYesTQT8PVMxPMbznmsCt:aDeSbaU1s++yUHn38","tlshash":"4d841ade73c674665396b478803f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","first_seen":"2025-05-03T07:00:02.073922Z","last_seen":"2026-05-16T08:12:03.614131Z","times_seen":2521,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/clipboard-2.0.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/clipboard-2.0.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:19 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-234a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Oydh2uS86Z3ba7oqn5beSpyWLwxgwPnZzEfMeE8VEKGq61ZyfCydoA==\r\nage: 812\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9034,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8941)","md5":"ad98572d415d2f2452845a6068a913c0","sha1":"6674f81dd01c76be986cf0a8172d1073e56d7ef4","sha256":"baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1","sha512":"3c88ac453f2615f771c7df6032ced6018e46a7e0ad8d86312af17ddf0f32580bd7e78f1404d0031eeed091abe0afac911be6aca1ca9fba4e5cae335de73f6ce9","ssdeep":"192:RJBFlYPHiG9JyHg4LyAahp1v/N/MosfkApXMdgmkpj:R9yKG9JKziVF/MF/XMmmkpj","tlshash":"d7126599b291b0b15ad731a8412f920ff3766869708b90d0d279d4f0acbcdde4463f2d","first_seen":"2023-03-07T12:41:35Z","last_seen":"2026-05-16T18:05:04.575666Z","times_seen":17483,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250817/2025081721553553782.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250817/2025081721553553782.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 17 Aug 2025 13:55:38 GMT\r\nEtag: \"b24bc23fc773ec897c26fb9b0e8cefd3\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 18 Aug 2025 01:00:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 134\r\nContent-Length: 100976\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8974355158934120938\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100976,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b24bc23fc773ec897c26fb9b0e8cefd3","sha1":"7f5167cf0cf3ce5bc68c127b56bf5ecfc90373c7","sha256":"e5f8ac92e06b970e2f5645f252f24f64c2253fb45bd0a51df7893bc1d859eea4","sha512":"f98bb0da67a14b1a3b0aa3bc100555975f07b7ab5c80d8b99655e50bfeb781dd18b2668667c6e7460254114e4bd45ed34d5fb8af260633ce8acf85154dc7786f","ssdeep":"3072:jbwlJPFq1gFJa2yH6urd7Bgz/mO7TYl5c97:IF8+J8XXO7T7","tlshash":"09a313026238e3fcb4df85ed03b535a11596636df24d2a7179880ef676c5684c40bbeb","first_seen":"2025-08-18T01:45:23.25074Z","last_seen":"2025-12-02T09:16:58.869301Z","times_seen":3,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":90,"dns":1,"connect":7,"send":0,"wait":8,"receive":10,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250814/2025081414234472868.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250814/2025081414234472868.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 14 Aug 2025 06:23:48 GMT\r\nEtag: \"4b878ccd114624470ecd6f7489156058\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 07:45:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 574\r\nContent-Length: 150400\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15234871551302312150\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150400,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4b878ccd114624470ecd6f7489156058","sha1":"7ebf740ec87aac0f84092be703280219db9f1e33","sha256":"2192fedba4768890c2f2df4c3ee4e1ffaa04338634d9ea09a2e7fc595476fd6a","sha512":"f01258f3bd2e04c91591c008ba845c632dab05c3f1c3aa56ddea2f53d24df5d33d97f31a5ddae20c273f5c14db7ff61b33c784367a347a5af9c23e9a7bb82fd8","ssdeep":"3072:ayEVz8pIfglpV5UJTCj35vdXIdgzS/peKtSN2mRAyhyZ3gdU:mVwpegrUJTCb51XUgQeK0lhypgdU","tlshash":"12e312779fb71a0f8ebb58c342cc3433095d9e7d7897468f2a835e999831684e18d1a2","first_seen":"2025-08-18T01:45:23.25318Z","last_seen":"2025-08-18T01:45:23.25318Z","times_seen":1,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250811/2025081122261674695.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250811/2025081122261674695.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 11 Aug 2025 14:26:21 GMT\r\nEtag: \"02f9273043dc96ce45455c3fa77d0613\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 12 Aug 2025 05:15:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 29\r\nContent-Length: 201552\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2959685952141576711\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":201552,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"02f9273043dc96ce45455c3fa77d0613","sha1":"9d73e195f4ddfc4e8a7bef925bde875032628e0c","sha256":"914cf84935478f4460266e0b8584875c2445c9d57138cdf42afa326d722cb52d","sha512":"94dc4220e90b830f02267f8cc43bd9079893a0ad339d8d036b8160a5e8040d74ae6bdf2d741bd96bf13f70b121cc198575e1e77afa0ac8d37c6787024a123d27","ssdeep":"6144:WgPiRptqpUt7q6HxE9bLssvkZXIRTMlLh:WgP6pdt77Hi9nVkZXIRTMH","tlshash":"ef14239731042d0cc4dbcf2694c1a97ca1525de3feb2599398a842d7d6fec18fe3582a","first_seen":"2025-08-12T05:45:10.796124Z","last_seen":"2025-08-18T01:45:23.255737Z","times_seen":3,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":127,"dns":0,"connect":0,"send":0,"wait":10,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/assets/DPlayer.min.css?v=1","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.css?v=1 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:31:18 GMT\r\nx-hostname: server-4\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-b096\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: YMYC0SS9913HFeTax-nbW1WOQjdwR1iSQethceFTZYICk5CViuMQcA==\r\nage: 813\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45206,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36675)","md5":"561f19b7ef3f68fadc57c33a964fc9da","sha1":"715fdb568449a95aa5675197d28a26972f3230fe","sha256":"2c467a8a8710fd5a7f50d52100e39f0b24cd1c1928ae4f26ee4bbe67f8f56989","sha512":"3e6fdd77a27fc20dc18b9a54a1c66d68c3ead28dde098a7f9c95accde669216a3ba98a87c34c475f001671d7f0c6e73d98f913b693d72aeffe3bf0fb772f18cb","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHvHYr/hizxdUDr5+0ysGif0y9W:9HYr/hizxdUDr5+9soyW","tlshash":"4d13bb1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-06-15T01:32:19Z","last_seen":"2026-05-16T06:10:28.113304Z","times_seen":7348,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/FootMenu/assets/foot_menu.css?t=20231029","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/FootMenu/assets/foot_menu.css?t=20231029 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:31:18 GMT\r\nx-hostname: server-7\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Mon, 16 Jun 2025 12:41:13 GMT\r\netag: W/\"685010e9-898\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: thXTsaQA2MW2L7oGNbfMor2hZwkvZeRCKVmNplblGC2_3pv3byptvw==\r\nage: 813\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2200,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"64614812ac4674018c2ce1b8b8ccaab7","sha1":"c951c70177dbd690a4d57951cf47165bbf5429dc","sha256":"7bda87c3fb2390f334e74fcaf6d1d4d160916b0b3e73af7bfb0d3d3a9db4b097","sha512":"991ebef21f04d412d5454fdd5c244eceacecc2a5ca993ea13810696a761ebba051b8182513350ba839dc30c6fcf9d0e6e3f1d5ce5df7db0bb7b307f0ca61d88c","ssdeep":"","tlshash":"2b41a43976b2091479a74d64b35a89c4b3bc9603890dfd7efe1e53848f890e1b8d174c","first_seen":"2025-06-18T15:32:14.658498Z","last_seen":"2026-05-16T18:05:04.563297Z","times_seen":5645,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250807/2025080720332082535.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250807/2025080720332082535.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 07 Aug 2025 12:33:26 GMT\r\nEtag: \"f4d8723cc11f3aa612a80f47fb142563\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 08 Aug 2025 04:43:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nVary: Origin\r\nContent-Length: 114576\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11122599158163966813\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":114576,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f4d8723cc11f3aa612a80f47fb142563","sha1":"85ea95f9bb8c375f20a3edf9bfd3dd7714176ee2","sha256":"ba8cf982a68cf70c4b92583878ad753c4412368330a62b87181425f655cd893a","sha512":"15554042632e65e615afbe6f267565e16b329fc399edf1701cfd2c3bd59c432bb8900f1500be905b23ddf31ed0749de4039fdb9a2b79c41b0713983db86cd979","ssdeep":"1536:rgk1Ftq9ulwI+pZ+D/9v9SLrb92kmeWxSI+kY1xtcIMEwjzTUqFeQluRewHBTiRP:JFtq9uHSZaPQxmeWxbIxqIg1MWRaIt","tlshash":"14b312649d160e11376d886dd79fa74b5cf500b018481eab8ad36998cfe2ce78c362cb","first_seen":"2025-08-18T01:45:23.258891Z","last_seen":"2025-08-18T01:45:23.258891Z","times_seen":1,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250814/2025081420202773521.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250814/2025081420202773521.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 14 Aug 2025 18:00:04 GMT\r\nEtag: \"dc9cb2b87c7a141fb9beb3aecc8566f2\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 18:00:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1058\r\nContent-Length: 56224\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8942451269202959992\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56224,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"dc9cb2b87c7a141fb9beb3aecc8566f2","sha1":"add4950b8e9b3d756dc536c10d9269119a86efa7","sha256":"2f73ced0c9bb4da8c42633f211e0d42d3564b21b0624bd2ee1d06162f3862391","sha512":"a7c6e499bc94bedee5042a187f67e08a1282c42851429dd7c52de24279666d7a452505bf49b80e36ef34080881b4887cc9e22a444558a567cb64c26ab0ebfeb0","ssdeep":"1536:uawQWRPaCv2Az6+D96oBmUaMBBVhEJFbvlA:uaSgU2l+D9+U9B3EJg","tlshash":"0c4312c709233ba7e64d8f6acdb81edc652ea5134fe250156fc25da214dc9268d3d2f0","first_seen":"2025-08-18T01:45:23.261523Z","last_seen":"2025-08-18T01:45:23.261523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":100,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250808/2025080821474457518.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250808/2025080821474457518.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 13:47:49 GMT\r\nEtag: \"7ece7136ff42c1ab4b037c46eb3b569f\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 09 Aug 2025 09:31:50 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 21\r\nContent-Length: 188288\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2694301316901210049\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":188288,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7ece7136ff42c1ab4b037c46eb3b569f","sha1":"b18b270941a4c4e6b0c534ace88b570eb62cbc8f","sha256":"bdcc418e101eec5e57615f6e52e9640daf6505ae1d54751c25562ebd765982f4","sha512":"29e2d65f967ca6872f3338df439ac9d4634131d86f4644bd6156cfc91dbd7c97040f6c630c0867d5a1b57189a6ef3b2b011b9dfe0cfc8c1caa165622eb841190","ssdeep":"3072:d8U8LWQylpOYtHlkX+iNBXxwAfoTU2XxZ4n6bWXSpu7vFHNCjk3Nbaa6Y2dgcfjt:W+QyyDX+QBBnUXH4zvFJ3g9YCgijVb","tlshash":"1d0423135529cc6f0466e08aadd55be7d1f5ea9a0881ef0329621cedc12d003def67b7","first_seen":"2025-08-09T09:49:05.57605Z","last_seen":"2025-08-18T01:45:23.26534Z","times_seen":2,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":133,"dns":0,"connect":0,"send":0,"wait":9,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/common.css?v=1","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/common.css?v=1 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:24:00 GMT\r\nx-hostname: server-8\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 11 May 2024 04:44:36 GMT\r\netag: W/\"663ef7b4-669\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: jfPDYhj7Tx1eDe3cfIRqYiQRa991AQKUQzSexqxiqEsw6B6oheCbIg==\r\nage: 1251\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1641,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7a20ad6fe6d78c06a1c354ede4f32aef","sha1":"69da47501175cd95d6f13f85e0045b022fbd0928","sha256":"9d7e7374cd2a218d14fbe59c8ed009ec752ca397a5b3fd260441428d0e2e7198","sha512":"b437f90e888ade855d9125b2db50b63e6e97c4707b2d5022bc4414d8b089969739cda37c34ef17cf4fca03fa5dc2f9ce54c2bc86e421f56d338f0e241fd4baf1","ssdeep":"","tlshash":"5f31a05a11031048f52ba7aa4fdb071a1a6c1013f503dc3e37ea275d8f974bca1b3b59","first_seen":"2025-04-23T20:56:45.673784Z","last_seen":"2025-09-30T08:22:23.215033Z","times_seen":392,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/webfonts/fa-brands-400.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/fontawesome.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 117372\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-6\r\netag: \"65b36999-1ca7c\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: qcW1hf5RqVEm3AjGHrvJv7rpcSnjfxinHBJkmNvv1xttQnsG7vUACg==\r\nage: 253\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":117372,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 117372, version 773.768","md5":"b6356c957274676e6571c1ff5e11c9a8","sha1":"4022f95e001d734ca8f082b8e7627abd205609ec","sha256":"3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490","sha512":"83de79c74480fafc62cdac4012ff2a129d8701772ee16216c3d9488826ac21a9c2f8a416fe3208a61bfea7e12c24ac1cc2d26f6d22bd2b0ba39a22d630238b59","ssdeep":"3072:U3JKgVzg5ybfXYe5W59JPQaPWKSsx/DBMnVnqedkAFqPQTzIBIOK2vDMF:IVM5A5GJPQaH/NMtBkAvcnYF","tlshash":"c4b312f88b7ac9a5e304e67b55e4613555a0aec8b180f35453be7c2c221e10dc67afe3","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-05-16T18:15:36.819725Z","times_seen":23450,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250815/2025081514593818325.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250815/2025081514593818325.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 15 Aug 2025 07:00:34 GMT\r\nEtag: \"451475bb2d36daf82e5ba57933eb36e1\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 15 Aug 2025 07:19:12 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 7098\r\nContent-Length: 232048\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10643163780931409265\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232048,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"451475bb2d36daf82e5ba57933eb36e1","sha1":"7257667ec2ec078b8a521fa9047b1c52a061cd72","sha256":"464c256853f6e3cc426d75f123610c3ece888861cf2a94406884143a98e2575f","sha512":"b9c9a7ba64c967695e833f073232949be9235da0749a9514ee9fcda1a53e689ff93b05e86618a47e3b21f66707c372adc57e7192cc913a21e31ec135ff1b1661","ssdeep":"6144:CCzDrQhgmMLYvSw9aQ5CgzjAB6gx5XCg8CTO3td6kW4Gse1AD+WQZaBHQWM4+u:fHQhgmMYvSwRg4gLKCa9d6k+5gQAPM45","tlshash":"f734239404282cd5f2e6b65879e4960723339f4b279a9113f05322049bfbd19e6f7acf","first_seen":"2025-08-18T01:45:23.270629Z","last_seen":"2025-08-18T01:45:23.270629Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":94,"dns":0,"connect":0,"send":0,"wait":11,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/position/20250813/2025081314144740894.jpg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/position/20250813/2025081314144740894.jpg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 13 Aug 2025 06:14:50 GMT\r\nEtag: \"cf51021823ceb4a464292307d0fe45bb\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 13 Aug 2025 06:14:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 6922\r\nVary: Origin\r\nContent-Length: 67024\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5780629273112186809\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67024,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"cf51021823ceb4a464292307d0fe45bb","sha1":"d3182e3cb557aa3c7d3db54c3054ad01b066bdd2","sha256":"e11a374a62c2832d67bcea53535906be3d958b24f547f30fad773bf36c59b803","sha512":"a10e08815bc7335b68f85bab91a8d841e732c0d516424f185323908d646c253dd78c63808e59eb26d870956eec18043da0867dd5aabf1a5ca943daa98c6b3c49","ssdeep":"768:xHxVwh5m5YGL3sElbF+Y8myESrEDQ0DhDqK6en74XyNyhwXwX43+tzSIai/C2N7Q:7C8+G3pCEDDDH6Dm0w243WjBKBXR","tlshash":"0c63022b88ef55c04e4d9458c1b1bec8e49d2cd77027db4dcfca125a3512e45a7eb078","first_seen":"2025-08-13T08:43:38.04084Z","last_seen":"2025-08-18T01:45:23.273526Z","times_seen":3,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":126,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:31:22 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-37bf\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: f33bWje98oOtBQCyY8A0z3QExwntkrKXEb0frYRP36_7FSc671YmtQ==\r\nage: 809\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14271,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14271), with no line terminators","md5":"c234eb06d5f32055092294e78957f17d","sha1":"f15ee0bcb9694f32f5e1d524f2653aa0dd043402","sha256":"5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540","sha512":"3f06b51116d7f8026d81c7eb6a3c4d871462d09fe0a5b8cc8b7feaf20cbc88b0b6a545f0ec7cbc17566a9ff609405f58fad6eddfb3a8b3f6d530ede8fa3fad5c","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXi0nMLPD2OtLzAyPHL/LztJDzyv2OQ7KGx1j9d2/nWUU:1ELr2Otzrzzt42OQ7KGx1j8WUq4S3cU","tlshash":"f75242e144911299b0278721d6dc7eba32f88d43e5630caef2573c1f874c6dba2b6647","first_seen":"2023-03-10T11:40:20Z","last_seen":"2026-05-16T18:16:49.93548Z","times_seen":51495,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FY0XHF5T9E","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"GET /gtag/js?id=G-FY0XHF5T9E HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 18 Aug 2025 01:44:52 GMT\r\nexpires: Mon, 18 Aug 2025 01:44:52 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1099:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1099:0\r\nreport-to: {\"group\":\"ascgcycc:1099:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1099:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 134711\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":404734,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6006)","md5":"8154b275dd323d6d161fa9a1952af930","sha1":"86373e890ca6b034e57e178b82fb0c24527b8ffd","sha256":"83b0e3fe8a25715c9d5828861418967aadbaa7e556673a4f7225a96fc23642d9","sha512":"fd515333f95940ea31c5cce89e88972da25c8ebe8676987f7b671829471bd82e2dace34c517e1bbb87e198f709332a3cb48778389a8a8cfcebbd9e3de966e24f","ssdeep":"3072:dS7fg61JLwDPLFAddzT0S25DHSb5qlUmxxgJgJ471MSXz1PMqaW/uSoTQtF021Ke:amLLFAddVtIxgzhqW/uSoTuFH/KPDOx","tlshash":"fe8418ce73d674625396f478502f018ba57b28a2b44cc89af1c9cde42e74a9a4137f7c","first_seen":"2025-08-18T01:45:23.275546Z","last_seen":"2025-08-18T01:45:23.275546Z","times_seen":1,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":119,"dns":1,"connect":7,"send":0,"wait":35,"receive":28,"ssl":158},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/images/banner.png","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/images/banner.png HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4856\r\ndate: Mon, 18 Aug 2025 01:14:36 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 11 May 2024 07:37:37 GMT\r\nx-hostname: server-7\r\netag: \"663f2041-12f8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: e7YW7hA02rvAcrZWuuMQu0L2FSI2407wUiHSnyN-MIFMeoJgUE2R0w==\r\nage: 1815\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4856,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 950 x 110, 8-bit colormap, non-interlaced","md5":"a12f2529838e1559101d2ea1b93d8aaa","sha1":"6fc048ec4bf65d618ae9f06de8f45f24a340b1b0","sha256":"66a3a09da9e1c7eae3a233650d9d07393f5099fe0fae31ad8ed220e4b6142c32","sha512":"41848532320f5325b7d7d4d27c28038e09b95446ddcbeda6717bc2649eb6c8e6631aec767ba6badcf3dd90a9e1d708aa38ff5fc78e89e02cffaab0f5fd83443b","ssdeep":"96:noa0a0a0fwB0sLke5dEqqLO2a6P8eOoMLNuvWK82D+B7zF/sVSfEITpa0aUez:nWsQWdEqqK2aw2MZMzF/qSjM","tlshash":"bfa18e76fc5ac83ec83fd80870709aa7d65d9e05cbd984f551c68ca3436b210a777493","first_seen":"2024-06-16T05:00:12Z","last_seen":"2026-04-08T09:44:32.619415Z","times_seen":2332,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/fontawesome.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 156496\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: \"65b36999-26350\"\r\nx-hostname: server-4\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: CuuJd-dWXGUPrfbKKJg_Tcz9G63Rhnit4UQ13zmZckm2zAkys1wfIQ==\r\nage: 253\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":156496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 156496, version 773.768","md5":"6c4eee562650e53cee32496bdfbe534b","sha1":"1aae708e3b94ee981b452a918d28ed037fbb5e18","sha256":"9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2","sha512":"ebcb5a2e2a908228f77ecd03b45491778cad73ddc39fa3a6334b129aaf9fa36c16c0307aeaad74d77f616b5b34aac52d91e9f4816945253dc9a826ddd71f4d12","ssdeep":"3072:OvM6gZMLmY8uGpjVnlooQ+GQs8jic0f/KkMdE:OU65LoP5QSsuic0f/cdE","tlshash":"8ce31200d620498d9978fd5b2a1fa1ffa7a939c95ed210bad3c30cb93257143bbc2556","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-05-16T18:21:51.054279Z","times_seen":39886,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250817/2025081721143967984.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250817/2025081721143967984.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 17 Aug 2025 13:14:44 GMT\r\nEtag: \"092d409a4689ff89478f27e1c2c7db2f\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 17 Aug 2025 18:00:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 344\r\nContent-Length: 97136\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3998980430380077291\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97136,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"092d409a4689ff89478f27e1c2c7db2f","sha1":"db0459266289d50c80e0b38ea5461d243a3d3087","sha256":"84aebf8d35ee9fa189dc1d4ed6c7f14f2d9d4dffc57cfe52722c09c15db3d6a7","sha512":"e232adb523111319b8cd22e4f0458e8494a7a06ed95bb5765544ce63fad2e7014109ac1fe941245985da59f8fb42b5f8296c3705d29e6b63aa1904cf9f8261b9","ssdeep":"1536:MUXPHvswrRfZT1yCqj2ovUdN8jAeIYaqToLgH80vX/rxDI7yL7DDJ8n2lrJbe0fe:zbT1E2UvIRqULgc61DI7yrDJKGpe0GeG","tlshash":"6893023ec4bb013a43ded1493fc199e18c994b627a9527a510688cd6a3f25f9c2ca727","first_seen":"2025-08-18T01:45:23.280257Z","last_seen":"2025-08-18T01:45:23.280257Z","times_seen":1,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":275,"dns":1,"connect":11,"send":0,"wait":18,"receive":9,"ssl":265},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250814/2025081416521844062.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250814/2025081416521844062.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 14 Aug 2025 08:52:21 GMT\r\nEtag: \"60d568d1e8679d9774040cf37d7fdf8d\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 12:15:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1301\r\nContent-Length: 140208\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4296585881415794375\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140208,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"60d568d1e8679d9774040cf37d7fdf8d","sha1":"432e32fba930ce331290dd06d17e9d434de65210","sha256":"427aaf135c37268f8049ae515d3af776ad2b42f0a20de253f89dbff051e70e36","sha512":"60ca1f08e01aaa47cd83e5cd77cae0e6d03974883d62494b21cc08f3dd36393a51f167da4f473a594c8dd8e53439822a2f7db878c37c501b5974b91c96653cd1","ssdeep":"3072:GB74aQYiX5SrqZJ90ao3Fm74kZbXtET6XbGlhcjjgoeuCtZ0d2K:bDX5TJCaftVPuuCtZ0p","tlshash":"f7d312894e7e6209f46905fc8cf9cb8695a9d385e403a5d4b108fa68de0ba5d0f3f817","first_seen":"2025-08-18T01:45:23.28255Z","last_seen":"2025-08-18T01:45:23.28255Z","times_seen":1,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":106,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/layui/css/modules/code.css?v=2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/code.css?v=2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:34:31 GMT\r\nx-hostname: server-8\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-527\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: mI5x9Lwv3OorCTaooyChjFMvXoPPKjTF_g33x1KvijH7wl2b1L_S9A==\r\nage: 621\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":1319,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1319), with no line terminators","md5":"986d0d70b033a195fc1bd1527b06993b","sha1":"69ea79bb09bddd3b988db70ef8b10be9ed0f0065","sha256":"3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431","sha512":"a3d1ffa0ba90c8ed8f1330c456760ad7098b683756f1f5d2aae6ec89502c0fe1ff6287e7b1180b9df8f50d517118b610566e9315de055d4780a230488eda10e0","ssdeep":"","tlshash":"d721493aa3852118354bf21574fcbcbca03cb1d6a5ea0eaaff416797c944c51083674f","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-05-16T18:16:49.939035Z","times_seen":33301,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:53.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_B2LTNVGC4L=GS1.1.1755481492.1.0.1755481492.0.0.0; _ga=GA1.1.551872036.1755481493; _ga_FY0XHF5T9E=GS2.1.s1755481492$o1$g0$t1755481492$j60$l0$h0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-4\r\netag: \"65b36999-4104\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: NfMHjABelpEqVAFqHeIHUjzIOgrjRrMU5OzOlbTOk1o3m6ugIyBsoQ==\r\nage: 254\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-05-16T18:16:49.999908Z","times_seen":25202,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stats.aazfwxb.xyz/js/script.pageview-props.tagged-events.js","fqdn":"stats.aazfwxb.xyz","domain":"aazfwxb.xyz","tld":"xyz"},"ip":{"addr":"156.255.123.77","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aazfwxb.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 03 Jul 2025 08:45:52 GMT","end":"Wed, 01 Oct 2025 09:43:36 GMT"},"fingerprint":{"sha1":"6C:BB:4F:2F:16:2A:53:60:FC:B9:6F:67:D3:6C:48:6E:0D:7E:83:D3","sha256":"49:C7:EB:51:26:74:A1:72:4A:8E:55:69:14:2C:F2:A9:43:2A:05:FA:4C:48:E1:B9:04:91:AC:CD:78:54:DA:28"}}},"request":{"raw":"GET /js/script.pageview-props.tagged-events.js HTTP/1.1\r\nHost: stats.aazfwxb.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 18 Aug 2025 01:44:51 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nage: 62037\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 17 Aug 2025 08:30:54 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qK%2Bwi9koEuIyXHWCsofS6rb%2BNlAmnlnYMSVog8QM0ma60ec0mZ8T2Og%2F6UdkR6a9P7gWSWAr9bdny1HR9PP0Gue32juVxKZXqXwMFIGDBg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 970dba7ccf6592da-CPH\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4510,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4510), with no line terminators","md5":"5753a2e8435a3e73e95b4c761b67331f","sha1":"8d3edfabb4475135efb69efb6575726922681db9","sha256":"42178833804370f71809af7abc9161d6530056816f4f1a4e820fe039e648ba0d","sha512":"6f022253925d397e84cfdfc2152f52561b2e01fc45f949b97824309e32524ca8c77126ac505db06aff4f08705f8eb4ce241ad99f4523dafb7830d6d632f32189","ssdeep":"96:1+IiQIswSy6fetDkKn5BATGq+8AxzzCMI:0InGD55a6qWxzzi","tlshash":"9691b5ed3a02b57664b99137626f7216b13b2a93680844006435dec53c28feb6337ece","first_seen":"2025-06-12T22:28:35.769513Z","last_seen":"2026-05-15T11:08:00.647226Z","times_seen":468,"resource_available":true,"data":null}},"time_used":236,"timings":{"blocked":93,"dns":35,"connect":26,"send":0,"wait":37,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=13","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/mirages.min.css?v=13 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:31:18 GMT\r\nx-hostname: server-8\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 19 Jul 2025 09:50:43 GMT\r\netag: W/\"687b6a73-2fae4\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: ydOy7fECEjyAb-TIJlErgnmVfkneqovLL9AChVWi8jE_o64htlfxlA==\r\nage: 813\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":195300,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1228)","md5":"091ed46db17bb749b13bf230b1748552","sha1":"ccd88104520d2e51da160f7eae094c87e9ebbb94","sha256":"27e383c84c576d57193f0b55c358c7367f36118731145ca9d847c9f5e1744b57","sha512":"ac2c6082083c21c7f641bc053842a15ce1662027ce7c59ea48dc6a3c0677601ba5627a608c135d4938c209240ecdcb0547d7269c8a33376e2d9097b17c4048ad","ssdeep":"3072:KUMZDmXvvkwwcGHfhEP/0JXBl4fOBl4fc/GYEG8PnXNsSd1XmFTQSJ:PwcGOP/0xBl4fOBl4f9YEG8PnXNsSd1k","tlshash":"3f14747c954511d46373ca1aafc4b6582b38f226dd012ebdf12721d8dbc2b9b12e2b4d","first_seen":"2025-07-23T00:56:22.71522Z","last_seen":"2025-09-30T08:22:23.254122Z","times_seen":230,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:53.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_B2LTNVGC4L=GS1.1.1755481492.1.0.1755481492.0.0.0; _ga=GA1.1.551872036.1755481493; _ga_FY0XHF5T9E=GS2.1.s1755481492$o1$g0$t1755481492$j60$l0$h0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-5\r\netag: \"65b36999-3fd8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: zzwig0pyr-2gD9ZpeKVJ_1DQ4EpERuh0a5GsIx4hUUyNCb0Uctb2tQ==\r\nage: 254\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-05-16T18:16:50.00793Z","times_seen":23183,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:18 GMT\r\nx-hostname: server-5\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 16 Jul 2025 04:16:48 GMT\r\netag: W/\"687727b0-4cb68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: ndKazo1sQljmZPjek0hmYrGdGdHwh7fh0A77wWpQMJWD8oYvvSKaFQ==\r\nage: 813\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":314216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (942)","md5":"467f79f8918ea5236cd42da189a3ddd9","sha1":"9cd460c1e262681514e331bd3cf1d17c9ce9d4d0","sha256":"7406dc82acf484c36bbe06dd2266cc0b2793fb5bc1622d5d0e7ab76e89ba98e1","sha512":"361dd264e39689a61ca1c9baf5bb3d6b42384d59f3619c20bfd43c4b1e7073ed7adfff7440896ddfe82e5145aca58e98e82d6c6560d3653024b2bd8820ec1413","ssdeep":"3072:/SbqwelyE+K3TAO4czuJ19WxZ/Y8f4Sqvw+Uki/uMSB+jonuLzAX:/Sz4TAauJXW3Y8f4Pw+UVuTxnuLsX","tlshash":"ae64a40baaf314725563b0bc4b6fa5043231806b5e59fd643e5c82dc4f1d83d26b6bae","first_seen":"2025-07-23T00:56:23.107725Z","last_seen":"2026-05-16T08:12:03.632769Z","times_seen":3286,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250812/2025081217005239920.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250812/2025081217005239920.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 12 Aug 2025 09:00:57 GMT\r\nEtag: \"a876ce7d98e5ed9cc87a77da4d1666ad\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 12 Aug 2025 11:00:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 326\r\nContent-Length: 165904\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17752501840494082223\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165904,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a876ce7d98e5ed9cc87a77da4d1666ad","sha1":"82d63d109289d2671b9c74843f4195e787408894","sha256":"0170c6e520a2703f5e3366142b72ba8e984fe15a9d2991d6ea9dd85f23a1ecd7","sha512":"01af565b3dcd12b1c89d779879e0a8ea5b88b8578b0cc0c630435a7d36c708815f8af9d93d66d44beb7a45aa8184c556c70cd41a87aeb2199437b4f657316ba8","ssdeep":"3072:03WWWVKRe8MRuHYHd2TRlhzVQeBe6qwuGNAPfAUQnGfQO/sUpdabWv+ZSbgGaE8b:8WWKotMw49CR75EVM7ngE2abWm0bgGaN","tlshash":"fcf3128e872865707d7afe5c5e19106e126ecf70e73a0d3e08e42b83c473895a9f3569","first_seen":"2025-08-18T01:45:23.288077Z","last_seen":"2025-08-18T01:45:23.288077Z","times_seen":1,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":129,"dns":0,"connect":0,"send":0,"wait":23,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/fontawesome.min.css","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fontawesome.min.css HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Mon, 18 Aug 2025 01:24:00 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\netag: W/\"65b36999-18d62\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 5yHAOfPlCEoqStV4L6l-6K2EkPNPGyLawU33JuzSlbTAJIv9F4_UNA==\r\nage: 1251\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101730,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (62331)","md5":"39cadfab66a73045efb12382e22bf500","sha1":"1c083f3d16950ef0b3c047abdc45000651afbe2c","sha256":"2bb5a2ba7c578dcd0fa854c4933d94b95192c4362859a107c129e08bcc639ab7","sha512":"42b32823c9882f41e5bbfc2382008ce2ed9bf93c50de895749162ff43695bfa0e26a42689868688978853435682472e717e0442e92c4553af1bd897ee8a3403f","ssdeep":"1536:inMnM+M8MMMtMFMHQ48Efuuzv4p62QzsJSUpNtJ9yD7y:Spfuuzv2QzsvjtJ9yvy","tlshash":"70a339f8e48905e8a372c84fcb55b36c663af770d5425c81f10f9a4d8ec2b5815eab2d","first_seen":"2025-04-06T23:52:34.672346Z","last_seen":"2026-05-16T06:10:28.093285Z","times_seen":5418,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/plugins/DPlayer/plugin/hls.min.js HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Mon, 18 Aug 2025 01:31:19 GMT\r\nx-hostname: server-3\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 09 Jul 2025 11:41:03 GMT\r\netag: W/\"686e554f-805db\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: I89fwB1QY14OcLwCHwpIg-vIPncgS5kOzEFxRYRt2jmOAW9KhIMeVg==\r\nage: 812\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":525787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c6b4b0566933bbace745d354bbf66a45","sha1":"37421e0fdc0f834e9b76c83c86b8f8dc5a25f9f5","sha256":"98f063553824f201d7a46e124e1dabdeefbc517e35e800ba0c8cbeedd432ab67","sha512":"b972867cd30918e974a0603937c16d106aca52ae7b52ffecfb1096b093dd21778cc38eac17d777e53a709b9a3c451b5785d9ac2d3ead1b9ad5532dc718389dfc","ssdeep":"6144:tN52SSJ22f+rppL0uMRzXrpbQLTfUUD+6D5U7qKxnU3F4BsibLioRGJ8z0xEnFak:te22eppSRzbpbTiwqKxUHF84xfg","tlshash":"cbb43aed3695a01683c2b169903f5507633a7d0a284cc12cfa2be9db2d7994db13bf74","first_seen":"2025-07-08T11:22:48.878147Z","last_seen":"2026-05-16T10:27:59.368664Z","times_seen":29871,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250808/2025080822253015211.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250808/2025080822253015211.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 14:25:35 GMT\r\nEtag: \"78f1f061f5af5d0849c0b8ac5bc853b2\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 09 Aug 2025 07:00:24 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 399\r\nContent-Length: 185104\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11490201907948856052\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":185104,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"78f1f061f5af5d0849c0b8ac5bc853b2","sha1":"6d0da0d4ee9b56e47bf2861764ddf32b2e29801e","sha256":"6c05d5801c01fdc1694cfabfb98bfd6984c7180e11f110d7b6d66a5a85743f2e","sha512":"c630565057eeb4d87560ae5bd3eff830399668e99c41cedc7a67b2c281247fdca49a21043d5668fab495846fe44e1fb9495fab4917e4c54df2aafdefdafd2d91","ssdeep":"3072:10p4U9IMA18qRhxqxIQ/Yf0tMPydQdDKlrhtT8cCMl4bNBmjFpoK:10p4u0DGIQZtHdQdelNWM7","tlshash":"b904237918af3c9511fd168dc4f05734a99ce993790e91413ea4f60eb8de3b8ece0991","first_seen":"2025-08-09T07:30:42.202712Z","last_seen":"2025-08-18T01:45:23.292284Z","times_seen":3,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":138,"dns":0,"connect":0,"send":0,"wait":10,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/images/avatar.jpg","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:51.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/images/avatar.jpg HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 9738\r\ndate: Mon, 18 Aug 2025 01:14:37 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 25 May 2024 10:28:58 GMT\r\nx-hostname: server-6\r\netag: \"6651bd6a-260a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: _hkrEPMew7TBcD24W3ZmlNleztUQAUVPPU_bNdeiiFxpCidTg4b2LA==\r\nage: 1814\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 242x242, components 3","md5":"e331808b08c447fb62c360b095951c2f","sha1":"19d11bfc77e882ce20a9f3901114670aa5cb089b","sha256":"f6ec1746206d7496dcde9410d012a7e32ae5707eb3d4f1129c33ca9dbeab085e","sha512":"c05520bf79a42ddc94cfbe27461035443b5e31d5f62c86534450ca1715161a1ec9c7044d41caefac8a289f54a4ef625b18895a0c59ae093dd59180d67719e20e","ssdeep":"192:F3qdot62CnW3kB/FEAN/oV+qokd4K3j6ieSiqt9:hqCt6m3+/obo+Diw9","tlshash":"c412be2225dccb19d1fae233451f73061f779d530d817768be5c8e83bb858206a8d6e1","first_seen":"2024-06-16T05:00:12Z","last_seen":"2026-04-08T06:34:11.713779Z","times_seen":2333,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-18T01:44:50.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /tag/%E8%90%9D%E8%8E%89/ HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Mon, 18 Aug 2025 01:22:25 GMT\r\nserver: nginx/1.22.1\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: l4D0l71dddXvzxThvi9shCxaGykwp76YQyI3hhS5opdOLNiJmHnjkA==\r\nage: 1346\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}],"data":{"size":160484,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2156)","md5":"c94ebb269fbf826c3c6881324554caa5","sha1":"f6624e50087a2cf772c23f08d5c12ada37b24ff0","sha256":"53d173fbe618d1bc1a4ff2d89b763af703497ddc95154d7ca406bda0d9a3a37f","sha512":"11b120c9127cc839990c03af485ab05c648c842d4e8d00b66101cd37c652b099d7d9407d2ad1f534d634bcf85d20e66348f4e78ff860b44b97f4cab3449638a6","ssdeep":"1536:WcIXw7G9Yd1EH0OzAACh4Va9pCBdI1IIyfdBPr1se+doHWIjN+mJCF1OuFboCvoc:WcSwC990OAAi4scr0xtMU6SVrH8uPd","tlshash":"cef3c6a16cf104768263b0e965b2af49ff40c047c65ace84779c8ad5bfc1e6386b7358","first_seen":"2025-08-18T01:45:23.294263Z","last_seen":"2025-08-18T01:45:23.294263Z","times_seen":1,"resource_available":false,"data":null}},"time_used":931,"timings":{"blocked":454,"dns":444,"connect":1,"send":0,"wait":23,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"d3bqx5dvn4460l.nefcvtm.top","domain":"nefcvtm.top","tld":"top"},"ip":{"addr":"54.240.174.30","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nefcvtm.top","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:8F:7B:16:A2:4E:F5:56:04:E3:41:F6:7B:3D:9E:1A:E9:76:C8:E4","sha256":"84:15:49:15:71:F2:1B:77:28:D1:20:DF:1B:2B:6C:21:DE:5B:2E:53:8D:3D:67:8E:25:DE:BD:A4:DB:98:30:CC"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: d3bqx5dvn4460l.nefcvtm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d3bqx5dvn4460l.nefcvtm.top/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=13\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\ndate: Mon, 18 Aug 2025 01:40:39 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-3\r\netag: \"65b36999-12d68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: z5pWVcf3KLJYClNsjRLRy3eZa5pjUw2z8N57cmlvoVbDThYUW74jXw==\r\nage: 253\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-05-16T18:12:08.691799Z","times_seen":470010,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-18","alert":"Sinkholed","trigger":"d3bqx5dvn4460l.nefcvtm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250811/2025081117482695888.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250811/2025081117482695888.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 11 Aug 2025 12:30:05 GMT\r\nEtag: \"be01014c466c75f91a8340fbfe806672\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 11 Aug 2025 12:30:24 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 728\r\nContent-Length: 125984\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10091322406215175900\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":125984,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"be01014c466c75f91a8340fbfe806672","sha1":"66932a061dccbe93493686c8d1d5e18f3cc4bdff","sha256":"0076b706486f35cbdf8e67bbe673c331c1eaaa3db9483577ebfee4d31a92e471","sha512":"e779aedb279569a4da3e75c7d7d3489a91c0cfc3fa32db0e58c490f63b8009b37c55ef4f855cf247525247066cbe96460fef7054da35df581a20f03995497f21","ssdeep":"3072:AOMbULXekOWEC1U0zSEGzaGhvQAD8gnW/0IZ9MmWk:AcXek/E0UZEShvQAD8gW/3ZZ","tlshash":"8cc322cc6950b4281065b1408ed2a0b826a9f10b46b64bd57dda7e3e7f7e2105fae13c","first_seen":"2025-08-11T13:11:43.585704Z","last_seen":"2025-08-18T01:45:23.297555Z","times_seen":6,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250808/2025080817513080539.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250808/2025080817513080539.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 08 Aug 2025 09:51:34 GMT\r\nEtag: \"94402fc3218e0edaffd178783f923a1f\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 08 Aug 2025 13:18:48 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 175\r\nContent-Length: 109968\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10934680753216527473\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":109968,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"94402fc3218e0edaffd178783f923a1f","sha1":"87e9e4de39797884af2199c971af398d98d5cfc3","sha256":"c6752baeb772bf87006f89fca22018eea8d85d3ccd9979d5d211b656c0bbb04a","sha512":"db71fefd111f69d70199de0d422e48a2f3b54a443e04164bf90f76b929cbce894c3f85ee12f58e9e29b8f114519ce20a5f9af6b4d6ae06cfd8bd87ea1f6c1930","ssdeep":"3072:xxSR26JZjo5ZEDMMcR20mtJTO25kmOTj2D2SPNc:xx7gm5mtumtXoSDXc","tlshash":"78b3120ea581be0cb92b7f1a4c8123421c6757ea512738bc1b84e4ff1e39c58d39d9a7","first_seen":"2025-08-18T01:45:23.298461Z","last_seen":"2025-08-18T01:45:23.298461Z","times_seen":1,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":117,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250704/2025070418214069393.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250704/2025070418214069393.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 04 Jul 2025 10:24:20 GMT\r\nEtag: \"cc175380786fc6e7d35ebcf5f542dc84\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 15:05:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 73038\r\nContent-Length: 297712\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15722771941778670980\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":297712,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"cc175380786fc6e7d35ebcf5f542dc84","sha1":"a8de6ee8eee7ec9c18747673d87550363bc085e7","sha256":"4bee84dd59b5a17646e608b2fceae26c41f0430eca1eed6979eede92ebc9f8b6","sha512":"b3ade3feab9b8690428ba3d70a097dd54a333bf91a520993ad9df6ead369938eea6b5bd8e3ae35bb2c00afb7cd63e14c2778b4e5e44853844f48630b514dd668","ssdeep":"6144:yAHDxjJDa+O3PF+vH66S7Oze9UTVtUOD4eRYfjUh4ff+DJd/n:y4DRJu+OfF+P617OzdVtUOD4YYfjUyfE","tlshash":"b35423b726e69d6ab3574f40f7011b20640699c5033374b3a16176ccb93efef0a56b89","first_seen":"2025-07-05T16:42:30.525152Z","last_seen":"2025-09-06T13:49:29.215822Z","times_seen":281,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250620/2025062011353335539.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250620/2025062011353335539.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Jun 2025 03:36:04 GMT\r\nEtag: \"9e313e440a0f2b773940a9198214596e\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:08:21 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 65675\r\nContent-Length: 63840\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18017163581708568667\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63840,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"OpenPGP Public Key Version 7","md5":"9e313e440a0f2b773940a9198214596e","sha1":"7fbc847dbc1c2be5a5bb0b8bbd6f4eadde69d810","sha256":"87e4c31460e20c101872b756d570be7bc876062a6d94985660d89433f1713ff4","sha512":"2b86c47a165ef3b3fad48022a68f2ca0697f23c2036382973dac956cdaef4571febc076172c00090db5d3b4a2587c9fe97fd8e3775762db8a7c5585e89d4997e","ssdeep":"1536:CwwDDUtQ2UoY5E0J778dirGc9P4lFLgxO:Ch/8Qda02x3UO","tlshash":"5a5301db3db9758dca2697fad49b6851c461bff1c78443acb4e9101b20a98b8347dc03","first_seen":"2025-06-19T15:45:36.662823Z","last_seen":"2025-12-04T03:06:02.68514Z","times_seen":2045,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250712/2025071216023143760.gif","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250712/2025071216023143760.gif HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 12 Jul 2025 08:03:19 GMT\r\nEtag: \"510e06ac47ce28c8e1f3cb6e585fb6f0\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 12:42:24 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 81633\r\nContent-Length: 668512\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5890992138107644611\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":668512,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"510e06ac47ce28c8e1f3cb6e585fb6f0","sha1":"d849b7f031aaf0df5c592b1b7fc900e70b6a14d1","sha256":"5bb34b092a41386085ba222e5e26ad902817cdcd30b2fa0660802b9e2aabd587","sha512":"5ea04d9ee15e427cf0eb81784e04b267ef6d553a62252d0eba8e906cf3dfa46a6528dd944253873f5884bb9cbf6db291d6406232b97d5679a4aafe1a2da0f365","ssdeep":"12288:8yyKf1iLvpvhWS2CckNTGfuQhyxpJlaFW7GpgwB0vQwms3Miw8IkgFz:8yyKtIhf/hqnapHaFqInB0vHms3Miwz","tlshash":"b6e423d5c35d3ffcd231a35b696486459e1a4458f83e808dc7b5d0c527d1a6b22b3b23","first_seen":"2025-07-03T15:28:00.039852Z","last_seen":"2026-03-19T10:26:05.723094Z","times_seen":6396,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250815/2025081515124799027.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250815/2025081515124799027.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 15 Aug 2025 07:12:50 GMT\r\nEtag: \"ade7a932c1d2ca707c7c571982db0e80\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 15 Aug 2025 10:45:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 238\r\nContent-Length: 100992\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12690989488219649843\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100992,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ade7a932c1d2ca707c7c571982db0e80","sha1":"c90b374c8e17b49be098e1fb37c4fb39c0ec698f","sha256":"8efdb4ae201cb2e0ada900d086edf80773321e9039c920b2d0691f64746cf9e3","sha512":"c4dd571e7b57ab65008fe38944db37f356743acb0873c4ff04356dd20611af4a0a2230612cc82cb3f32618a068daf30c4e885755def44f407c608aac3d96449b","ssdeep":"1536:R70PZhb8NLd4E4s/m+hSZ05hzV8veY/4HsvL0lB6n9I0Dfzn5TWdJhgr0zw:R70Uf++HTi/JvL0/6n91Tr5TW+rV","tlshash":"efa3127121e1673b0ce935e43b84dc9407aaaf06ff4cb869ac8985166fde3360b9191d","first_seen":"2025-08-18T01:45:23.303339Z","last_seen":"2025-08-18T01:45:23.303339Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":86,"dns":9,"connect":11,"send":0,"wait":10,"receive":10,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.ruubqy.cn/upload_01/xiao/20250814/2025081419072079695.jpeg","fqdn":"pic.ruubqy.cn","domain":"ruubqy.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d3bqx5dvn4460l.nefcvtm.top/tag/%E8%90%9D%E8%8E%89/","date":"2025-08-18T01:44:52.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ruubqy.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Wed, 12 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:46:E3:4B:AD:76:D8:27:09:BD:DC:4D:2D:36:30:80:9D:1B:C2:4D","sha256":"4F:36:FA:C1:B1:5D:EF:21:7B:D6:3E:33:FF:9E:8C:51:84:1D:60:71:9E:8D:BA:CC:13:37:25:3F:08:B4:B3:9C"}}},"request":{"raw":"GET /upload_01/xiao/20250814/2025081419072079695.jpeg HTTP/1.1\r\nHost: pic.ruubqy.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d3bqx5dvn4460l.nefcvtm.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 14 Aug 2025 11:07:24 GMT\r\nEtag: \"b5b0e2ae09473512f3710fd7edbf2466\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 14 Aug 2025 15:45:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 240\r\nContent-Length: 138464\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9811623821788297831\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138464,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b5b0e2ae09473512f3710fd7edbf2466","sha1":"512f09f4f92b752f6f35aff85c9d3265b56201f3","sha256":"127bc422a8fcd4b225788d490fb0a1957d333afe4cb96f1a272fede66acee269","sha512":"2cdd8ccce230dbdb39fc6245f3fb9bd4aa43b7a2428a90f6de556dc6d35bde113ff4d0a8543d3d7b34a84e047a066941736a3880474fb41cc23c1e6b6f9e1c76","ssdeep":"3072:DjYIT+SXvGJUyb3+hJJ+i8b5QUzYWdA/R1ifLf5hvJ+G/qCEhZ:/J+6OBD+hWi8FQxWdA/R1ifNhvJRzE7","tlshash":"c8d3129e2bce4d5fc27758c33db146907cf9c4d4fd30b82b18a674e832594264b6a68b","first_seen":"2025-08-18T01:45:23.305519Z","last_seen":"2025-08-18T01:45:23.305519Z","times_seen":1,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}