{"report_id":"101719ae-34cf-4451-b6c1-ae8e69aa60d7","version":6,"status":"done","tags":[],"date":"2025-11-05T10:32:26Z","url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":0,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"title":"全新性爱,性感高清电影,观看最新性爱电影,电影《你是我的命运》（2008）,电影《你比星光更美丽》,精英电影,精英观看电影,你是谁电影","dom":{"size":99071,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (439)","md5":"2ff389637b9bafd1e5fc0af155569041","sha1":"3fe08bd99ab94ab95f66acb20e9ca182640bd0fc","sha256":"57feb765655561d0196601fe192d26fe92ad2ca8affb68fe14b422d33f16ed68","sha512":"4aa1bab444b2e1e105e775b9aa14bbf204603c59637fb5c898eb29c29266582d16b8467da3dc6b52c4d3ac3a8898428eb54c3397c01ca145be94c4b89b8cad74","ssdeep":"768:gpAXNhGWudIJCULR6NP4F7Qz3WQYQeWIvqH1x/Byq0eiH3bxLSU07JrPAB3QXBif:gpAXNMWiYyI7Oe+YROrblb8Kiag4rFq","tlshash":"02a3a62141f41a3e0466f4d11add2baa7c81a717c91b8e0177eca7ac5fead42ec270dd","dom_hash":"domhash743a8052e155b3968d1ee86437891b2f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":0,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-10T10:32:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-05T10:32:04Z","timestamp":1762338724,"ip_dst":{"addr":"172.18.0.22","port":49332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.252.179.114","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2025-11-05T10:32:04.329542+0000\",\"flow_id\":1263303018117866,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.252.179.114\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":49332,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-11-05T10:32:03.948970+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"polyfill-js.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xing.sex8sex833.com","ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-02-25","domain_rank":0,"first_seen":"2025-09-30T04:22:11.843559Z","last_seen":"2025-11-05T10:29:00.380623Z","alert_count":0,"request_count":11,"received_data":3772939,"sent_data":4906,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"polyfill-js.cn","ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"domain_registered":"2024-08-01","domain_rank":240780,"first_seen":"2024-08-04T22:10:30Z","last_seen":"2025-10-29T06:52:45.911274Z","alert_count":2,"request_count":2,"received_data":986,"sent_data":864,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xabfmr.com","ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":17,"received_data":716634,"sent_data":8023,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"uu.piccaiccq.com","ip":{"addr":"154.39.66.11","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"domain_registered":"2024-12-09","domain_rank":0,"first_seen":"2025-02-03T18:26:59.11499Z","last_seen":"2025-10-28T16:04:16.826562Z","alert_count":0,"request_count":3,"received_data":431446,"sent_data":1327,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s4.histats.com","ip":{"addr":"149.56.240.127","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2006-06-12","domain_rank":53951,"first_seen":"2012-05-21T19:14:14Z","last_seen":"2025-11-01T15:37:03.392446Z","alert_count":0,"request_count":1,"received_data":184,"sent_data":1119,"comment":"","tags":null,"fingerprints":null},{"fqdn":"s10.histats.com","ip":{"addr":"104.20.11.41","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2006-06-12","domain_rank":54582,"first_seen":"2012-05-21T17:14:14Z","last_seen":"2025-11-02T05:14:49.215848Z","alert_count":0,"request_count":1,"received_data":11800,"sent_data":327,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sex8sex822.com","ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-02-25","domain_rank":0,"first_seen":"2025-09-22T15:28:36.161991Z","last_seen":"2025-10-31T05:11:09.735635Z","alert_count":0,"request_count":5,"received_data":1486391,"sent_data":2205,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kki.imgaigo.com","ip":{"addr":"154.39.66.139","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"domain_registered":"2024-12-09","domain_rank":0,"first_seen":"2025-01-19T13:57:46.818501Z","last_seen":"2025-10-30T15:11:21.273415Z","alert_count":0,"request_count":1,"received_data":39627,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-05T10:32:04Z","timestamp":1762338724,"ip_dst":{"addr":"172.18.0.22","port":49332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.252.179.114","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2025-11-05T10:32:04.329542+0000\",\"flow_id\":1263303018117866,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.252.179.114\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":49332,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-11-05T10:32:03.948970+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/jquery.min.js","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb627e96bad498a4ae37643994a135fb","sha1":"22b7be6a873d818c14ba2466b03637b6abfc01ba","sha256":"c485b19a6518fd52788f4c614bafdd79e37d353a91c6bdb68d42c77888c7ec81","sha512":"6cd67e9bb86d6c95f264709b2f75f6e245e575686ca974482459f489f0d984800c677b062b85bff33b389a284c06883b62eb22f012d43e59fd2c7c2c284845ed","ssdeep":"1536:0RLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96cuYo/NWLbVj3kC6t9I:Ukn6x2xe9Nh6nC6I","tlshash":"948309dd72c6b06347ab71ba00bf550bf2361859684d8410f129e4eabc74a4e827bf7d","size":88473,"data":"","first_seen":"2025-09-22T15:28:53.164403Z","last_seen":"2026-04-28T11:57:44.743305Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/conch.vip.js?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"469354674e1fb0a5ba7fca2d6ae8f20b","sha1":"a86fd0807333701b38f536192eb4df06c3b1f2bb","sha256":"51f76eb3c942dfa3fb08b9622cde0573017db5c9cfa061f0ad083380883edb23","sha512":"6d8c309b85bfc02db0097c78601ad65552d7d045097f8a6020f071003075e0cfb6a40d11804acf72a0bc563556f2814ae6034d5d736291e5d007140161d46356","ssdeep":"384:0LVSNaKXQ+py4RcgDbcmZyca4Q648ln6Q30bz4QmGWiLJggWS9239EHI:0YNNXQ+OgDbcmZTa4lRF0AnGWiLAS9/I","tlshash":"f623700eb9b718a150b3707f5e7fb58030725417a90acd10be6c29d05f64e5ce2babe9","size":48562,"data":"","first_seen":"2025-09-22T15:28:53.168741Z","last_seen":"2026-04-28T11:57:44.741697Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b70b0bb6edfffa983420704eb038e861","sha1":"b904359a6983faf60fc7cad17c30baebbd147753","sha256":"2e2656e2d15551a4d34b8f04eaf665e6d2f4219e91514bf70529c96db2896e39","sha512":"5fc5c8cf9898cbeb4dbb48f59f9d3c414e6eefd6d997d9cf70d97ba24bcde4f437c86cb9554963a60bf511963ed46fd2f2188e9360a1400c73717fb0bf0d7a78","ssdeep":"","tlshash":"2bd02b5f2d0b58f03b4500a31378f508f0a2144a9424e001b0ed8c144f50fc044ad795","size":275,"data":"","first_seen":"2024-08-14T21:24:11Z","last_seen":"2026-04-28T16:00:39.489463Z","times_seen":1128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5b47bd06b17e1a150d649b7df96e2cd4","sha1":"97b3016dff7ff3071255d809919dbe5193fd1bb3","sha256":"d5f719e7a42dd98a77500f5a61e4bdc688f32030ff92aea6941f92a9a7d5485d","sha512":"b445ee770bdaa8bef1e2a5276a32417ff0e25b96c3038ecce8739615ac089f657c123da919503f6c0e8adb9a998ac1f6afcb21c1c8a38f5530fa99dee11bbaef","ssdeep":"","tlshash":"71e02b2998e706384cf67e441079da7934f878a4aaa3d067525cc86dcd39fd54c14eec","size":424,"data":"","first_seen":"2025-10-20T12:42:27.046251Z","last_seen":"2025-11-24T10:36:05.089874Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","size":104,"data":"","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-28T16:00:39.484265Z","times_seen":22030,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/static/js/home.js","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"97e311d35a4aa0ba09575a8dc989660b","sha1":"8166b5f8ba52aa57ab23321a8ddc8d0118f1e590","sha256":"1a52c16e5a7fc905630d52185ca457108cb0a65a4567cf6157709c1c5eceb311","sha512":"d3f4e4ef8af316fd4207a6db03e856917d5124263104ba9ebf0db1be151ce65172d26b6338d24553df9fe65b828e2a452a39bde7d1144a875c20bd5e28da9db8","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQv5:hRZXde96oRiG5","tlshash":"ae03a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","size":38309,"data":"","first_seen":"2023-03-07T01:18:35Z","last_seen":"2026-04-28T11:57:44.748375Z","times_seen":5710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s10.histats.com/js15_as.js","fqdn":"s10.histats.com","domain":"histats.com","tld":"com"},"ip":{"addr":"104.20.11.41","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e959fbdd13def4b9a9d0a5fc9a7de4d4","sha1":"1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0","sha256":"2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede","sha512":"590b22282634411002c9467c6c0d20d27979f841bffcf893e715a2b61301a873457a9cbe0a765a11592e7f5cb81fc50d5bd436bd5d47dc93bfb776515b02e2c9","ssdeep":"192:TixaOdP2DahLeKkda6nGvCvsojELj2n04UwXNAfLwUW1WuYx6jomrYZJp2XmIR2z:mxaOdWyLwaAWj2nvUwXNAfLwUWAuYx6e","tlshash":"7532969c708170066953e1a5123f413fa27b0df92dfe5558dae0b0b5bd7884ec0abbe9","size":11440,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-27T22:42:30.410081Z","times_seen":1184,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-28T15:17:39.264285Z","times_seen":132572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-28T15:17:39.264285Z","times_seen":132572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","size":104,"data":"","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-28T16:00:39.484265Z","times_seen":22030,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-28T15:17:39.264285Z","times_seen":132572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1fd5fba329de24fa7a6e0218e7caac65","sha1":"07d5640635ee7d4b4b748cef064d6a6185c9c377","sha256":"04308e957a3a0fa9cf758b4e9583d19de1f1cd98c61a272301ca9003c00da19a","sha512":"d73040c6f1bbdd03b5b4ee5df8e54e77430436c06efd432b7496b04d0898eb9e77ca279fa32fba3d97ee2bf86a8b119dd44125493c37437fe9c3007fe162c05b","ssdeep":"","tlshash":"84900443dd11c45d4531400014c534f47c411104cd0c355031355c554101f7300504c1","size":40,"data":"","first_seen":"2023-03-07T14:39:21Z","last_seen":"2026-04-28T11:57:44.797013Z","times_seen":270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"21da3290868632059da795abbde27322","sha1":"6b083053965aa44c322454e0edac9c98b196f731","sha256":"99dcbb5d36a4ad8f5e3ac435549c9352f16c21da22a697eae221216cdbae31be","sha512":"8b3fb896e0b9b3ced598e50da227b4c1354e206ca2e5f04be1200ab670865672a229a35e7ce0815b0cd58aac32f6e03fd06fa47229a132e68bc9789ce132d5a1","ssdeep":"1536:0iFKN6iIskfKKhLK8u5coSAOElosOsy8ar5MIM4allpcXvH7WcWUxcPqylCE8Eti:vKKhmlSAO4WaWal4fH7WcWUxcPqntqi","tlshash":"afd30849b35075e551e72256539ed201a3b66805b90ac0a831b6d8d7acbce8c03bfffd","size":130227,"data":"","first_seen":"2025-09-22T15:28:53.161954Z","last_seen":"2026-04-28T11:57:44.686007Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-28T15:17:39.264285Z","times_seen":132572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b70b0bb6edfffa983420704eb038e861","sha1":"b904359a6983faf60fc7cad17c30baebbd147753","sha256":"2e2656e2d15551a4d34b8f04eaf665e6d2f4219e91514bf70529c96db2896e39","sha512":"5fc5c8cf9898cbeb4dbb48f59f9d3c414e6eefd6d997d9cf70d97ba24bcde4f437c86cb9554963a60bf511963ed46fd2f2188e9360a1400c73717fb0bf0d7a78","ssdeep":"","tlshash":"2bd02b5f2d0b58f03b4500a31378f508f0a2144a9424e001b0ed8c144f50fc044ad795","size":275,"data":"","first_seen":"2024-08-14T21:24:11Z","last_seen":"2026-04-28T16:00:39.489463Z","times_seen":1128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/conch.set.js?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b67637cc913ea5c7ed6200eb3ae55aa0","sha1":"e04c7adde16f01fc29bd788532521fffaaeb573c","sha256":"ef3046ad227d3e616c15351e73a61b2e61a7687882fbe276faeb3181ce0ad86e","sha512":"628534b03d0c843546b3b2662bb978e67c8f12cfb2d6e21cacadc491bef1cc385028eeae34b2869580b7492ef5236bf7002e854cd88b39e50aa7a6839fea8e8c","ssdeep":"384:06zwC1MM8LEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg1ivW9eBI/vCc3kHiQ7l8X:0hC1MDIFbVAvWaIyc3kHP7l83JI0CI","tlshash":"6dd2f888f3916172a19b25ed542f100fa1b4a427ac198498fb7cd4f1aeb8fd9543bf34","size":31109,"data":"","first_seen":"2025-09-22T15:28:53.181282Z","last_seen":"2026-04-28T11:57:44.675588Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ccec03398246338a557ad81c2a88013","sha1":"31f8c3f54fec384ff74a812015b55ea223607a55","sha256":"be6cd474bf93e12823ace32dbaadd1dd698daf61fc6e7bdd2399bb06e8009626","sha512":"29739488e512e2c384f3e0f1503eef9866dde1bccb308fda488777efab154101aaaa15ed8eb1267b36f5c3d20bf6489eae3f8f6594ca263513e24a5e73f98d0c","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviP39EHI:Ed7Dr7OtZTqsI","tlshash":"93c2fb0979e3226281a730be8faf5008b676a157150cdd50bd1ca7d02f54a38b6f7fe9","size":26626,"data":"","first_seen":"2025-08-13T05:24:32.954262Z","last_seen":"2026-04-28T11:57:44.749011Z","times_seen":82,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s4.histats.com/stats/0.php?4952446\u0026@f16\u0026@g1\u0026@h1\u0026@i1\u0026@j1762338723366\u0026@k0\u0026@l1\u0026@m%E5%85%A8%E6%96%B0%E6%80%A7%E7%88%B1%2C%E6%80%A7%E6%84%9F%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%2C%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E6%80%A7%E7%88%B1%E7%94%B5%E5%BD%B1%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%98%AF%E6%88%91%E7%9A%84%E5%91%BD%E8%BF%90%E3%80%8B%EF%BC%882008%EF%BC%89%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%AF%94%E6%98%9F%E5%85%89%E6%9B%B4%E7%BE%8E%E4%B8%BD%E3%80%8B%2C%E7%B2%BE%E8%8B%B1%E7%94%B5%E5%BD%B1%2C%E7%B2%BE%E8%8B%B1%E8%A7%82%E7%9C%8B%E7%94%B5%E5%BD%B1%2C%E4%BD%A0%E6%98%AF%E8%B0%81%E7%94%B5%E5%BD%B1\u0026@n0\u0026@o1000\u0026@q0\u0026@r0\u0026@s0\u0026@ten-US\u0026@u1280\u0026@b1:120760126\u0026@b3:1762338723\u0026@b4:js15_as.js\u0026@b5:0\u0026@a-_0.2.1\u0026@vhttp%3A%2F%2Fxabfmr.com%2F\u0026@w","fqdn":"s4.histats.com","domain":"histats.com","tld":"com"},"ip":{"addr":"149.56.240.127","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d225fc98091df976fa6cb51eb1af97f","sha1":"3689dbb9bc9d66ffe968ef31da9b6476cc20bbdf","sha256":"afb632189f2202f2fae6d1fc8b5c77edf08d1323ab8f5b75b6907eb307e8ebb4","sha512":"92522545c56c8c6168db5913fab3db45c241ad8cbd82aa4562227930bf54c635a942a49be9ba86c01f87d450c741ecbcf28424bae74533cf276a10f4545c2c78","ssdeep":"","tlshash":"68900247791091b61060066dc582501115b504480c850750c90040898d429a98ee0912","size":50,"data":"","first_seen":"2025-11-05T10:32:46.666045Z","last_seen":"2025-11-05T10:32:46.666045Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-28T15:17:39.264285Z","times_seen":132572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/jquery.min.js","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.546Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/js/jquery.min.js HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 06:46:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f337d5-159f9\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88569,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65325)","md5":"fb627e96bad498a4ae37643994a135fb","sha1":"22b7be6a873d818c14ba2466b03637b6abfc01ba","sha256":"c485b19a6518fd52788f4c614bafdd79e37d353a91c6bdb68d42c77888c7ec81","sha512":"6cd67e9bb86d6c95f264709b2f75f6e245e575686ca974482459f489f0d984800c677b062b85bff33b389a284c06883b62eb22f012d43e59fd2c7c2c284845ed","ssdeep":"1536:0RLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96cuYo/NWLbVj3kC6t9I:Ukn6x2xe9Nh6nC6I","tlshash":"948309dd72c6b06347ab71ba00bf550bf2361859684d8410f129e4eabc74a4e827bf7d","first_seen":"2025-09-22T15:28:53.164403Z","last_seen":"2026-04-28T11:57:44.743305Z","times_seen":48,"resource_available":true,"data":null}},"time_used":605,"timings":{"blocked":142,"dns":1,"connect":151,"send":0,"wait":154,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uu.piccaiccq.com/wg-2023440066/960-60-1.gif","fqdn":"uu.piccaiccq.com","domain":"piccaiccq.com","tld":"com"},"ip":{"addr":"154.39.66.11","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uu.piccaiccq.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 05:05:09 GMT","end":"Tue, 30 Dec 2025 05:05:08 GMT"},"fingerprint":{"sha1":"1E:17:2A:3C:5B:2E:7A:18:10:DD:A3:52:08:E5:18:D4:2D:E5:CE:97","sha256":"EA:D5:62:15:D5:68:62:D8:26:70:A8:B3:59:12:15:D3:AF:54:42:C7:90:9F:F5:86:16:A7:02:25:C1:C5:20:FD"}}},"request":{"raw":"GET /wg-2023440066/960-60-1.gif HTTP/1.1\r\nHost: uu.piccaiccq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/gif\r\nContent-Length: 130340\r\nConnection: keep-alive\r\nLast-Modified: Mon, 27 Mar 2023 05:32:44 GMT\r\nETag: \"64212a7c-1fd24\"\r\nExpires: Thu, 04 Dec 2025 18:08:25 GMT\r\nCache-Control: max-age=2592000\r\nServer: nginx\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":130340,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"d8b13fc27bd9671379fbaecd33f66483","sha1":"cef79a87b1141d43e36565331999eeedaca64639","sha256":"36023619bf3fb9a0b10f23b53d7bc4c454d5f9c011737a0ef374fe608fa136a1","sha512":"d6fffb13e22327ef4def6b20848b09712380762c0116975700c821e11ec2c74548b05827d7a03fff94f3f69d2716406546c508f33901e4b838b99e32e1846419","ssdeep":"1536:WxyMgAdShJsGSWMvT/wMvMwMvMwgZ9ea+M8f/wVW7TJGUZwVW7TJGUZwVW7TJGUP:WNEtSFTQEbfKJoKJoKJbDDDl","tlshash":"ced301f7c9eac6e36924007f2a6a759d5ce542a34864fb2b3121bb04c584d3d40b1bfe","first_seen":"2023-06-17T02:26:02Z","last_seen":"2026-04-28T11:57:44.745346Z","times_seen":312,"resource_available":false,"data":null}},"time_used":2509,"timings":{"blocked":1207,"dns":0,"connect":0,"send":0,"wait":509,"receive":517,"ssl":276},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/api.php/timming/index?t=0.18272979458850847","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.475Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /api.php/timming/index?t=0.18272979458850847 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj; HstCfa4952446=1762338723366; HstCla4952446=1762338723366; HstCmu4952446=1762338723366; HstPn4952446=1; HstPt4952446=1; HstCnv4952446=1; HstCns4952446=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":259,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Unicode text, UTF-8 text, with no line terminators","md5":"c148d364b2b0caf2e69553e5db5b852e","sha1":"43ae56b2aa326b115d6cf46c16028240147ffc8a","sha256":"4cb743a98d26ead0d823a6cc8c5d7ff15fa5412afdc32878a596e6d4b1c10352","sha512":"3d52d996f619b36d4b050dcdfced7e41a5c6f63602b4b3f886b6c95dacefae7f23da6869cd6c7ad88982f2493d994ef6102c0a2539ddc8c7b823838fe4e9b5ae","ssdeep":"","tlshash":"6bd05b68237f56d31245030513d59526ac3551d705b949e1e25bc04d9edd2256e1d241","first_seen":"2025-11-05T10:32:46.65927Z","last_seen":"2025-11-05T10:32:46.65927Z","times_seen":1,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/ZrelxXk9/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/ZrelxXk9/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 147043\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:01:26 GMT\r\nEtag: \"690a5af7-23e63\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:57 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147043,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"08151c22d55b26b8be070abff3c081cc","sha1":"c7425488c559dc30e4975ea0fbce3cd4aa862704","sha256":"41cf5a7e99544441246f911a6e5e29286373b487ca1120841f3f57a56aefbe32","sha512":"6409ba1b20ea061905b074a1c0146845af0b26f430c3d4ed116f84f43b3dc0c10472305751f8893b2db123c2bd49f147beefbcb8d79aa3bd53259c0b7f688a70","ssdeep":"3072:lhY1szsFv4QwXaku5TGi87pO75xGyRQK66p7eueYwd/UDxjdbP+xoCVoZ:lhw4/qkiYy46pnGMFjd6oT","tlshash":"8de3120e1ad6ce92dd800f2428e3743e8bd8efced994585698fd62a9d17102e1dd4fc5","first_seen":"2025-11-05T10:32:46.661844Z","last_seen":"2025-11-15T11:10:47.792032Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1022,"timings":{"blocked":-1,"dns":3,"connect":155,"send":0,"wait":155,"receive":485,"ssl":223},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s4.histats.com/stats/0.php?4952446\u0026@f16\u0026@g1\u0026@h1\u0026@i1\u0026@j1762338723366\u0026@k0\u0026@l1\u0026@m%E5%85%A8%E6%96%B0%E6%80%A7%E7%88%B1%2C%E6%80%A7%E6%84%9F%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%2C%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E6%80%A7%E7%88%B1%E7%94%B5%E5%BD%B1%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%98%AF%E6%88%91%E7%9A%84%E5%91%BD%E8%BF%90%E3%80%8B%EF%BC%882008%EF%BC%89%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%AF%94%E6%98%9F%E5%85%89%E6%9B%B4%E7%BE%8E%E4%B8%BD%E3%80%8B%2C%E7%B2%BE%E8%8B%B1%E7%94%B5%E5%BD%B1%2C%E7%B2%BE%E8%8B%B1%E8%A7%82%E7%9C%8B%E7%94%B5%E5%BD%B1%2C%E4%BD%A0%E6%98%AF%E8%B0%81%E7%94%B5%E5%BD%B1\u0026@n0\u0026@o1000\u0026@q0\u0026@r0\u0026@s0\u0026@ten-US\u0026@u1280\u0026@b1:120760126\u0026@b3:1762338723\u0026@b4:js15_as.js\u0026@b5:0\u0026@a-_0.2.1\u0026@vhttp%3A%2F%2Fxabfmr.com%2F\u0026@w","fqdn":"s4.histats.com","domain":"histats.com","tld":"com"},"ip":{"addr":"149.56.240.127","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"histats.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 10:23:46 GMT","end":"Thu, 08 Jan 2026 10:23:45 GMT"},"fingerprint":{"sha1":"F7:A7:1F:74:37:3C:94:14:D2:5E:22:2C:FE:7C:72:6D:F7:2E:8A:6D","sha256":"B8:55:9C:14:BF:8A:EC:38:73:80:1C:7D:5A:FF:0A:E3:B6:96:ED:DC:47:A4:68:67:C8:5A:52:34:6F:C0:B0:CE"}}},"request":{"raw":"GET /stats/0.php?4952446\u0026@f16\u0026@g1\u0026@h1\u0026@i1\u0026@j1762338723366\u0026@k0\u0026@l1\u0026@m%E5%85%A8%E6%96%B0%E6%80%A7%E7%88%B1%2C%E6%80%A7%E6%84%9F%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%2C%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E6%80%A7%E7%88%B1%E7%94%B5%E5%BD%B1%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%98%AF%E6%88%91%E7%9A%84%E5%91%BD%E8%BF%90%E3%80%8B%EF%BC%882008%EF%BC%89%2C%E7%94%B5%E5%BD%B1%E3%80%8A%E4%BD%A0%E6%AF%94%E6%98%9F%E5%85%89%E6%9B%B4%E7%BE%8E%E4%B8%BD%E3%80%8B%2C%E7%B2%BE%E8%8B%B1%E7%94%B5%E5%BD%B1%2C%E7%B2%BE%E8%8B%B1%E8%A7%82%E7%9C%8B%E7%94%B5%E5%BD%B1%2C%E4%BD%A0%E6%98%AF%E8%B0%81%E7%94%B5%E5%BD%B1\u0026@n0\u0026@o1000\u0026@q0\u0026@r0\u0026@s0\u0026@ten-US\u0026@u1280\u0026@b1:120760126\u0026@b3:1762338723\u0026@b4:js15_as.js\u0026@b5:0\u0026@a-_0.2.1\u0026@vhttp%3A%2F%2Fxabfmr.com%2F\u0026@w HTTP/1.1\r\nHost: s4.histats.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:01 GMT\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 50\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"3d225fc98091df976fa6cb51eb1af97f","sha1":"3689dbb9bc9d66ffe968ef31da9b6476cc20bbdf","sha256":"afb632189f2202f2fae6d1fc8b5c77edf08d1323ab8f5b75b6907eb307e8ebb4","sha512":"92522545c56c8c6168db5913fab3db45c241ad8cbd82aa4562227930bf54c635a942a49be9ba86c01f87d450c741ecbcf28424bae74533cf276a10f4545c2c78","ssdeep":"","tlshash":"68900247791091b61060066dc582501115b504480c850750c90040898d429a98ee0912","first_seen":"2025-11-05T10:32:46.666045Z","last_seen":"2025-11-05T10:32:46.666045Z","times_seen":1,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":0,"dns":1,"connect":104,"send":0,"wait":104,"receive":1,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/P0y33U1o/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/P0y33U1o/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 121451\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:30 GMT\r\nEtag: \"690a5ceb-1da6b\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":121451,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"74221b3f3391a05d235d683a451a8b56","sha1":"90749d59dc3b7d218632669b9cb2866c8e1eccf2","sha256":"a6743092088b8265b79d051898648454f3fc8b4945108a61eb90a5cc69e2f2d6","sha512":"96fb97cc7bd84d5ff8c37aea8599b7815bd544075597058bdd298d4f116501a438b4faef351d98b1eab68d0c91fd06d028c90bbd662180995ded4ce365ed2571","ssdeep":"3072:+ZJi9STCDu6VtYDWD2K2ayBbbNCIZokhKh8n4fo/ofK8:68i6VqKA9BbbNCWoNh84l9","tlshash":"42c3125f2e32bb85e581e8214dba613d80039d4bf1a349a79eb55f2ec43b45523ce43e","first_seen":"2025-11-05T10:32:46.668525Z","last_seen":"2025-11-05T10:32:46.668525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":977,"timings":{"blocked":-1,"dns":1,"connect":162,"send":0,"wait":158,"receive":443,"ssl":213},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/upload/site/20250524-1/c1cadafe2ad0731cdfd3dd2cf6c29b38.png","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:05.182Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/site/20250524-1/c1cadafe2ad0731cdfd3dd2cf6c29b38.png HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj; HstCfa4952446=1762338723366; HstCla4952446=1762338723366; HstCmu4952446=1762338723366; HstPn4952446=1; HstPt4952446=1; HstCnv4952446=1; HstCns4952446=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:05 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sat, 24 May 2025 13:03:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6831c3b2-abf\"\r\nExpires: Fri, 05 Dec 2025 10:32:05 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2751,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"de8679e6ccc5843fb55ef1c9005d27f7","sha1":"81aa6878af21def9b204a7494a92b9605cefe099","sha256":"0676385212ff7805b1a8db450ac3f21ba5d32c3225659c34073a75e59545f679","sha512":"877d05d2d5251aacfb40d546e99efc6290187c334a640fd9960c69c587ce6c8899be66bbba7ae883c4e652d3cc5701daa45520c6981a2a7279f049479d7276cd","ssdeep":"","tlshash":"5c515ed9fdb0a9584dde673a570c811543310643c4a8c4e851027f1c36f71363a6b19f","first_seen":"2025-06-02T17:59:51.265915Z","last_seen":"2026-04-14T00:33:32.706682Z","times_seen":48,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/9GE8JPPi/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/9GE8JPPi/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 29450\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:30 GMT\r\nEtag: \"690a5ce1-730a\"\r\nLast-Modified: Tue, 04 Nov 2025 23:05:38 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29450,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 718x404, components 3","md5":"d65658168530bfe0e21f90c2d9592682","sha1":"de1cdf13cd439376734a6d3031b4a18fbb0bbfa1","sha256":"ec81b71fa047e869bd4a5848ac62f7a4d572d67a4cd0d87d1adb62b5872e2014","sha512":"e7a38aaf869b19711731d082779b2a61acb7cab12b9db45229470deb5039e5ec5061b2454413e3b17bdf1ba8c948768dc2e5015a4ca1204a0965eacdbc9c7be9","ssdeep":"768:v2yWE3b6ImnXMe2fxapIMMJJi60dwIGT0d9b5b4otz55O:v2yYnXMe2fxsIMM/r0dwIrdZxE","tlshash":"add2e1857547bc08bed3c75329ae68ba02efdc4776cd3f809d6709111b73a9b85a4e80","first_seen":"2025-11-05T10:32:46.672708Z","last_seen":"2025-11-05T10:32:46.672708Z","times_seen":1,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":-1,"dns":2,"connect":160,"send":0,"wait":160,"receive":188,"ssl":218},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s10.histats.com/js15_as.js","fqdn":"s10.histats.com","domain":"histats.com","tld":"com"},"ip":{"addr":"104.20.11.41","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.255Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js15_as.js HTTP/1.1\r\nHost: s10.histats.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 4547\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\netag: \"-375139978\"\r\nLast-Modified: Thu, 16 Apr 2020 10:44:16 GMT\r\nVary: Accept-Encoding\r\nAge: 17502\r\nCache-Control: max-age=28800\r\ncf-cache-status: HIT\r\nServer: cloudflare\r\nCF-RAY: 999baf5c8ff81a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11440,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (11440), with no line terminators","md5":"e959fbdd13def4b9a9d0a5fc9a7de4d4","sha1":"1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0","sha256":"2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede","sha512":"590b22282634411002c9467c6c0d20d27979f841bffcf893e715a2b61301a873457a9cbe0a765a11592e7f5cb81fc50d5bd436bd5d47dc93bfb776515b02e2c9","ssdeep":"192:TixaOdP2DahLeKkda6nGvCvsojELj2n04UwXNAfLwUW1WuYx6jomrYZJp2XmIR2z:mxaOdWyLwaAWj2nvUwXNAfLwUWAuYx6e","tlshash":"7532969c708170066953e1a5123f413fa27b0df92dfe5558dae0b0b5bd7884ec0abbe9","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-27T22:42:30.410081Z","times_seen":1184,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":33,"dns":31,"connect":2,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/qnBk5VMw/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/qnBk5VMw/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 137030\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:29 GMT\r\nEtag: \"690a5cd7-21746\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:43 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":137030,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"b61c986c2eda1f7b038687e73e61f4a4","sha1":"84b3977c31624ef026135158fd4ac456b2e1cb1d","sha256":"0cd4751686b0661cb897e5a559ea2d78abeb5ad10368cbc5929d4f1c42d4e699","sha512":"ea00ae0f34b6eb71b67ae578c649916ad8e7f0e93b7338f59292c621c54cb127d97538a0a05318da495cbe81d3497fec6735628b1c02225d043a3e1d5bd5080f","ssdeep":"3072:LT6wGamiWoeIBGH6mUR++oYo/LyNM4b8zYYLJZVrV7Zu:6wG9iVXBGa9JZNxstZn7Zu","tlshash":"9cd3126ee41ad940c10a09715b4bfa7cd09d23a056395bd55e8bfa0cbcd2613ef28bd8","first_seen":"2025-10-14T12:40:30.151449Z","last_seen":"2025-11-05T10:32:46.676099Z","times_seen":2,"resource_available":false,"data":null}},"time_used":989,"timings":{"blocked":-1,"dns":3,"connect":152,"send":0,"wait":153,"receive":462,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/y1moklNp/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/y1moklNp/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 53219\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 20:28:07 GMT\r\nEtag: \"690a5d00-cfe3\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:40 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53219,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2022:07:16 10:29:05], baseline, precision 8, 718x404, components 3","md5":"e3cebec626ee9acbd439a30280f142a6","sha1":"934c84fd78efbac8f098973261265db0b517c2ac","sha256":"9c0c694507aae34a74cf420500d5b61116447ea8848aeb42cd20b3eacd3d73ad","sha512":"242a85271012b688816c4d5d607e6b6b895b91ea433c3098e608b942faf8983227f7249024f821419236fe24245fcd6625e03c0c07a6c9965d255d65b0d2aa53","ssdeep":"768:SxZulPbxZuAxwEEuSZRg0QKQJqoki4qTFWEMaSZSiNIKq/K:SjOjNx3xSZRgEQJqeN3pQSId","tlshash":"05339d0439619d21fa8832b488fdd186d3e35ec05e73225e7eadf4462fa1a49cde9943","first_seen":"2025-11-05T10:32:46.678507Z","last_seen":"2025-11-05T10:32:46.678507Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1055,"timings":{"blocked":769,"dns":0,"connect":0,"send":0,"wait":164,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex822.com/20250919/7yKtxuEM/1.jpg","fqdn":"sex8sex822.com","domain":"sex8sex822.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex822.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 19 Sep 2025 08:36:20 GMT","end":"Sat, 19 Sep 2026 08:36:19 GMT"},"fingerprint":{"sha1":"08:47:C6:D4:61:A8:B6:F2:20:18:78:62:C3:4F:63:F4:71:0B:B0:B2","sha256":"4A:FA:FF:67:12:C6:1A:C5:B4:08:5E:0D:D8:5E:14:20:9F:93:99:D7:0D:E8:D5:20:47:2C:4B:33:32:CA:18:9B"}}},"request":{"raw":"GET /20250919/7yKtxuEM/1.jpg HTTP/1.1\r\nHost: sex8sex822.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 146996\r\nContent-Type: application/octet-stream\r\nDate: Mon, 03 Nov 2025 09:01:23 GMT\r\nEtag: \"68ce6140-23e34\"\r\nLast-Modified: Mon, 03 Nov 2025 09:04:57 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146996,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x254, components 3","md5":"47644bbd6124596ec881e365b61ce68e","sha1":"f6a82f86262fc61b3b543aa37ef6265f480b582b","sha256":"46fd4711a8b90f26f7b2953df9530b6b447e016adc6170ef60f7ac5cd429c3af","sha512":"15239647289e1f860ed772d983d97f26db8e9ee8072e24beb5173550a23e5bbed73a2cdd7c39e8d3a889efe5abc10cc029024a3b6c50d928c22e6d24f77d2c8d","ssdeep":"3072:cFlADLaxwA4xMt99O8SL0rgyha6HXWs41ukEK50Z:ylADL9rmj98TyYwS1uk90Z","tlshash":"f4e323987d583037152a4eb5fcb4e07fd93f1a62f619af2f851341960c26a93a08d9f3","first_seen":"2025-11-05T10:32:46.680696Z","last_seen":"2025-11-05T10:32:46.680696Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1219,"timings":{"blocked":38,"dns":0,"connect":165,"send":0,"wait":162,"receive":512,"ssl":338},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/upload/site/20250524-1/159186648025b381a83f9239beaa3873.jpg","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.202Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/site/20250524-1/159186648025b381a83f9239beaa3873.jpg HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sat, 24 May 2025 13:03:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6831c3ac-8aa7\"\r\nExpires: Fri, 05 Dec 2025 10:32:03 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35495,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 795x472, components 3","md5":"cae060e628a0c990ee810e8fb74cd92a","sha1":"cb6c336530a085506bb1f2b5e8dbc031a0765ce1","sha256":"d63238b93407ae6c8f0277ca706138c81c27ab0bd7fa72907f960e8d6177a252","sha512":"a6c1b051f670e0d8af84a90bba12a0234b90c8ddddbe4446559a7f6189c48aaec300c7a07ace78cbff46b98e24b98291318e3fdd76a3b098480d2e8637627885","ssdeep":"768:anMRKCESWEL+zgvYU0E4SO/lZwJmJ7Ie9vgLPidDJ:aM9ESWW+zggUF4vgJmJsugLmDJ","tlshash":"7cf22813cd085e83e8a8d77cbf069db86f4d464cf9927bfe40724ed62b546250d2b12a","first_seen":"2025-06-02T17:59:51.26278Z","last_seen":"2026-04-14T00:33:32.683839Z","times_seen":48,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"polyfill-js.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 23:05:45 GMT","end":"Wed, 10 Dec 2025 23:05:44 GMT"},"fingerprint":{"sha1":"08:18:F2:02:F3:A5:20:BE:39:46:B8:76:39:63:9A:32:AB:C1:81:53","sha256":"F6:82:8F:89:16:CE:25:2F:AE:12:9D:04:38:26:20:77:B4:DD:8D:5E:64:D8:EF:40:B8:7F:0A:DE:AD:36:F1:81"}}},"request":{"raw":"GET /v3/polyfill.min.js?features=default HTTP/1.1\r\nHost: polyfill-js.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Methods: GET,HEAD,OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\nContent-Type: text/javascript; charset=utf-8\r\nDate: Tue, 04 Nov 2025 12:35:28 GMT\r\nETag: \"1762259728\"\r\nLast-Modified: Tue, 04 Nov 2025 12:35:28 GMT\r\nServer: nginx\r\nVary: Accept-Encoding, User-Agent\r\nX-Cache: HIT, server, disk\r\nX-Cdn-Server: cn\r\nContent-Length: 115\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-28T16:00:39.484265Z","times_seen":22030,"resource_available":true,"data":null}},"time_used":1477,"timings":{"blocked":-1,"dns":437,"connect":349,"send":0,"wait":340,"receive":0,"ssl":351},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"polyfill-js.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/7UA5wsDm/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/7UA5wsDm/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 156993\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 20:29:48 GMT\r\nEtag: \"690a5d12-26541\"\r\nLast-Modified: Tue, 04 Nov 2025 22:56:55 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":156993,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"082df1edf73ca30b0b3e74be7c3393c4","sha1":"9e313328ef714d6d8d9c9d4f3cb081dfcb92b642","sha256":"fbd4259bff470bf6ab2b43816c8d55685ad3ea310503b0a208e9c534db783f57","sha512":"359a89293708fc1b27b07166c984414982ccb82d877ef73d6e1822c7957f5f4caf8d9d5aaea1498f5b66b1de896afb394c4030647ea5d1054f9f3f88520c4a92","ssdeep":"3072:rsOWe/AXeq+xVskfgsEsyj51z2KWaImVazx9k/ntxwjlH:5We/AutrYTsyj5x2KW+Va7JlH","tlshash":"7ee3129ab0c5c5018c2e2ea06cd7e581f55d9ddb69eb7ca7c8fbc648f024124e8c1f68","first_seen":"2025-11-05T10:32:46.684557Z","last_seen":"2025-11-06T04:35:42.05327Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1230,"timings":{"blocked":950,"dns":0,"connect":0,"send":0,"wait":154,"receive":126,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kki.imgaigo.com/img-202544005/960-60.gif","fqdn":"kki.imgaigo.com","domain":"imgaigo.com","tld":"com"},"ip":{"addr":"154.39.66.139","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kki.imgaigo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 05:05:05 GMT","end":"Tue, 30 Dec 2025 05:05:04 GMT"},"fingerprint":{"sha1":"9C:1C:C5:BE:D6:43:B1:2F:02:F2:8F:91:E7:C8:B9:88:80:90:85:5C","sha256":"37:C6:7E:77:7D:AE:DC:C7:F0:A8:24:5B:19:C7:01:88:C3:0E:ED:75:F1:8E:03:C6:2D:68:68:18:6C:E2:4C:A3"}}},"request":{"raw":"GET /img-202544005/960-60.gif HTTP/1.1\r\nHost: kki.imgaigo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/gif\r\nContent-Length: 39300\r\nConnection: keep-alive\r\nLast-Modified: Mon, 13 Jan 2025 13:14:38 GMT\r\nETag: \"678511be-9984\"\r\nExpires: Thu, 04 Dec 2025 17:58:26 GMT\r\nCache-Control: max-age=2592000\r\nServer: nginx\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39300,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"699eb63c7c7e506bb34a68dece1b0a9f","sha1":"475bd54abb17421aceec54e769cdb56de257766d","sha256":"9105d3d340c26dc5adab2492ce0a03f322e92bd4f3f480f87f2bb9ba5bd00e12","sha512":"77842a8b3eb51e3ff4a60c0f119267a4e94179f051da7df0eda6f1f561d23d3d997e62a08776f9f426ad492c31903f2cd9250f5ed20ea2f2c1b80ff9ff332f15","ssdeep":"768:A/VPsA8V90N+nbWmEIWmEIWmI0mfjKGt6RG1ZWnGly1ZWnGly1/:A/NU9zffI006Ra","tlshash":"8203e173d09caf96701d2c791a7636de5df78343c5f593223ba2fb0848d231a09a259b","first_seen":"2025-02-05T11:25:50.412322Z","last_seen":"2026-04-28T11:57:44.692579Z","times_seen":317,"resource_available":false,"data":null}},"time_used":1731,"timings":{"blocked":588,"dns":71,"connect":267,"send":0,"wait":515,"receive":11,"ssl":279},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"polyfill-js.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 23:05:45 GMT","end":"Wed, 10 Dec 2025 23:05:44 GMT"},"fingerprint":{"sha1":"08:18:F2:02:F3:A5:20:BE:39:46:B8:76:39:63:9A:32:AB:C1:81:53","sha256":"F6:82:8F:89:16:CE:25:2F:AE:12:9D:04:38:26:20:77:B4:DD:8D:5E:64:D8:EF:40:B8:7F:0A:DE:AD:36:F1:81"}}},"request":{"raw":"GET /v3/polyfill.min.js?features=default HTTP/1.1\r\nHost: polyfill-js.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Methods: GET,HEAD,OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\nContent-Type: text/javascript; charset=utf-8\r\nDate: Tue, 04 Nov 2025 12:35:28 GMT\r\nETag: \"1762259728\"\r\nLast-Modified: Tue, 04 Nov 2025 12:35:28 GMT\r\nServer: nginx\r\nVary: Accept-Encoding, User-Agent\r\nX-Cache: HIT, server, disk\r\nX-Cdn-Server: cn\r\nContent-Length: 115\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-28T16:00:39.484265Z","times_seen":22030,"resource_available":true,"data":null}},"time_used":1905,"timings":{"blocked":1208,"dns":0,"connect":0,"send":0,"wait":343,"receive":0,"ssl":354},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"polyfill-js.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/upload/site/20250621-1/ab27978c0e58f5740173e0d0823893a2.jpg","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.286Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/site/20250621-1/ab27978c0e58f5740173e0d0823893a2.jpg HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sat, 21 Jun 2025 13:19:42 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6856b16e-3795\"\r\nExpires: Fri, 05 Dec 2025 10:32:03 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14229,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 85\", baseline, precision 8, 380x380, components 3","md5":"18e03de5dfbfa869f86ace7976131ea8","sha1":"5c9e0ba9ca41b21f16ae01ffcd6eacb8671f1c5a","sha256":"66da87e2f2c52a9e4b2fb27e4a310885ec7c3889a9e5af3761a033cf824104a3","sha512":"b07fb2dc2fdf2ae66e6d2f4d5529655033089030730888d955ea142806017de6128263007548cd5e7773004559a466d6ed196675a5081b00f75937241259b922","ssdeep":"384:qFXSmWXi+KDaoLqmRxheajCY3Wx4j+k4v9MvZRtRIvDd2Xei:qF7DFLTx3CY3H+Pv2LRI6B","tlshash":"4652bf2bba105fe5e8d7e176ef31d101ca98690b9e8622ceebd7c981f70041b280e44d","first_seen":"2025-06-28T07:49:35.291277Z","last_seen":"2026-04-14T00:33:32.695824Z","times_seen":43,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":157,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/e89kV4SA/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/e89kV4SA/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 50360\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:29 GMT\r\nEtag: \"690a5c99-c4b8\"\r\nLast-Modified: Tue, 04 Nov 2025 23:05:38 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50360,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"1d8a763a48b47df4742518c35ddb4a14","sha1":"2c8dd86734cf7715946e53f04bca0d722add715d","sha256":"72ea60b945ac96097b2db20169976d8f6075aefef31ad356efc236e31dcd7e6b","sha512":"64bc670eff810b72a6d3a6ca138a994ef9edaed9aff3b9c7cc8386dd2669bc3272d7882185ea041efd088835b5a3f7513c2e1c611e04834d591bf20b404e0063","ssdeep":"1536:ySlpnYkdl2iiLXLM+3EWiZbih14sH2sq5:VrLv4/tSQI","tlshash":"e633f17ef9954047d6b9f812d4b19301cafa72dae652e6baf4c57cf1e000606a39c8c8","first_seen":"2025-11-05T10:32:46.688912Z","last_seen":"2025-11-05T10:32:46.688912Z","times_seen":1,"resource_available":false,"data":null}},"time_used":801,"timings":{"blocked":-1,"dns":4,"connect":160,"send":0,"wait":160,"receive":266,"ssl":209},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/VBZLAiI0/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/VBZLAiI0/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 190626\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:59 GMT\r\nEtag: \"690a5cf0-2e8a2\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:40 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":190626,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"cd8a40bfbdcc5919b8a30d2e719417d4","sha1":"7c9b5592020cc28afd09156c9bf0e153dfa23d8d","sha256":"c0036c9451ae45ab42dbeb4ed42262f4e44ed9058db3b018b52b54689a4f9098","sha512":"577fda4b45ef87e5b68063cec4aecaf171dc14ce233d0126473324d2fb9c727e2c40646af902bf548840f7d949e78dd24c83fc726452df7a66a3c6e05db1f46a","ssdeep":"3072:kH6mTvRnAyTRLWkdUnyJ8TnxonT7N3abW0JxYM8w+cA9B5BT/OJm17/ZaksvJE5m:kasvuyVLW+Un3w4CSYM596pT/OJ47xfg","tlshash":"461412213367a8d032f4349860b3f2e442be13e87f6455e19cd62fb7c2542b6d5ea81e","first_seen":"2025-11-05T10:32:46.691238Z","last_seen":"2025-11-05T10:32:46.691238Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1054,"timings":{"blocked":-1,"dns":0,"connect":155,"send":0,"wait":154,"receive":532,"ssl":209},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-05T10:32:01.714Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nSet-Cookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96158,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (508), with CRLF, LF, NEL line terminators","md5":"18b8d8c3ed9bf74e491aed74900edcdb","sha1":"4a945adad5267261ac63a2ba4535bb1b2efad1a7","sha256":"231f2e3fb0376879d0c64266717815a8f232a28cfae2ce0a96f398ce8aa46337","sha512":"20976aa14fe67a263dcdf9d773cfb27ba98a4449e37970b6966307016f31c7e74bd1bebd1a29dc85aa3fdc41622d0cdfa45e0e5e732284e6a6884a3f74687479","ssdeep":"1536:BpAXyoa7xe+vFNYTvtA43svBvzC4COCgfy+YkIRpQ4jV:BpAXZa7xe+8TvC+","tlshash":"0ea3851140f4873e0596e4e11e9c279a6ca1a397ca5f8a0137eddbec1feae41e8170dd","first_seen":"2025-11-05T10:32:46.693349Z","last_seen":"2025-11-05T10:32:46.693349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":970,"timings":{"blocked":149,"dns":1,"connect":152,"send":0,"wait":516,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex822.com/20250920/EpDc2kgP/1.jpg","fqdn":"sex8sex822.com","domain":"sex8sex822.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex822.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 19 Sep 2025 08:36:20 GMT","end":"Sat, 19 Sep 2026 08:36:19 GMT"},"fingerprint":{"sha1":"08:47:C6:D4:61:A8:B6:F2:20:18:78:62:C3:4F:63:F4:71:0B:B0:B2","sha256":"4A:FA:FF:67:12:C6:1A:C5:B4:08:5E:0D:D8:5E:14:20:9F:93:99:D7:0D:E8:D5:20:47:2C:4B:33:32:CA:18:9B"}}},"request":{"raw":"GET /20250920/EpDc2kgP/1.jpg HTTP/1.1\r\nHost: sex8sex822.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 570962\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 06:07:48 GMT\r\nEtag: \"68cf8893-8b652\"\r\nLast-Modified: Tue, 04 Nov 2025 06:21:20 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":570962,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1280x720, components 3","md5":"317175b660417b626a2814cfc540e018","sha1":"e9699f3c8227f19e5e71db628e8cb35efebec1b9","sha256":"7a410c14a6b47d8b02ac5e3d4f16f3ab49e3c0de471997948241493cdd93581c","sha512":"e963579426618b7146ffef93c349427c1a6e801bec81e09212954b53ec61032b249bb50939aebd8f3abb9627cc5e9c782d409c811a2efd01c172d36c84724026","ssdeep":"12288:AJ/3R+nv3+fRWPJDv0cQXC506wkfRPEwPnrpxXa7SRx8Di3nrDRMwv:q/3RgmfRoh0cQXC50kGwp+G3rVx","tlshash":"1fc423003db2cfddcb1989d0204613a8dbf66290e9f1974e9de8552df8eec47165cae2","first_seen":"2025-11-05T10:32:46.695871Z","last_seen":"2025-11-05T10:32:46.695871Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1554,"timings":{"blocked":-1,"dns":9,"connect":161,"send":0,"wait":161,"receive":827,"ssl":396},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xabfmr.com/","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-05T10:32:01.333Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T15:24:19.563648Z","times_seen":14331860,"resource_available":true,"data":null}},"time_used":357,"timings":{"blocked":0,"dns":44,"connect":151,"send":0,"wait":0,"receive":0,"ssl":159},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/css/swiper.min.css","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.545Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/css/swiper.min.css HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Fri, 22 Jan 2021 14:23:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"600adffe-4d56\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19798,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19533)","md5":"6c1ec3a038a24ce46e374fc4ba26ea95","sha1":"27650e8aaa257fd8f9841db734994b525ae0179e","sha256":"9a2b860be289fc8b54b37b74083c191b4981a79c73ed3acd141d3e60bccf94de","sha512":"2e4f92fd1b19734b8318ed055298abf73185eda96d0f8fe9507bda54939683bde4003465b914d023c26eae6a1e6c7b6e14637786a286da2170f2729a4b6e0d56","ssdeep":"192:3xaNf/lSSyJWCh8zfi5o/mXDN3eBxwdJ5c:3xa1/lS0Cifi5o/mXOGJ5c","tlshash":"e792622c17003057e2334f1a87d99778c724c9939e4358ef6250ee48c7bb96a32af766","first_seen":"2023-04-06T22:37:14Z","last_seen":"2026-04-28T11:57:44.732441Z","times_seen":1635,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":143,"dns":0,"connect":151,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/conch.set.js?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/js/conch.set.js?v=3.1 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 06:20:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f3319b-79e5\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31205,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10809)","md5":"b67637cc913ea5c7ed6200eb3ae55aa0","sha1":"e04c7adde16f01fc29bd788532521fffaaeb573c","sha256":"ef3046ad227d3e616c15351e73a61b2e61a7687882fbe276faeb3181ce0ad86e","sha512":"628534b03d0c843546b3b2662bb978e67c8f12cfb2d6e21cacadc491bef1cc385028eeae34b2869580b7492ef5236bf7002e854cd88b39e50aa7a6839fea8e8c","ssdeep":"384:06zwC1MM8LEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg1ivW9eBI/vCc3kHiQ7l8X:0hC1MDIFbVAvWaIyc3kHP7l83JI0CI","tlshash":"6dd2f888f3916172a19b25ed542f100fa1b4a427ac198498fb7cd4f1aeb8fd9543bf34","first_seen":"2025-09-22T15:28:53.181282Z","last_seen":"2026-04-28T11:57:44.675588Z","times_seen":49,"resource_available":true,"data":null}},"time_used":456,"timings":{"blocked":141,"dns":1,"connect":154,"send":0,"wait":158,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/set/autocomplete.js?_=1762338723168","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.261Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/js/set/autocomplete.js?_=1762338723168 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 07:52:59 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f3475b-6803\"\r\nExpires: Wed, 05 Nov 2025 22:32:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26627,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1512)","md5":"9ccec03398246338a557ad81c2a88013","sha1":"31f8c3f54fec384ff74a812015b55ea223607a55","sha256":"be6cd474bf93e12823ace32dbaadd1dd698daf61fc6e7bdd2399bb06e8009626","sha512":"29739488e512e2c384f3e0f1503eef9866dde1bccb308fda488777efab154101aaaa15ed8eb1267b36f5c3d20bf6489eae3f8f6594ca263513e24a5e73f98d0c","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviP39EHI:Ed7Dr7OtZTqsI","tlshash":"93c2fb0979e3226281a730be8faf5008b676a157150cdd50bd1ca7d02f54a38b6f7fe9","first_seen":"2025-08-13T05:24:32.954262Z","last_seen":"2026-04-28T11:57:44.749011Z","times_seen":82,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/css/style.css?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.542Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/css/style.css?v=3.1 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sat, 09 Nov 2024 20:39:54 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672fc89a-21b3c\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":138044,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (859)","md5":"dd3f21851ae3b972ad1887e9aa889ff1","sha1":"c3ae46c3d9cd1b780567a8516027599e2b3301fe","sha256":"e3005222cef950aaa95c7f181f4774161c5f6acbde0a2680b1a4e14907243538","sha512":"4c73564d07f6063e4639841f658fe9be8faa49d6950e52bb70214406b0996db0dfe0243257be350fa76e355bbc58115df4a26817f0daea8fc7b2a4cd1bd61105","ssdeep":"3072:cB1Jrd16MWV25TrbGZ9XqZo3AmAsty9HH1MoqK34rFtgSI+l/0fC4rMEIHI9uj9E:cB1Jrd16MWV25TrbGZ9XqZo3AmAsty9L","tlshash":"e7d32027a4111d0c22b7d042a58f37b9712df033e1266eeea3945a2dcbcbf5931a57c9","first_seen":"2025-06-02T17:59:51.283412Z","last_seen":"2026-04-28T11:57:44.684656Z","times_seen":63,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/conch.vip.js?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/js/conch.vip.js?v=3.1 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 06:46:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f337d5-be12\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48658,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1501)","md5":"469354674e1fb0a5ba7fca2d6ae8f20b","sha1":"a86fd0807333701b38f536192eb4df06c3b1f2bb","sha256":"51f76eb3c942dfa3fb08b9622cde0573017db5c9cfa061f0ad083380883edb23","sha512":"6d8c309b85bfc02db0097c78601ad65552d7d045097f8a6020f071003075e0cfb6a40d11804acf72a0bc563556f2814ae6034d5d736291e5d007140161d46356","ssdeep":"384:0LVSNaKXQ+py4RcgDbcmZyca4Q648ln6Q30bz4QmGWiLJggWS9239EHI:0YNNXQ+OgDbcmZTa4lRF0AnGWiLAS9/I","tlshash":"f623700eb9b718a150b3707f5e7fb58030725417a90acd10be6c29d05f64e5ce2babe9","first_seen":"2025-09-22T15:28:53.168741Z","last_seen":"2026-04-28T11:57:44.741697Z","times_seen":49,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":140,"dns":1,"connect":154,"send":0,"wait":155,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex822.com/20250920/nb4aVyGG/1.jpg","fqdn":"sex8sex822.com","domain":"sex8sex822.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex822.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 19 Sep 2025 08:36:20 GMT","end":"Sat, 19 Sep 2026 08:36:19 GMT"},"fingerprint":{"sha1":"08:47:C6:D4:61:A8:B6:F2:20:18:78:62:C3:4F:63:F4:71:0B:B0:B2","sha256":"4A:FA:FF:67:12:C6:1A:C5:B4:08:5E:0D:D8:5E:14:20:9F:93:99:D7:0D:E8:D5:20:47:2C:4B:33:32:CA:18:9B"}}},"request":{"raw":"GET /20250920/nb4aVyGG/1.jpg HTTP/1.1\r\nHost: sex8sex822.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 242542\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 05:53:19 GMT\r\nEtag: \"68cf889d-3b36e\"\r\nLast-Modified: Tue, 04 Nov 2025 05:53:36 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242542,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 700x700, components 3","md5":"8efc53aa46f79f2aebcbe273c6f0a037","sha1":"3acf768f30630b8f6ff824553c917ad215d91218","sha256":"3e32605f94b4815b5638527e7a67c776ec9b122341738a67492804456ce861ed","sha512":"aebeeb51acd5227a11be610f6f685d97f5283db6e5e30760fab9269126c4ac002bac872423e17bcb389a26ff8a29d71d8cbb43bddf8bbe448c3a8617cfaf6eef","ssdeep":"6144:grEOvGo1Bwj+6PuGmEBVocGflHnVQg+hO4s9C0BEr:grEEG2BCmGDDodnRuO4qCd","tlshash":"133422e94aa12483caaa77bce6af9b19974084f9cdd53104e90d5343e4f6ebfde00531","first_seen":"2025-11-05T10:32:46.706919Z","last_seen":"2025-11-05T10:32:46.706919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1300,"timings":{"blocked":-1,"dns":0,"connect":152,"send":0,"wait":153,"receive":590,"ssl":403},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/css/white.css?v=3.1","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.544Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/css/white.css?v=3.1 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 25 Apr 2022 07:59:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"626654c8-2009\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8201,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (1032)","md5":"204f89da8eeb81388308ab70d7ad792f","sha1":"67f73e1909de0c51120bee59b97add537ec57cc3","sha256":"d860a62b8ec673c3c956c3ba7966ee0e62c94b452014362cdb4458b75ec21212","sha512":"6916a709d1805904293197544bbd0b9273d85c2eb945bf662bf423c78da91ea51d1ea48a61018d262affc35ff6f8c2487c917324b79fecf8542030d05abfe7c6","ssdeep":"192:A08+wRdB03qjQgbVvV1UW3JFmhEXBvbKhbx2RVIJnS1izIssa0B:z8+2dB03wvN1UWZFmhaD7IJnS1izIssz","tlshash":"ee02982b9c411d2a22fbc04a244a7bb4f55efa23f5512bfe1361103d97c9e5a71ad3c2","first_seen":"2024-09-20T20:13:35.434231Z","last_seen":"2026-04-28T11:57:44.736794Z","times_seen":72,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":143,"dns":1,"connect":151,"send":0,"wait":151,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/static/js/home.js","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.550Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/home.js HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 13 Mar 2025 07:03:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67d28346-95a5\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38309,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2677)","md5":"97e311d35a4aa0ba09575a8dc989660b","sha1":"8166b5f8ba52aa57ab23321a8ddc8d0118f1e590","sha256":"1a52c16e5a7fc905630d52185ca457108cb0a65a4567cf6157709c1c5eceb311","sha512":"d3f4e4ef8af316fd4207a6db03e856917d5124263104ba9ebf0db1be151ce65172d26b6338d24553df9fe65b828e2a452a39bde7d1144a875c20bd5e28da9db8","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQv5:hRZXde96oRiG5","tlshash":"ae03a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","first_seen":"2023-03-07T01:18:35Z","last_seen":"2026-04-28T11:57:44.748375Z","times_seen":5710,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":139,"dns":0,"connect":0,"send":0,"wait":153,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uu.piccaiccq.com/tu-2022290039/960-60.gif","fqdn":"uu.piccaiccq.com","domain":"piccaiccq.com","tld":"com"},"ip":{"addr":"154.39.66.11","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uu.piccaiccq.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 05:05:09 GMT","end":"Tue, 30 Dec 2025 05:05:08 GMT"},"fingerprint":{"sha1":"1E:17:2A:3C:5B:2E:7A:18:10:DD:A3:52:08:E5:18:D4:2D:E5:CE:97","sha256":"EA:D5:62:15:D5:68:62:D8:26:70:A8:B3:59:12:15:D3:AF:54:42:C7:90:9F:F5:86:16:A7:02:25:C1:C5:20:FD"}}},"request":{"raw":"GET /tu-2022290039/960-60.gif HTTP/1.1\r\nHost: uu.piccaiccq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/gif\r\nContent-Length: 168964\r\nConnection: keep-alive\r\nLast-Modified: Sun, 02 Apr 2023 04:29:09 GMT\r\nETag: \"64290495-29404\"\r\nExpires: Fri, 05 Dec 2025 00:20:45 GMT\r\nCache-Control: max-age=2592000\r\nServer: nginx\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168964,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"79a35324921d9ccf4d5291affbe8ff95","sha1":"4cc204ed457eae527b21e4b55a101a66c271e943","sha256":"1da3a7bd89326009fc485f35c53ad920d2a9d4b752b5e711772102d7fb67b482","sha512":"940f98267d7f7e35f65433f141f7eb9033613132567a7bb060072c0211fc6678afca0e63d5ee5b76ff9bc084cdd9b9d4c4053c2e26b21ca200913d5e30d15d16","ssdeep":"3072:UfwbcsYP/NvUAjGDNvUAjGDNvUAjGDNvUQnIobrjbrjbrjbrG/fxA0T54KaxA0Tk:tbovD2vD2vD2vfrvrvrvrGGAlAlAlJ","tlshash":"1df3f27ec10e61a2fcc67749e16108375cc054ba84a9aa33d246b7930f99d6d93c4bdf","first_seen":"2023-04-07T13:01:22Z","last_seen":"2025-11-05T10:32:46.711045Z","times_seen":13,"resource_available":false,"data":null}},"time_used":2264,"timings":{"blocked":591,"dns":71,"connect":266,"send":0,"wait":515,"receive":543,"ssl":275},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uu.piccaiccq.com/5428/960-60-9.gif","fqdn":"uu.piccaiccq.com","domain":"piccaiccq.com","tld":"com"},"ip":{"addr":"154.39.66.11","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uu.piccaiccq.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 05:05:09 GMT","end":"Tue, 30 Dec 2025 05:05:08 GMT"},"fingerprint":{"sha1":"1E:17:2A:3C:5B:2E:7A:18:10:DD:A3:52:08:E5:18:D4:2D:E5:CE:97","sha256":"EA:D5:62:15:D5:68:62:D8:26:70:A8:B3:59:12:15:D3:AF:54:42:C7:90:9F:F5:86:16:A7:02:25:C1:C5:20:FD"}}},"request":{"raw":"GET /5428/960-60-9.gif HTTP/1.1\r\nHost: uu.piccaiccq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: image/gif\r\nContent-Length: 131155\r\nConnection: keep-alive\r\nLast-Modified: Sat, 18 Feb 2023 06:54:08 GMT\r\nETag: \"63f07610-20053\"\r\nExpires: Fri, 05 Dec 2025 00:20:45 GMT\r\nCache-Control: max-age=2592000\r\nServer: nginx\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131155,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"09a7764ecd34fbdd4a5bc0614cb23ece","sha1":"279f7fed4d5ec8bad353ba153585ba4ebffb61cc","sha256":"5666a8237636613c42876c8a5e5d8666eefea41a0eb9160a1dcb7cc8337cee11","sha512":"3cffa42deedbdc717288c63467abb745987cd74312f93363c3da612f0db4b23634fd38096c91e2190e09628516c84f9fabce028e8b21877953830e54ee2ad808","ssdeep":"3072:bQvfsyN0bvsGTFDbuIbTOsUshlZMd1rbAVWTPo16J123tK:bkfRN+XdZoshHMXbAz16J12dK","tlshash":"81d3127f029fc659d8374c18574071aa590648e23cbfdb233eb9f6d2a04223915eebd9","first_seen":"2025-02-08T09:22:44.439089Z","last_seen":"2025-11-05T10:32:46.712774Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2224,"timings":{"blocked":590,"dns":71,"connect":262,"send":0,"wait":507,"receive":517,"ssl":276},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/js/set/swiper.min.js?_=1762338723169","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.430Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/js/set/swiper.min.js?_=1762338723169 HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj; HstCfa4952446=1762338723366; HstCla4952446=1762338723366; HstCmu4952446=1762338723366; HstPn4952446=1; HstPt4952446=1; HstCnv4952446=1; HstCns4952446=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:03 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 07:54:38 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f347be-1fd13\"\r\nExpires: Wed, 05 Nov 2025 22:32:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130323,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65325)","md5":"21da3290868632059da795abbde27322","sha1":"6b083053965aa44c322454e0edac9c98b196f731","sha256":"99dcbb5d36a4ad8f5e3ac435549c9352f16c21da22a697eae221216cdbae31be","sha512":"8b3fb896e0b9b3ced598e50da227b4c1354e206ca2e5f04be1200ab670865672a229a35e7ce0815b0cd58aac32f6e03fd06fa47229a132e68bc9789ce132d5a1","ssdeep":"1536:0iFKN6iIskfKKhLK8u5coSAOElosOsy8ar5MIM4allpcXvH7WcWUxcPqylCE8Eti:vKKhmlSAO4WaWal4fH7WcWUxcPqntqi","tlshash":"afd30849b35075e551e72256539ed201a3b66805b90ac0a831b6d8d7acbce8c03bfffd","first_seen":"2025-09-22T15:28:53.161954Z","last_seen":"2026-04-28T11:57:44.686007Z","times_seen":47,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/template/conch/asset/fonts/iconfont.css","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:02.696Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/conch/asset/fonts/iconfont.css HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/template/conch/asset/css/style.css?v=3.1\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Fri, 22 Jan 2021 14:23:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"600adffe-71e9\"\r\nExpires: Wed, 05 Nov 2025 22:32:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29161,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (21737)","md5":"277c080a646a14b39598caa904b170e8","sha1":"44d971ce8b8bd16f694baecca84405f5e92b45c7","sha256":"70be6160043f98f64cfd7c6f2f0a02446beaf85e24a0c15afb67344ba2861c25","sha512":"ef477b6dd1c525d9bb81d4f04d13d6b42b54ca291ce755d84a5a3391d46134b8c032f59dd0885ce7156a6aefcfe43667668bc011b7d5afd1fa4d9159396809fe","ssdeep":"768:JDWSCZ2fuzzL5X2SN3d+Z3k8YUDoN+PmsJGVcPqr1j7wm:JbCPz/d2S18ZLBctsJGVcPqr1j7wm","tlshash":"9dd2faf8c9bd1e94434de8d4338aa621af1857e8cec94cd4d3b67c9da1e235091929ec","first_seen":"2023-04-14T17:46:50Z","last_seen":"2026-04-28T11:57:44.720442Z","times_seen":264,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":143,"dns":0,"connect":0,"send":0,"wait":154,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/ESD2Mi2D/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/ESD2Mi2D/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 2704331\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 20:22:46 GMT\r\nEtag: \"690a5c9a-2943cb\"\r\nLast-Modified: Tue, 04 Nov 2025 21:52:57 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2704331,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1795 x 1254, 8-bit/color RGBA, non-interlaced","md5":"724a0bb8d50937e27fd145740713809a","sha1":"ce77be23e81d315dbec0f8234b0b5b82c07236bb","sha256":"83fc2e0be845627b3fd30d399361dea7d5b0923295113bf78f5a853fb6395c27","sha512":"eece446980ddc6a8b3fdde6e0dddc18ffb9ec9a554ccacd163d8d71b580152fdd5eeeecc4ac8450742ceee25b2eb877da9e317325bc9234aec059377b58bea05","ssdeep":"24576:mMlRq4R3JtV0ht703f5+JggWfa1xMF5v4Fd++gnmf37cEmXxB:mMlvJtChx0MJ+DTelcJf","tlshash":"27253305c4f573d9f6e5bb81bc814e2ae19a125030e71a98baedad0b5f02e74fd0614f","first_seen":"2025-11-05T10:32:46.715794Z","last_seen":"2025-11-05T10:32:46.715794Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2061,"timings":{"blocked":875,"dns":0,"connect":0,"send":0,"wait":164,"receive":1022,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex822.com/20250919/sVf4TvRc/1.jpg","fqdn":"sex8sex822.com","domain":"sex8sex822.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex822.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 19 Sep 2025 08:36:20 GMT","end":"Sat, 19 Sep 2026 08:36:19 GMT"},"fingerprint":{"sha1":"08:47:C6:D4:61:A8:B6:F2:20:18:78:62:C3:4F:63:F4:71:0B:B0:B2","sha256":"4A:FA:FF:67:12:C6:1A:C5:B4:08:5E:0D:D8:5E:14:20:9F:93:99:D7:0D:E8:D5:20:47:2C:4B:33:32:CA:18:9B"}}},"request":{"raw":"GET /20250919/sVf4TvRc/1.jpg HTTP/1.1\r\nHost: sex8sex822.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 329093\r\nContent-Type: application/octet-stream\r\nDate: Mon, 03 Nov 2025 08:47:12 GMT\r\nEtag: \"68ce6140-50585\"\r\nLast-Modified: Mon, 03 Nov 2025 09:06:09 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329093,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"f18c624b102a45560ba8965759f1935c","sha1":"edc639d036de2468071e5b0c0d9832620e260922","sha256":"f5d003653f65264ecdfcaadb7c18fd1bf579e84bc5871f49623a50edadc6d745","sha512":"34b1ada1ea160cfcb939d0d53f27446a20aec4eec832f4ade44e8e6f32d9ab7798050ceb5fa81b10794dca61069f76239b1263f2cc83271a98724e475879cef9","ssdeep":"6144:6iG48WNsWinHiWP/ejqYMr/mxG2pkDoHvWe4cXP2wd6dZjeYJUgetmoV3K:RGfkja/ejQrMZpkWr4NwgdFeYJnizV3K","tlshash":"7b64230116cfffcd8caa4a7cca3935ff665b90c29dd959a48940e6314f80f4b646b1b8","first_seen":"2025-11-05T10:32:46.717205Z","last_seen":"2025-11-05T10:32:46.717205Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1369,"timings":{"blocked":21,"dns":0,"connect":156,"send":0,"wait":157,"receive":667,"ssl":364},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xabfmr.com/upload/site/20250524-1/83ecfc430e45c7c21911e1e933e35edb.png","fqdn":"xabfmr.com","domain":"xabfmr.com","tld":"com"},"ip":{"addr":"107.149.49.120","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:05.180Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/site/20250524-1/83ecfc430e45c7c21911e1e933e35edb.png HTTP/1.1\r\nHost: xabfmr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nCookie: PHPSESSID=b94a5i5qedgf0u25n5j3tc6mcj; HstCfa4952446=1762338723366; HstCla4952446=1762338723366; HstCmu4952446=1762338723366; HstPn4952446=1; HstPt4952446=1; HstCnv4952446=1; HstCns4952446=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 05 Nov 2025 10:32:05 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sat, 24 May 2025 13:03:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6831c3b5-abf\"\r\nExpires: Fri, 05 Dec 2025 10:32:05 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2751,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"de8679e6ccc5843fb55ef1c9005d27f7","sha1":"81aa6878af21def9b204a7494a92b9605cefe099","sha256":"0676385212ff7805b1a8db450ac3f21ba5d32c3225659c34073a75e59545f679","sha512":"877d05d2d5251aacfb40d546e99efc6290187c334a640fd9960c69c587ce6c8899be66bbba7ae883c4e652d3cc5701daa45520c6981a2a7279f049479d7276cd","ssdeep":"","tlshash":"5c515ed9fdb0a9584dde673a570c811543310643c4a8c4e851027f1c36f71363a6b19f","first_seen":"2025-06-02T17:59:51.265915Z","last_seen":"2026-04-14T00:33:32.706682Z","times_seen":48,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/K7bYCIY4/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/K7bYCIY4/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 8635\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 21:30:59 GMT\r\nEtag: \"690a5cf6-21bb\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:40 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8635,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc61.3.100\", baseline, precision 8, 320x240, components 3","md5":"412fff38c14c1136a2692d8a20266db3","sha1":"eb945a0890d79783d9c1aee66179400be516b82f","sha256":"211ea2920c45d0220ad6c4ab813e045cfdaf2f969ddce50a94d2aa2abe184852","sha512":"4505d4745e06bab1c9053b4cdfcf883ed04cff095673d96d117de7ba6ac51a38f3a5297bc458f3726c2603a22066b38d3f729c40e87208133c11e6a10ff6d263","ssdeep":"192:0D7xxYatuPxohFHF83KY47cQrgC1iv2BqfaCGl/apflTzBp:0DldtXF83NX/2B16flTNp","tlshash":"0002aeb4f9386915c3c3e7285a570503965e39cbbe5adb3450f468e8cf488cbdba3258","first_seen":"2025-11-05T10:32:46.718684Z","last_seen":"2025-11-05T10:32:46.718684Z","times_seen":1,"resource_available":false,"data":null}},"time_used":883,"timings":{"blocked":708,"dns":0,"connect":0,"send":0,"wait":164,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xing.sex8sex833.com/20251105/ZTxjcNSc/1.jpg","fqdn":"xing.sex8sex833.com","domain":"sex8sex833.com","tld":"com"},"ip":{"addr":"216.180.229.170","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xing.sex8sex833.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 26 Sep 2025 13:37:39 GMT","end":"Sat, 26 Sep 2026 13:37:38 GMT"},"fingerprint":{"sha1":"28:B4:22:5C:4D:3B:2D:75:D1:AA:11:BA:8B:68:D2:F4:0C:24:56:3C","sha256":"6F:10:DA:E6:82:FD:27:6D:3B:9D:3C:45:0E:7C:3D:E5:97:73:D9:BB:0B:4F:75:19:4F:20:88:F9:00:89:42:D6"}}},"request":{"raw":"GET /20251105/ZTxjcNSc/1.jpg HTTP/1.1\r\nHost: xing.sex8sex833.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 169012\r\nContent-Type: application/octet-stream\r\nDate: Tue, 04 Nov 2025 20:29:50 GMT\r\nEtag: \"690a5d0b-29434\"\r\nLast-Modified: Tue, 04 Nov 2025 22:36:39 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":169012,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"97b88171c6429e8b88981265c7347d20","sha1":"913cc8f4d680b2cabfd1d6582b907db0ba8b267e","sha256":"8411022249f87e41fd859d09f22d73c4a94e09e6a3fd073b81f245ad98e43040","sha512":"7928b28532eaf89a51996354d444a6570aefe8dba406b1b74560de1d302a6660f5789c341829708c515abf71514930b2a31d708208f21e3e74981f88433677d3","ssdeep":"3072:AZ34wTpA/Is3UpWU2Raz6WdW5VZplBLT8v3maZ7E6hdVj96:y3DwIdp1Aaz6UW5DpTmTEK/x6","tlshash":"4bf322207c964c86dd24be042c9e55c30c1d75de7397a3aaafa9ce0b686410932ff89d","first_seen":"2025-11-05T10:32:46.720269Z","last_seen":"2025-11-05T10:32:46.720269Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1292,"timings":{"blocked":949,"dns":0,"connect":0,"send":0,"wait":160,"receive":183,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sex8sex822.com/20250919/ze63hdwu/1.jpg","fqdn":"sex8sex822.com","domain":"sex8sex822.com","tld":"com"},"ip":{"addr":"216.180.227.219","port":443,"asn":47191,"as":"blue tech technology Co., Limited","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xabfmr.com/","date":"2025-11-05T10:32:03.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sex8sex822.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Fri, 19 Sep 2025 08:36:20 GMT","end":"Sat, 19 Sep 2026 08:36:19 GMT"},"fingerprint":{"sha1":"08:47:C6:D4:61:A8:B6:F2:20:18:78:62:C3:4F:63:F4:71:0B:B0:B2","sha256":"4A:FA:FF:67:12:C6:1A:C5:B4:08:5E:0D:D8:5E:14:20:9F:93:99:D7:0D:E8:D5:20:47:2C:4B:33:32:CA:18:9B"}}},"request":{"raw":"GET /20250919/ze63hdwu/1.jpg HTTP/1.1\r\nHost: sex8sex822.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xabfmr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"1.jpg\"\r\nContent-Length: 194618\r\nContent-Type: application/octet-stream\r\nDate: Mon, 03 Nov 2025 09:25:18 GMT\r\nEtag: \"68ce6140-2f83a\"\r\nLast-Modified: Mon, 03 Nov 2025 09:50:21 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194618,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1170x649, components 3","md5":"d26d659a7533308f3f3c4dc0e6e3731c","sha1":"c61c3e2c59f5a5c66a31af8ad32dd51058b00e28","sha256":"92afcfeb6bddb15ba8ebb8254b3067949aa7d7027b921ee7d59aee8e410e2734","sha512":"553767505fc22a58365db2e79629d9c8e754e1e43760a763a5a08015517713477cdc3c8ea293a7a062ea08811ec85180c405a082a70b2120b55fadb78d73208c","ssdeep":"3072:1mxin8HkGAeeSP2hfn5tWLQ2q2ggUCRD9y+gMZ29Y4/r2uivAnY7hiUs:1mxin8HkGA/w2hf5tMQ2Bggp4+G9B/rz","tlshash":"711412e0d6cea7fc4aa7df7702827b54f01ed788610875a9f24d9de7bf09c0591a2248","first_seen":"2025-11-05T10:32:46.721841Z","last_seen":"2025-11-05T10:32:46.721841Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1252,"timings":{"blocked":-1,"dns":2,"connect":158,"send":0,"wait":156,"receive":547,"ssl":385},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}