{"report_id":"1114bee4-da6a-47ea-b2fd-b2c5fc89b469","version":6,"status":"done","tags":[],"date":"2026-03-23T08:32:25Z","url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.54","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"title":"i博导app下载官方-i博导最新版本下载v2.8.1 安卓版-9663安卓网","dom":{"size":43400,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5684)","md5":"dacb2ace6bd558b8695317f6aeb050c1","sha1":"52c50ce9eb2eae8fd4c3b4385da5f4d62c4ae25c","sha256":"007090e0d38e3e2aad68d92456f69e7c83be9c287fc305c83658952b1d4d5275","sha512":"8570fa5abd59f1e514781fcf956e6bbf35d3239d4558f6e37083c197d36f4841046be491e554d1e736621bbaac070d1d677d22cf9f09f2b406c0bef9fc06de00","ssdeep":"768:iWOJrflqmP9nbyb5tuH/wzP9FhpQ+BahDD1k+mk1ucdPcmlqme:ihrwQb05NAucdPOP","tlshash":"85130922c5d6442f2a3295cce579ab19b0e3535edd374d05b3ecadd9a7cbf402a0248b","dom_hash":"domhashbe68f121903fa551bb583b3c83a71b8e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.54","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-27T08:32:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T08:32:03Z","timestamp":1774254723,"ip_dst":{"addr":"Client IP","port":58918,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.61","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-03-23T08:32:03.568352+0000\",\"flow_id\":1076791158720490,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.61\",\"src_port\":443,\"dest_ip\":\"172.18.0.25\",\"dest_port\":58918,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.9663.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":699,\"bytes_toclient\":181,\"start\":\"2026-03-23T08:32:03.083946+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T08:32:04Z","timestamp":1774254724,"ip_dst":{"addr":"Client IP","port":59528,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.60","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-03-23T08:32:04.327467+0000\",\"flow_id\":993735081112817,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.60\",\"src_port\":443,\"dest_ip\":\"172.18.0.25\",\"dest_port\":59528,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.9663.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":773,\"bytes_toclient\":181,\"start\":\"2026-03-23T08:32:02.832753+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"ip.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"pic.9663.com","ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"1998-05-13","domain_rank":0,"first_seen":"2023-04-06T19:12:27Z","last_seen":"2026-03-17T07:27:36.501585Z","alert_count":35,"request_count":35,"received_data":745133,"sent_data":13060,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-23T03:00:19.068831Z","alert_count":0,"request_count":2,"received_data":30876,"sent_data":1285,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"163.177.17.97","port":80,"asn":136958,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2026-03-19T01:54:50.296368Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":335,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api.share.baidu.com","ip":{"addr":"182.61.244.229","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2026-03-18T23:10:38.734704Z","alert_count":0,"request_count":1,"received_data":116,"sent_data":392,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ip.9663.com","ip":{"addr":"180.163.146.57","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"1998-05-13","domain_rank":0,"first_seen":"2026-03-18T13:32:28.110428Z","last_seen":"2026-03-18T13:32:28.110428Z","alert_count":1,"request_count":1,"received_data":934,"sent_data":398,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"zhanzhang.toutiao.com","ip":{"addr":"163.181.50.191","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Italy","country_code":"IT"},"domain_registered":"2004-02-16","domain_rank":620575,"first_seen":"2020-11-05T15:52:52Z","last_seen":"2026-03-16T19:03:04.045634Z","alert_count":0,"request_count":1,"received_data":1015,"sent_data":621,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"lf1-cdn-tos.bytegoofy.com","ip":{"addr":"163.181.243.177","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-01-11","domain_rank":402951,"first_seen":"2021-08-07T17:49:18Z","last_seen":"2026-03-16T19:06:45.167305Z","alert_count":0,"request_count":1,"received_data":1867,"sent_data":557,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"www.9663.com","ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"1998-05-13","domain_rank":0,"first_seen":"2022-07-07T16:10:49Z","last_seen":"2026-03-17T07:27:36.678241Z","alert_count":27,"request_count":27,"received_data":364418,"sent_data":10644,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ip.9663.com/ipdata?callback=dggf\u0026q=javascript\u0026count=1\u0026sign=singcww5cwP7cKh3en2f\u0026_=1774254724783","fqdn":"ip.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.57","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ced71516be6a2a8bbe64dce854ef0853","sha1":"b6dfd21c03317fdcb472711aae60a4ecd58d3e08","sha256":"acd4d6716cb0904c67976484d57863216ff5a3df9a7765fe4e0dc6208ffd8826","sha512":"eaa358656c1fd819984149dfffff0acf40956ab827f761bacc502c36835f24b091db39d2d735eea2dd35698420b094a7474d7135d0d25036ab5ba34012444a62","ssdeep":"","tlshash":"31e04f9da410e750e5c86f1c66398e6265c8f871ca9ab40844eac29243f8534f774121","size":341,"data":"","first_seen":"2026-03-18T13:32:45.907736Z","last_seen":"2026-05-17T21:41:37.01741Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"547ef437c7c646042bd90ff0a6546fa6","sha1":"2bedd01c3b423f0c99fa68c428f0c0d91ac8241e","sha256":"799100de9302960463182c391dabbeb7704336eccb82a8518886a8b7c0d49c2c","sha512":"4c1d00ef26a8c18b86e32f6b353d1382f794e17e72401d62c229517c0018a58f2e1e59078c3e9d1ae1aff8eaf1f6d7b49f933639c248591efe8899d6c79a8345","ssdeep":"","tlshash":"d751749bda41551d2b24a7cca049f384e535f78b083b8ca973c79d9f60c5b2029a324b","size":2450,"data":"","first_seen":"2026-03-23T08:32:41.278551Z","last_seen":"2026-03-23T08:32:41.278551Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"163.177.17.97","port":80,"asn":136958,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-06-13T19:56:19.322835Z","times_seen":24449,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lf1-cdn-tos.bytegoofy.com/goofy/ttzz/push.js?1c07ce30b0df262e84cc43ad00917e246008be35d3aa4b8fc28d959eee7f7b82c112ff4abe50733e0ff1e1071a0fdc024b166ea2a296840a50a5288f35e2ca42","fqdn":"lf1-cdn-tos.bytegoofy.com","domain":"bytegoofy.com","tld":"com"},"ip":{"addr":"163.181.243.177","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"2eabec1543d0f7cf67a9581a046c0a80","sha1":"1457010948371965598eb8be176bca4782855a20","sha256":"76fe1175f0b9100429f6e06ee61f795e83c496c5700d0d897fb92137ccd31c54","sha512":"093331d877b8be12f7518d5123b3bf209032141c79015a10b12250d5b729dc2c9744c85a585bbb65e5f3a9de8bdd6e24685b42fa386550c9610b89d06bebe901","ssdeep":"","tlshash":"e9e0c0a23186e51f80e4b17e5c05f02cc2734b4f0931518c869e7084e239b714233af8","size":357,"data":"","first_seen":"2023-03-07T12:03:34Z","last_seen":"2026-06-13T11:24:29.906402Z","times_seen":1272,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-11T22:17:59.259566Z","times_seen":121592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/down_inc.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c03fc0ac512efb93305316497182d5b","sha1":"9e56258fec56de47798ad784d31574ae3aadc1e9","sha256":"44eab1a47bb8adda79d1e719ce3cfe14bc7a090a1a82359fe8f8288da4ef4c22","sha512":"85d37c4904194df1929b7b2f2a18a609e7a4ef53e3be9c3708b1c3461eccfdd92a62dd985047efbfcd37ff4b335b95b981b700e28b858861703fe919872a37e4","ssdeep":"192:I8GjiGvxucBKRuYRCQhPkbV5fyCbC45EYVgqY3mFa9aZak2a2avai75VSQrspVSZ:IDjiGJucSuYRjuVEQC45EigJicYspE9n","tlshash":"b502b8c039cc401d039a1327bb3f3488f57bd59a1a988889f61db5607ba4a4bc7579f7","size":8481,"data":"","first_seen":"2026-03-18T13:32:46.01153Z","last_seen":"2026-06-13T11:24:29.950142Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/SoftLinkType.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"f43035394e4b5d82e48244cd142ab870","sha1":"ac5b7a733fa609b0635e8d994fce62c572d10731","sha256":"130cd404ef0fe1fd71d1141d44e2122be59e57f1956949b0d47093202b29f11d","sha512":"0fc1ac77beea8ef105462ae93c2d252e41a3281ee09d21de4070fb735b559fe33e232a7b2ceb83d93ceffbc48ef035d5c463a5c30db175cd9d1dd44541b22244","ssdeep":"","tlshash":"f1e0c096464c5c5ac2c2fc25d3de3582b65d21d900a18140c0798ba8b794d71395878c","size":392,"data":"","first_seen":"2025-07-06T07:33:32.568945Z","last_seen":"2026-06-13T11:24:29.952017Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e17429d2e188f44ff7aa50de6b5ca21","sha1":"a7c7b0a06cd9a221e9ffd7dbee698f91615f9a9d","sha256":"2b66e6fb8d43bb9ab481d550c75ca5124c5fa335dfc7e83351ea5e85c182d43b","sha512":"1ff6f8f76c2c926b5d8a05d4d59bf6c6642fe06db075a3852202ddd13e3cb3bf26b676aa916b985fcb1790e95399235b9461ec21217d5a2a27239e22bbaa800c","ssdeep":"","tlshash":"5d60000200a80008300c0808a82028820022a2080000a000a880000820c02280800202","size":17,"data":"","first_seen":"2023-03-08T09:12:38Z","last_seen":"2026-06-08T02:31:07.977065Z","times_seen":129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/download.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"41e01adf00c09bb551f4abd23ce998cb","sha1":"4af789e0f9aa0b66ffd266835abd92f28ad41a2b","sha256":"c9c9a8673c6013379739f67b8e05c2adf153a502db722cc6e971329369975667","sha512":"fe854bab9dd3d277e56a34ed9359befdd47847ec64f1318aee92d9778f18c31adfcbc1eec9e804db537a81e54c28d88961d61d709418b265ce643f7f15d370bd","ssdeep":"192:XT/CRe5K8g94IU82HCjAiUVs94ocJLNpyjqGJooJF90jntC6jbfML:OAK8m1UbaoJLNpd2obw6jbI","tlshash":"f93275843b9624ad139623152bfd46c4eca680f35d1dc100fa1c9cae37f0e39e9679d9","size":10914,"data":"","first_seen":"2026-03-17T07:27:49.186154Z","last_seen":"2026-06-13T11:24:29.948403Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/download.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"41e01adf00c09bb551f4abd23ce998cb","sha1":"4af789e0f9aa0b66ffd266835abd92f28ad41a2b","sha256":"c9c9a8673c6013379739f67b8e05c2adf153a502db722cc6e971329369975667","sha512":"fe854bab9dd3d277e56a34ed9359befdd47847ec64f1318aee92d9778f18c31adfcbc1eec9e804db537a81e54c28d88961d61d709418b265ce643f7f15d370bd","ssdeep":"192:XT/CRe5K8g94IU82HCjAiUVs94ocJLNpyjqGJooJF90jntC6jbfML:OAK8m1UbaoJLNpd2obw6jbI","tlshash":"f93275843b9624ad139623152bfd46c4eca680f35d1dc100fa1c9cae37f0e39e9679d9","size":10914,"data":"","first_seen":"2026-03-17T07:27:49.186154Z","last_seen":"2026-06-13T11:24:29.948403Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/downinfo.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"722073d7eda14affd06be5a7af16eb6b","sha1":"b925146283075fc8c97f1a9dc03160d4b73bd99b","sha256":"194acb945b82aae1dfffe26648418080e0a2cbd733fc84f303bb91a161233e11","sha512":"e44f718c9906eae19bd14690b89892842b7dcfed37c1b0d019ad0b2c8d2749d3bcdbd14c1585eb63e994efdb708b97cea02b9c2a3397ce9bd2769a68c1c0d8f9","ssdeep":"1536:p4o7FYkXddi84ZnQ81PjY5IGxjvFpHMphCWsThP2V/9N4U/aq8CQLyrGUQhips23:pb2kXddSn8vPThP2V/9mCQLHhips1+P","tlshash":"13830784f358126e82ba33a4543f1609ed78d8326905d46cf9bcc4e969f8f147237eb8","size":82055,"data":"","first_seen":"2026-03-18T13:32:46.000004Z","last_seen":"2026-03-23T08:32:41.288861Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"50268eb864c11c86ed9e5113bde20099","sha1":"bf9d3f000ed129e08c0a5354de551b777dd6b033","sha256":"4b710d57ecc424f52b478e379cef2a3312e1af6a67c069fcaf290c181f432ddd","sha512":"fe3327540316d46b35b8f126096b143c11775c736609722dd52bfa87341c18364c24f8fd022acbe5b2bdc1ac19498685ed2da42699018d390bfcb8159e51e2d4","ssdeep":"","tlshash":"cdb012c3838221077158001766dc51d04d4241f50c1481b7bc88d90747c5594381615f","size":111,"data":"","first_seen":"2026-03-23T08:32:41.290008Z","last_seen":"2026-03-23T08:32:41.290008Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f624ff3f9cd89dd64d4b17850106d38","sha1":"3352125caeb17a5d0b8ac73343300bd414b7e95f","sha256":"164b6739edb8e9d402e8a1bde8a38bfc1be297681e5f11c482c543d0952f764a","sha512":"684f9c5d41eb5d491ce740a38629da802077a84665e1828b080a17338ee6f7add15840908db27b49d139e32365f74d2af02f9a13993ca2996d8d29859b8d9663","ssdeep":"","tlshash":"1bb092961ee35602ea49018fa7d865c8989232a81e4482e6ac28d61752e4ea1280a69e","size":122,"data":"","first_seen":"2026-03-23T08:32:41.291026Z","last_seen":"2026-03-23T08:32:41.291026Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-11T22:17:59.259566Z","times_seen":121592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?baf83e8dd433374f1bc0166eff0c59af","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"712de9cf847853540c0944c6703614cc","sha1":"75f6a39a3343e030ed42a05be747ce34b437d42d","sha256":"4fd6494cbedb3177500babf6fdd860b49d86db3f163487f6f32672c9a44dbf82","sha512":"e9749ccb1e99e9dda53faff258393d1cc668d368e3d68bc46822043d447be8f5e0cbd6e891651dc27657fb75b9ceb0d0b99bd09905bc596f4b83bf88ffe7b46b","ssdeep":"384:XGlJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:XGl4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"e5d2d9a9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","size":29894,"data":"","first_seen":"2026-03-23T08:32:41.233041Z","last_seen":"2026-03-23T08:32:41.233041Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"Function","is_inline":false,"md5":"cc9401c9c44e2f7773199f8d4b05cf52","sha1":"3e29a696d61c333474751cfdc1beeab3229d5188","sha256":"cf035e1e78b95dc9d2b2626e87e631ec9283336ec7c5b3774e24ef89fdbb53a3","sha512":"230c45e251ae355784ffbdc799eb5743cefc5a74729cd64db01b67b6689315d3b3823cf8605fdc7c65d20dfb0a87a9f614b4f193523edb39afb707356226c455","ssdeep":"","tlshash":"8df027ce934289892dd228f969675584b08d1e3418aadd79680461171bd6a7701d298f","size":484,"data":"","first_seen":"2026-03-23T08:32:41.292037Z","last_seen":"2026-03-23T08:32:41.292037Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/jquery.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9af7282ea24bb09bb5a2bfcbd4ba388d","sha1":"39ae825ffc810cc56ec6e5778bfa7b110d481179","sha256":"10fe377b14ee57ad940f1fe8ebc11bc1181f5c27786748025e82f0d64d33c4b5","sha512":"6c0c8a985216593c64dcbbed755f2d456b6ae2ac0101456429055679915d6c45d5e39d0e707f871c0971a2a1e92ba2e82ce13e5ea15f4e5d3f1fe4fdff5b1da9","ssdeep":"1536:FNjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQ/:FcqmCU3zhINzfmR4lb3e34UQ47GK+","tlshash":"0b9307ddb2c6b06257ab70ba407f600ff236199d684d4400f169d4e9bc78a4e827bf6d","size":95627,"data":"","first_seen":"2025-11-18T09:52:04.774026Z","last_seen":"2026-06-13T11:24:29.961016Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/nodomain.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"80a55aea2f9ab700cb8c028438be0d4f","sha1":"f47a1e40fd716c7fada86fd787bcd2a32e44f48a","sha256":"0e604a661415da303d3874b33e25dbc2eaa5df0a19c642103f14d668a249e9d3","sha512":"7b88655589127f8c13a6e69698388cc5da8e95d8a953a63219dcb18deb2392fd682906e0aad9ab3de13505b65e4449313690faad27ac8aaf1b4a48f2aef33e2f","ssdeep":"","tlshash":"61f0e9748b4289a851a42885946c2c1405be2313b710d9f69796085e7d3974e2516dde","size":478,"data":"","first_seen":"2026-02-23T20:03:02.611418Z","last_seen":"2026-06-13T11:24:29.963124Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"e7d6c03d78468fe30dcae615ef0ecdab","sha1":"86bf743c2f308fcecc9b06771ecd3b4fa514ff88","sha256":"e3c5782988fe08a09542bf2903ad65116277b9f7dd4c5cd5e35e43bf3fa5414c","sha512":"676191937f5968886c7b4f1e1bb3d019a692c0a0d9f1bdc228148ee0af6ec4daf5d5152d549bce4a1593992e4443f72836131d0bee26649260f552e3a3284f3a","ssdeep":"","tlshash":"5b7000000020a808008828088ee200800208028880880000802ce20a02b08a00c203c0","size":20,"data":"","first_seen":"2023-03-08T09:12:38Z","last_seen":"2026-06-13T11:24:29.949319Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"6134741bc09b54d3508cbdcc28fb26a9","sha1":"e39fbe20125cc6cd220f37a485a20a2347d3b8a1","sha256":"bfd9da582d909f71f72de1cd8b474c45a1daea5746546d5937dec54536c0394d","sha512":"f2886766c9652390b72c45afeaa2873c5b7b34c958034801655b558004c156de2c539c9b01f65585fdb2f7c1d8e555cc511e5fa1244d0e8b6935c4688a973175","ssdeep":"","tlshash":"7cc080502d3d60fed5346503859704165052f69951584c1d67c5cc380544f3f1e35b56","size":177,"data":"","first_seen":"2026-03-23T08:32:41.29804Z","last_seen":"2026-03-23T08:32:41.29804Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"27cd5c362b20196a155e521df8644524","sha1":"f92d63480cffb5327b4537e2de4cca62d40a1bce","sha256":"305f9d16a39e1ae91f0fff3f21ba83347b2df21259db3f40419134366982399a","sha512":"25885939093878c33f6457a706db88f241450bcd8924357fa2bb524218832f3d68c847af95772eb67da74579e13caf36a34573213fa8d2d5f261ca5c165ebd22","ssdeep":"","tlshash":"5d900209ae15c455058019482424a81844149894a470d5b491a8044a4a1018c1916848","size":47,"data":"","first_seen":"2025-10-15T15:41:41.427894Z","last_seen":"2026-06-06T22:27:29.651543Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a0a4f5549c76d5f5a659418d9f89d397","sha1":"afd38bf0a1a5e280c5e4cbba4ad4a881328d426b","sha256":"df67b46c712303d200fb088d4bab81001a4255f8b156b16c6a794006f4e15931","sha512":"4519b82e0a7e1f3753e255f9e1349b225beddcdee25ac206e049298aa0b4f1df8baafe354a4201fb6ae0f39774806d5caf3f20d8f269f8a38842433dfff3e76c","ssdeep":"","tlshash":"c6d09780819c108ba1f1d00ae3a0736da02231eb8a03074e42e1a88097029980218056","size":240,"data":"","first_seen":"2026-03-23T08:32:41.300537Z","last_seen":"2026-03-23T08:32:41.300537Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4eb7f902641006fda328e9633399b0ba","sha1":"af2b9a925ae00851b39c7c1e3d20ba95ec83a28e","sha256":"15c1e8d919fca7db1fa4cdf9bfa5a90403054f59836901d7bf20ac575e8f487b","sha512":"de6bf4db0e08ab759c1ee9c7dd443ae08179081aa2156dc455926b76200aed5ee6b9ea3533f4e306bf11e1fe3bbd65d30b2002569e59e92cdd56edee1507f8a0","ssdeep":"","tlshash":"11d0974187a828aea0b28007fa5031a5e012a0ff5d03420e91e0f4904762958084a00b","size":240,"data":"","first_seen":"2026-03-23T08:32:41.302204Z","last_seen":"2026-03-23T08:32:41.302204Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"94b14720f7b953580c54cf547b2ce93c","sha1":"fc460fdb0f1b3494ac0c092b1c2f63b48589b3e6","sha256":"3dc299a7d89e4d4fe9e7d2abb06e15b523a4dce443b48011b1f1a66043d5f7e7","sha512":"da3dd6ef844c0e839dc94fb818c04281b42e74358556888e2f65f607aa96ce1ee5a6e8972343d0dbe4b0fa5c7d4da0fd69991cacf61071d3bdbd7d77a7d74393","ssdeep":"","tlshash":"d7d0978253a82897e0b2c01ee2907016e51220ff8e0b022ed9e2c8140b92ea918000da","size":240,"data":"","first_seen":"2026-03-23T08:32:41.30348Z","last_seen":"2026-03-23T08:32:41.30348Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d87b6cf7f476097312c37e89202fa279","sha1":"7a07b03822ce2b26614bfbbb921b4c5917cc2df0","sha256":"96e36e53e51def89fecf2631e2bc94b699ca5b367cebc479bf23af4fca097145","sha512":"7196028d1316852f633a98890ef314fa132c72e847f2841163085430291b7f55b48fcf3f8a9bfd5fd5d4ec988d40e70c900ece8901eb0f50377e71a8caf89a5d","ssdeep":"","tlshash":"b8d0976a02b450cbb073d00aeb94729aa22b30eb8da7060cc4e1e8c84a81959005d10b","size":242,"data":"","first_seen":"2026-03-23T08:32:41.304747Z","last_seen":"2026-03-23T08:32:41.304747Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a61a415c076d78038634bce779ca0bd3","sha1":"0c3be7d21588696b734ea0cddc61eb41570857dd","sha256":"e0d01564cddab02af6e3c53eb12d009bd6c929cbb7c890dfa9e9dadf30835012","sha512":"a8e7c2a0835181b7fb59e19c7ca61bc5b19da36df9705eef069ca2dd1d168b3bf73e9207a1c3802b4daea55c124235de003b150f7adbf6355e80d58625a8a27a","ssdeep":"","tlshash":"c4c02b05cca52411e5e2468e933c934d3043319d1f4043c168f0c4273254b230a1f1cb","size":151,"data":"","first_seen":"2026-03-23T08:32:41.305991Z","last_seen":"2026-03-23T08:32:41.305991Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"http","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T08:32:03.582Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /downinfo/38620.html HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:19:54 GMT\r\nVia: cache13.l2cn3059[46,68,304-0,H], cache31.l2cn3059[70,0], kunlun8.cn7174[0,0,200-0,H], kunlun5.cn7174[7,0]\r\nLast-Modified: Sun, 01 Mar 2026 04:08:55 GMT\r\nETag: W/\"3a2ff31e31a9dc1:0\"\r\nAge: 154\r\nAli-Swift-Global-Savetime: 1774254569\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:29:29 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547239227370e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":24629,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2389), with CRLF, LF line terminators","md5":"8d2a2d9934dae8a7dc992c6becdf95e9","sha1":"1e722729b3b580819500ff8f3f587a3b11931758","sha256":"3f03596dee92365e0fbfca5b7afd84a6b04de5a054fee8c7bb3283e55f90a699","sha512":"9ccd61d1ed3cf1d3aebf0e97f51890bea3bf2531e562c0137e8dfeccfa26b3aaa73b3e58dbc0659f8553113a39de82be2e19113d61f29e82ceea7c716a9dfb4d","ssdeep":"768:nlsnsLAW+udgaCCBuDP5df1R48047WjApwaGfEe4JsuVaM:nygJ+eECBuz5pz6X8vaM","tlshash":"bed28412e1d0932f5a2022dc34765b68f1c39369ce1b6944f3dc6adebec6f95690e183","first_seen":"2026-03-23T08:32:41.214115Z","last_seen":"2026-03-23T08:32:41.214115Z","times_seen":1,"resource_available":false,"data":null}},"time_used":793,"timings":{"blocked":243,"dns":1,"connect":242,"send":0,"wait":258,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022120909285962872.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.248Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022120909285962872.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 49526\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 02:17:01 GMT\r\nLast-Modified: Wed, 15 Oct 2025 16:23:31 GMT\r\nETag: \"98b4e4bf03ddc1:0\"\r\nVia: cache4.l2cn8428[0,3,200-0,H], cache10.l2cn8428[4,0], kunlun6.cn7174[0,0,200-0,H], kunlun3.cn7174[2,0]\r\nAge: 108334\r\nAli-Swift-Global-Savetime: 1774146394\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 128935\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547284743440e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":49526,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 338x600, components 3","md5":"9055022a42a97dee609e660b9197658d","sha1":"497948e6aee63787117e8372e3cdf23d747a2ca2","sha256":"46ef799cb067263fc1e06fd54fc5a87f4fce0099ec9c66cf4e7be9bf1802c1c5","sha512":"9b28240394570911330ae95ee98957578fae974215a3043fcd52eec463f5069c05b44e61de4bb8b3b93f49564f83e2d26eb1e716d458812898760acf4b226384","ssdeep":"768:THKS7EGam1WVqhcUPI8R68VY1Kz4+JwSLJIU7yazHG5G36xHfKqYZCmG:THKenJXVY1KzMIOo1j6tas","tlshash":"3123f2c9e20aa177f6c8fa3656d832b172f5c1f57622c956908b2758d8c4a748c132af","first_seen":"2026-03-23T08:32:41.21503Z","last_seen":"2026-03-23T08:32:41.21503Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4438,"timings":{"blocked":3454,"dns":0,"connect":0,"send":0,"wait":935,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281129368559.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.255Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281129368559.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 23389\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 15 Oct 2025 16:34:00 GMT\r\nETag: \"b3f8ec82f13ddc1:0\"\r\nVia: cache7.l2cn8428[0,0,200-0,H], cache11.l2cn8428[1,0], kunlun10.cn7174[0,0,200-0,H], kunlun10.cn7174[3,0]\r\nAge: 95941\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547254388953e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":23389,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"8536530dd4a8ba6186d38600509908f5","sha1":"f0f92700069f85dfc22dad0bc67caccc2991368f","sha256":"f25ba8c5de6f5218fb374d180004449f6237f96c008988c98dc39b93d0f24eb6","sha512":"49652674ea4152708eb83bca422568328c7132ef1cba8caedb95ff18ccccd1e206749a6d2cf30429585008b440ef82088cf64c61d0aac32f81f119bb7b868264","ssdeep":"384:BWrMV6Cs6hhdElS5egQBgHYRLvsKq0ebZPGdDitJvAgkRtcFyygbP47uBrf5TgVP:IrM+65iS5egrYlvsJdCD4JYgkAFUP47J","tlshash":"c2b2f1133f2ae1f1eba98ead983f011ca6db52c1805dc23edd19d0d6b3b52d90251f92","first_seen":"2026-03-23T08:32:41.21639Z","last_seen":"2026-03-23T08:32:41.21639Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1357,"timings":{"blocked":1064,"dns":0,"connect":0,"send":0,"wait":270,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-6/2022613172250255.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.268Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-6/2022613172250255.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 5081\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 18:03:14 GMT\r\nVia: ens-cache47.l2cn9026[32,32,304-0,H], ens-cache3.l2cn9026[33,0], kunlun8.cn7174[0,6,200-0,H], kunlun8.cn7174[9,0]\r\nLast-Modified: Thu, 08 May 2025 17:21:19 GMT\r\nETag: \"7bdba39c3dc0db1:0\"\r\nAge: 51559\r\nAli-Swift-Global-Savetime: 1774203168\r\nX-Cache: HIT TCP_HIT dirn:9:225067586\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 18:12:48 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547270042252e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5081,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"3d45a39b9d1f601cae1f3732550c119b","sha1":"3b968df127cd809fc64644fb32a0bdc7e6021798","sha256":"35ec15507d4d79569cdbfffd797b07fef43862347c25589d9f7f226383c9767a","sha512":"48e0c8775caaaf5c8f3f9ea61c2b564ec39ff9f4ee13cdd1c45c2109c53fc0b654dcb1840c33d89d84f357725c3d29fa3a03bd610c948070f5e155e9be626b88","ssdeep":"96:qCt87sm4RDgYjNr6R3KVwwoUKcSFA8dLUuWtkNtpygjDxvw6:5tqsm4RDgYp6R3YoUzSFPivCR3O6","tlshash":"dea18f96e3d4ea66dc3812253e6a72fac2246534d962cd1d233125706cf99d29cc7648","first_seen":"2025-07-14T23:47:46.657854Z","last_seen":"2026-03-23T08:32:41.217241Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2893,"timings":{"blocked":2607,"dns":0,"connect":0,"send":0,"wait":283,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/a.star.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:05.774Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/a.star.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1915\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:05:35 GMT\r\nVia: cache14.l2cn8428[0,0,304-0,H], cache18.l2cn8428[1,0], kunlun1.cn7174[0,0,200-0,H], kunlun1.cn7174[2,0]\r\nLast-Modified: Tue, 14 Jun 2022 01:08:57 GMT\r\nETag: \"5f5ce528b7fd81:0\"\r\nAge: 1015\r\nAli-Swift-Global-Savetime: 1774253710\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:16:28 GMT\r\nX-Swift-CacheTime: 7122\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547258723807e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 120, 8-bit colormap, non-interlaced","md5":"9e61c4011cda70bf0d91b66341f1ae32","sha1":"88ab486db75cd1091e52a23c04291f680a82a534","sha256":"2fbfa714d7d178d21dd1139fd6f4314e50913912865518634665d93bee4ce865","sha512":"c2410218df55a736570e7a4f02b1fc22bc558421ebfe872e3bc65a08706563cfaa1ef34002d864f3b8dc4a345ab06f8de16a090e5363397949a04a93a3b35921","ssdeep":"","tlshash":"0141e8afd6909896d504b86150f680275a8b8cc1eda9e2b4a04fe208c5b43f3480a2c7","first_seen":"2025-06-10T00:49:12.13394Z","last_seen":"2026-06-13T11:24:29.919604Z","times_seen":15,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/skin/gr/images/comment_tbg.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.137Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/gr/images/comment_tbg.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 206\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:10:17 GMT\r\nVia: cache22.l2cn8428[41,41,304-0,H], cache8.l2cn8428[43,0], kunlun6.cn7174[0,0,200-0,H], kunlun1.cn7174[1,0]\r\nLast-Modified: Fri, 31 Dec 2010 06:50:24 GMT\r\nETag: \"038d7ffb6a8cb1:0\"\r\nAge: 4335\r\nAli-Swift-Global-Savetime: 1774250391\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:19:51 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547262355561e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":206,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 30, 8-bit colormap, non-interlaced","md5":"f21c3c1c095795b7823f8e850ced7648","sha1":"2a7d81e26f408e7b80c3bd95d88f98c5bfe4d563","sha256":"08e92eed119b1138b8cf852ce2074b6bf5358e75c32dc6cfda07291780bfeabd","sha512":"85837ed33538bfa1173af25c2d133878730f220d5e948928d18e3d9b359aece90186577f5a9e914976f5b18f52af8f5a4b4ee89488e3295739e606ece3866ebc","ssdeep":"","tlshash":"5bd022e3b20c9e6ac99002a30160429498839f93081c43aa9e8e800c2fa32cc50d0902","first_seen":"2023-07-07T17:17:35Z","last_seen":"2026-06-13T11:24:29.898111Z","times_seen":66,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/prev.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.238Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/prev.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/lightbox.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1360\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:22:17 GMT\r\nVia: cache5.l2cn8428[24,23,304-0,H], cache11.l2cn8428[25,0], kunlun6.cn7174[0,0,200-0,H], kunlun5.cn7174[2,0]\r\nLast-Modified: Thu, 16 Jun 2022 08:27:46 GMT\r\nETag: \"244144f55a81d81:0\"\r\nAge: 3615\r\nAli-Swift-Global-Savetime: 1774251111\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:31:51 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547265074832e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced","md5":"84b76dee6b27b795e89e3649078a11c2","sha1":"6640a3432f7ba7aea6129cdf7a5d3eabd47c295c","sha256":"7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2","sha512":"f7128971cd4b6442ebac344cad93186e1fcc976470e2f5a4e758f3439c7b07421fb99a927450414b86b4bbfc0f2cc605b0e63c217057e094f9d866d9906960f5","ssdeep":"","tlshash":"b121f8b5a75040bddc73b70a4428be38ced1ba204dcdce0b42719c77a082c29d7f1082","first_seen":"2023-04-05T16:20:30Z","last_seen":"2026-06-13T23:14:20.501618Z","times_seen":19738,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":171,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/SoftLinkType.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.248Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /inc/SoftLinkType.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nContent-Length: 344\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 06:55:43 GMT\r\nVia: cache6.l2cn8428[0,0,304-0,H], cache20.l2cn8428[1,0], kunlun9.cn7174[0,0,200-0,H], kunlun10.cn7174[4,0]\r\nLast-Modified: Fri, 21 Jun 2024 02:26:10 GMT\r\nETag: \"99aa796182c3da1:0\"\r\nAge: 5206\r\nAli-Swift-Global-Savetime: 1774249518\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:05:43 GMT\r\nX-Swift-CacheTime: 7175\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547245914715e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":344,"size_decoded":0,"mime_type":"application/x-javascript","magic":"Unicode text, UTF-8 text, with very long lines (342), with CRLF line terminators","md5":"0982b05bcdc6693c5961f996e442c5fb","sha1":"93781bfce72fda9c7fc66d782c5e26c412e82026","sha256":"34fcaf6f2b7ffc88a2062de96e4e28de0890d4ae343269b6c63c29125f0141b1","sha512":"d1b1ee59686f705e12b325f9bf66165408e3ba8bec11b2ebc9c33e56fb3068f0d3ccd51b1c680f92e11773b07907f157a1cacefd8201c2dc1a1cb86f0ae80308","ssdeep":"","tlshash":"ccf0379a57541d77c0c2d8f4e3ef3216d66e526549c5c0a8c0454faadb80b31715c7d8","first_seen":"2025-07-06T07:33:32.533914Z","last_seen":"2026-06-13T11:24:29.925713Z","times_seen":14,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":208,"dns":1,"connect":271,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/downinfo.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.281Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/js/downinfo.min.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:14:48 GMT\r\nVia: cache14.l2cn8428[0,0,304-0,H], cache17.l2cn8428[1,0], kunlun8.cn7174[0,0,200-0,H], kunlun1.cn7174[3,0]\r\nLast-Modified: Wed, 18 Mar 2026 01:30:23 GMT\r\nETag: W/\"524f8aca76b6dc1:0\"\r\nAge: 4061\r\nAli-Swift-Global-Savetime: 1774250663\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:24:43 GMT\r\nX-Swift-CacheTime: 7180\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547247876406e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":81302,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19927), with CRLF line terminators","md5":"d86b4dd6f962f6a1584a4d7e03cd4278","sha1":"7b8eeeccf810995bc78e802330fad17d5cd8fd5e","sha256":"146868149ec4f85d8e537e8bc4e91bc56ea8ab131d098fb6439a521f843c96c4","sha512":"b1f5e9a1268723bcc916fd85226eb72e589b1a43e54f8c498f2171523277af64f37739810cf90fa87e7171c5ac829fbf4fc1b668227b13933e8b369e5eb27698","ssdeep":"1536:p4oYjYk99ddhKSZnQ81PjY5IGxBvzp/MEhlTNThP2V/9N4U/aq8CQLyrNUQYD8qw:pbZk99ddznGvTThP2V/9mCQL4YD859T","tlshash":"3183f744f254132ec2aa33a4543f1609ee79d872a905d46cf9bc84e969f4f14723feb8","first_seen":"2026-03-18T13:32:45.912689Z","last_seen":"2026-03-23T08:32:41.224144Z","times_seen":6,"resource_available":false,"data":null}},"time_used":960,"timings":{"blocked":408,"dns":0,"connect":0,"send":0,"wait":241,"receive":311,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/skin/gr/images/comment_btn.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.143Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/gr/images/comment_btn.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 299\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:09:05 GMT\r\nVia: cache1.l2cn8428[43,43,304-0,H], cache8.l2cn8428[44,0], kunlun3.cn7174[0,0,200-0,H], kunlun9.cn7174[3,0]\r\nLast-Modified: Fri, 29 Dec 2023 10:10:41 GMT\r\nETag: \"df70e473f3ada1:0\"\r\nAge: 4407\r\nAli-Swift-Global-Savetime: 1774250319\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:18:39 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547262656702e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":299,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 26, 4-bit colormap, non-interlaced","md5":"7d20a9620d5ce410dbee0bd9b94b2c8d","sha1":"9cd9c731ff8a11a1dd3de1353532b6f386e51a6b","sha256":"d8581b209787d5e8af30da3a5197de2bf156d2fc88d2199d809464d6cc3a6b00","sha512":"f32248b61dca379941c938c7665b4f1fe043a8443bc5b5980d3f74050fa38ff059eff6ef87f8eb7caa149f19258e27d633380a02bbb3035b15cec6cf0bb05664","ssdeep":"","tlshash":"02e072c2baa9cd78c68a06a912428813c9077a0ee62810a62881c0281ba2195d0e4f47","first_seen":"2025-07-06T07:33:32.51913Z","last_seen":"2026-06-13T11:24:29.94511Z","times_seen":14,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/dingico.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.170Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/dingico.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 506\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:38:14 GMT\r\nVia: cache14.l2cn8428[41,41,304-0,H], cache26.l2cn8428[43,0], kunlun1.cn7174[0,0,200-0,H], kunlun1.cn7174[2,0]\r\nLast-Modified: Tue, 26 Mar 2024 01:36:03 GMT\r\nETag: \"85253ef71d7fda1:0\"\r\nAge: 2657\r\nAli-Swift-Global-Savetime: 1774252069\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:47:49 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547262605662e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":506,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 60, 8-bit/color RGBA, non-interlaced","md5":"24501033dfef3b44248084dd711cd6af","sha1":"b379f8d5f436826ccdda52c9471941c9e680a921","sha256":"2780fdd1236e2d98ed23e02a1b69b21c2b2c2dac9b62f99b00811981e275897c","sha512":"586b5c563106264a951cbca019084c4f485c3c6d8e6710db7ef68804f68412c713a8b5a8e9819c69ea5b7e7a4b4e7d0d7ebc3e49a14ee27144913a71d9a793b9","ssdeep":"","tlshash":"3cf0751d6ba44454ae635131434d22508cf3e792f701662c0461c452138385804f0fb3","first_seen":"2025-07-06T07:33:32.54427Z","last_seen":"2026-06-13T11:24:29.899677Z","times_seen":14,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/down_inc.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.239Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/js/down_inc.min.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:16:45 GMT\r\nVia: cache20.l2cn3059[0,0,304-0,H], cache21.l2cn3059[0,0], kunlun5.cn7174[0,0,200-0,H], kunlun1.cn7174[3,0]\r\nLast-Modified: Wed, 18 Mar 2026 01:29:51 GMT\r\nETag: W/\"bc3cadb776b6dc1:0\"\r\nAge: 345\r\nAli-Swift-Global-Savetime: 1774254379\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:27:27 GMT\r\nX-Swift-CacheTime: 7132\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547245215128e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":8391,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4268), with CRLF line terminators","md5":"2de7554fcc35401c87f24e030ae9fdd7","sha1":"eb55ec1503022be483f5cc8772046093a8a90696","sha256":"48e8e5fb570bf0646d788a44ff844fd098c63efc25b77d16d9e6996a4112df3b","sha512":"d6badf85a03ebaf1704bea301de27506ce88c3e10e111a5fc5d37e981e3b46df07551898664bd1ea1b81640832496a03b907f14f34badd4ddc23ed3ca7205796","ssdeep":"192:I8GjiGvxucBKRuYReQUPrbV5fyCCRYVgqY3mFa9aZak2a2avai75VSQrspVSZ:IDjiGJucSuYRynVEDRigJicYspE9sVSZ","tlshash":"4902dbd039cc4009039e133b7b3b3484f57fd5962a948849f61db560bba4a4bca6b9f7","first_seen":"2026-03-18T13:32:45.909483Z","last_seen":"2026-06-13T11:24:29.92326Z","times_seen":8,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":183,"dns":1,"connect":238,"send":0,"wait":242,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022129928553795.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022129928553795.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 26076\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Mon, 23 Mar 2026 01:14:22 GMT\r\nVia: cache12.l2cn8428[38,38,304-0,H], cache14.l2cn8428[40,0], kunlun6.cn7174[0,0,200-0,H], kunlun10.cn7174[2,0]\r\nLast-Modified: Fri, 09 Dec 2022 01:28:55 GMT\r\nETag: \"c61daa9a6dbd91:0\"\r\nAge: 25689\r\nAli-Swift-Global-Savetime: 1774229037\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 01:23:57 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547260373897e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":26076,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 512x512, components 3","md5":"bbb6bb75220326f828c3a42db5d2fddf","sha1":"d983ebddb16405eb4a433ab106293ceac6472b8e","sha256":"ace125314456e65bd7c84e3cdd9b7eca5c2a17e5ec1d7b29ffa9daf0ca569a2d","sha512":"3616df7faa78daf4c95f85ea252596b050f9fe3dff336649c5f285954505984770a925083dc7eb307624648c9fe580167e7de854dcad8c5b1334269eb35a02dc","ssdeep":"384:tWWxmIsLDVQCjQB46uma/WP/qmcuvwEbPhEUxDOAV9egCDNySIFqOW81EDbuVtkD:IWxHsQ4zWPJwEn9OfOF7TsSED","tlshash":"5ac2dff1527ab0a65e7f8f7cb8022a787c42cb3b69407e5ce6cda9d992290721740785","first_seen":"2026-03-23T08:32:41.226963Z","last_seen":"2026-03-23T08:32:41.226963Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1971,"timings":{"blocked":1676,"dns":0,"connect":0,"send":0,"wait":269,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-8/202285911467928.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.263Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-8/202285911467928.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 13327\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 19:50:24 GMT\r\nVia: ens-cache10.l2cn9026[35,34,304-0,M], ens-cache61.l2cn9026[36,0], kunlun8.cn7174[0,12,200-0,H], kunlun8.cn7174[14,0]\r\nLast-Modified: Fri, 05 Aug 2022 01:11:46 GMT\r\nETag: \"514d2d5568a8d81:0\"\r\nAge: 131528\r\nAli-Swift-Global-Savetime: 1774123197\r\nX-Cache: HIT TCP_HIT dirn:10:93036547\r\nX-Swift-SaveTime: Sat, 21 Mar 2026 19:59:57 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547257974156e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":13327,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"1e3eb8196ce5939007e25d70052b530b","sha1":"6fad92bb0670fb7a38c1b818361043a0f8955906","sha256":"973b1f93d266adcbc6f4c9618aca8e018ed5b71d88851155010c8a3915b2f33a","sha512":"70ee32b33c76a61daf0a4eb65f186965db751f657d6ba831c80c916d582454a8a9483f35b943e9877af90a09ebd63f02088f6346f1abe693989cfc90ee86428a","ssdeep":"192:fS1QvKDiPuJl9/vasEeRzYESFkMvW+6vLQeOZljcO0fs3ASEsPMZ:fSmvKDishvaslRXxcWdzQeeofs3R9MZ","tlshash":"d852bf4c74895b60e03553fb64cbc216bea09bfc619af1575f708a8423eeb2486e1861","first_seen":"2026-03-23T08:32:41.227854Z","last_seen":"2026-03-23T08:32:41.227854Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1703,"timings":{"blocked":1405,"dns":0,"connect":0,"send":0,"wait":287,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/20227251841522056.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.268Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/20227251841522056.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 18983\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 02:04:42 GMT\r\nVia: cache5.l2cn8428[42,41,304-0,H], cache3.l2cn8428[43,0], kunlun1.cn7174[0,0,200-0,H], kunlun3.cn7174[3,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:32 GMT\r\nETag: \"4aa903f3cc0db1:0\"\r\nAge: 109071\r\nAli-Swift-Global-Savetime: 1774145656\r\nX-Cache: HIT TCP_HIT dirn:11:401168631\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 02:14:16 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547271984646e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":18983,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"692511ae3e3db59ce783ffe151189a3a","sha1":"2537b4449420d259e592e809b0e259c6e57efeab","sha256":"0fb62110b52fd10fdb9e35a316d5c89987b39e47a111f857892d25170b0ab29d","sha512":"5e22bb7ad3d8f47dd00fcb3f940a41a79fd4800b575da864d10fa4be1f1a7601653c109efa386771f5d8b202fe3a66a65ad717e7f5a3032af6e592108cadd428","ssdeep":"384:Ap1Q4j0bK7PAPOil1q3OXT5guWyUKYs7wbCpzNjIlsPwL6VDVbU+bQd+V:ABj0aYPOwo39GULseM024I+8V","tlshash":"6e82d09504f2ee435e8987bcbb828373574dfc1786d68135ced5ae0441af1d3268032a","first_seen":"2025-07-14T23:47:46.633816Z","last_seen":"2026-03-23T08:32:41.229027Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3110,"timings":{"blocked":2807,"dns":0,"connect":0,"send":0,"wait":286,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/ajax.asp","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.173Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /ajax.asp HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 28\r\nOrigin: http://www.9663.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":28,"data":"Action=1\u0026softid=38620\u0026type=0"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/html; Charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: private,no-cache\r\nPragma: no-cache\r\nExpires: Sun, 22 Mar 2026 08:22:32 GMT\r\nSet-Cookie: ASPSESSIONIDACBBTSSR=EPPGFBNDBLOIJDFHPPHLGLDD; path=/\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:22:31 GMT\r\nVia: cache20.l2cn8428[45,45,200-0,M], cache20.l2cn8428[47,0], kunlun5.cn7174[61,60,200-0,M], kunlun5.cn7174[65,0]\r\nAli-Swift-Global-Savetime: 1774254726\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:32:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547262623740e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":4,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"c5ceeefd11f6736d8a2d235004dc4181","sha1":"ada4877d8006dd7d3c20e03a9109ebb01549205a","sha256":"93ba2652466a215b3ff21314f94439996f8efdfa92b3c52c1f9c4aa9b7c18b41","sha512":"791f8fa4f075079f2021de35e9a545b3aea789dc8a78fd50a7539afcf87df5da8e28d30a46bb28609d01d28dda8b4397885741dffab2c39f9df382b7e25a9d33","ssdeep":"","tlshash":"083000000000000000000000000000000000000000000c0000c0000000000c00000300","first_seen":"2026-03-23T08:32:41.231455Z","last_seen":"2026-03-23T08:32:41.231455Z","times_seen":1,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":301,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/down_detail_jb.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:05.775Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/down_detail_jb.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 439\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:38:14 GMT\r\nVia: cache3.l2cn8428[46,45,304-0,H], cache13.l2cn8428[47,0], kunlun3.cn7174[0,0,200-0,H], kunlun5.cn7174[4,0]\r\nLast-Modified: Wed, 06 Jul 2022 06:00:50 GMT\r\nETag: \"bacec6befd90d81:0\"\r\nAge: 2656\r\nAli-Swift-Global-Savetime: 1774252069\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:47:49 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547258711698e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":439,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced","md5":"c5c2e8e2283093209fc21f0c3bc46ce4","sha1":"b53ed6541fbac770a9fbeeb7bcd732595051722d","sha256":"c7d0a61800080112bb194bbf652f916bb829c39b73ac5652182abc1da0a12c92","sha512":"5b73a1516adde5f42563addd06c1e4fa8c66ee0bb35f8236abc970cc3fb449ea434d1de6e54843717809e6198e631a04166ba35a83f8dbef5c6c02a4c1953280","ssdeep":"","tlshash":"f7f023d3ea709c38d599d4b617e7d2c199285b7a13417726ec5327b9cdc203c058444e","first_seen":"2025-07-06T07:33:32.523398Z","last_seen":"2026-06-13T11:24:29.905486Z","times_seen":20,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?baf83e8dd433374f1bc0166eff0c59af","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?baf83e8dd433374f1bc0166eff0c59af HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11288\r\nContent-Type: application/javascript\r\nDate: Mon, 23 Mar 2026 08:32:07 GMT\r\nEtag: a32ea11136b7e309e7685f9a6a6436f4\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=5B1A49BA758A41A3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (618)","md5":"712de9cf847853540c0944c6703614cc","sha1":"75f6a39a3343e030ed42a05be747ce34b437d42d","sha256":"4fd6494cbedb3177500babf6fdd860b49d86db3f163487f6f32672c9a44dbf82","sha512":"e9749ccb1e99e9dda53faff258393d1cc668d368e3d68bc46822043d447be8f5e0cbd6e891651dc27657fb75b9ceb0d0b99bd09905bc596f4b83bf88ffe7b46b","ssdeep":"384:XGlJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:XGl4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"e5d2d9a9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-03-23T08:32:41.233041Z","last_seen":"2026-03-23T08:32:41.233041Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2042,"timings":{"blocked":888,"dns":286,"connect":198,"send":0,"wait":263,"receive":1,"ssl":403},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281532385885.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.252Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281532385885.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 10605\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 09 Apr 2025 14:47:14 GMT\r\nETag: \"4c14a7485ea9db1:0\"\r\nVia: cache2.l2cn8428[0,0,200-0,H], cache18.l2cn8428[1,0], kunlun8.cn7174[0,0,200-0,H], kunlun5.cn7174[3,0]\r\nAge: 95942\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547263854338e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":10605,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"3961e7f533a7c268ac0f3d7ee4751dc5","sha1":"71e106343c3fafbe64ce5cf007f4298a4c7ffce5","sha256":"02682fcbf487a227f789f92e12d1df793dfda49e327edfa85520eb4c684236db","sha512":"dd9f5b39fde54e26249edd418279575756b8f1b7f065e0a8c18f513df852b14c83d7d8a002ecde6785e880a4bc59e9b9d174545459361bace3eb0ae38d654fd4","ssdeep":"192:GaUYfR4XXyOBMR5Qu8ZGJSYLEvR9lESzM2+DIo9UAdh+tPhLxgKwUW:Ga7fR4FMR5huYBEM5Wlxq4W","tlshash":"8722bea6d24a67e313441a3c385bd9635532876f0637a897bd0ebfc745f6b618e2c201","first_seen":"2026-03-23T08:32:41.233987Z","last_seen":"2026-03-23T08:32:41.233987Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2290,"timings":{"blocked":2036,"dns":0,"connect":0,"send":0,"wait":245,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281133375038.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.255Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281133375038.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 27587\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Thu, 08 Dec 2022 03:33:37 GMT\r\nETag: \"4b1787dbb5ad91:0\"\r\nVia: cache21.l2cn8428[0,0,200-0,H], cache23.l2cn8428[1,0], kunlun5.cn7174[0,0,200-0,H], kunlun8.cn7174[7,0]\r\nAge: 95941\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:40 GMT\r\nX-Swift-CacheTime: 141324\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547251841052e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":27587,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 512x512, components 3","md5":"1e461cc846ef35be7c58a54b06885cca","sha1":"af504d42097efd5adffdc1b440c9f7e52d20732e","sha256":"516aaa3eb370401e38d3c22ea7c436788fcebbcdc87609163a8aa27a334350d6","sha512":"885448fdff1ba920d70e8110b49ab6b4506fe4ac291aae37e8d9ab3ebcb188f89fd1dd381f07d4d50283aa325687d6a12c7dcf5ececad6be64029a53cf953672","ssdeep":"768:bgoWfVE5CnksQLrwG3xw8ItpNrOPwaam1:bgoWuEnMLsGBzItpNrm4m1","tlshash":"bfc27b27cc185b47e46543bef9478e798e1dea98f4937bfa01310cd639616126c8b87c","first_seen":"2026-03-23T08:32:41.234949Z","last_seen":"2026-03-23T08:32:41.234949Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1088,"timings":{"blocked":528,"dns":0,"connect":273,"send":0,"wait":280,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022128112743322.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.256Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022128112743322.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 24569\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Mon, 07 Apr 2025 16:03:05 GMT\r\nETag: \"40678cd6a7db1:0\"\r\nVia: cache29.l2cn8428[0,0,200-0,H], cache14.l2cn8428[1,0], kunlun3.cn7174[0,0,200-0,H], kunlun1.cn7174[3,0]\r\nAge: 95941\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547254081576e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":24569,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"f1edab2cbcc1dfede47c0b0082bb26bf","sha1":"757b83f7d68da1c59fa609f47947314dc48f3d02","sha256":"44a45930fd6406378e2151e82534dc2bd8bb7d7ba79f2b79d6a7a8c002c22564","sha512":"f87b4da5aba2bc10c2c106d6e1431fc0e2b69caf30481b7499eb975d038dfcf4130c0ef7ac792944a8787dbfa72a5ebcaa7b505d8fc2fd76f52ca196dd61a723","ssdeep":"384:85kGeS5hqovtzgGsBoYDMw6uLPdQ6iJHLa1lxZ+2vQKTk43myJwqHT3YoPMesiQY:ixHT10BaYDMeLPS8lK2QKTkkmyXTtWiH","tlshash":"97b2e1573158d8510f98e9fdb128e5c2d2d1c4c7a8e496047ad6cff3af2a81604c5eae","first_seen":"2026-03-23T08:32:41.235835Z","last_seen":"2026-03-23T08:32:41.235835Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1306,"timings":{"blocked":1053,"dns":0,"connect":0,"send":0,"wait":246,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-6/2022613131385316.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.270Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-6/2022613131385316.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 10194\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 11:37:35 GMT\r\nVia: cache12.l2cn8428[0,0,304-0,H], cache6.l2cn8428[2,0], kunlun5.cn7174[0,0,200-0,H], kunlun8.cn7174[17,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:31 GMT\r\nETag: \"a0546d3e3cc0db1:0\"\r\nAge: 161099\r\nAli-Swift-Global-Savetime: 1774093628\r\nX-Cache: HIT TCP_HIT dirn:9:319668253\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 12:53:37 GMT\r\nX-Swift-CacheTime: 82411\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547278816764e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":10194,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"dea94c47013d23d96537bb3ffdd67dcb","sha1":"2dcccbba9cdc01d01279265aa050feebde4ad09d","sha256":"ff97fefa319d59afbd929f92604463915fed7c7cfce35956430d3941af6f715f","sha512":"27b2a880a6deabc046e91b9014d2058dcc404a9f18307434f883f11276248d90e080688959f3e1d2340d6fabb6c6a459dc04e21b1adf6157a6d7f1338acfa8f4","ssdeep":"192:s1aZ8Ha0m7vHsAJLqDj8vjR2r3+aD7TzZHIh07qQwNTgjY13iUxGjPey0w6:s1aZdTMAY/mPMJHEsYdi9Deu6","tlshash":"cc22c011c2c7880de9b08c7b7b95407b138fbf4024a5d255ba90fdb73ed1c094a6993a","first_seen":"2025-07-14T23:47:46.623297Z","last_seen":"2026-03-23T08:32:41.237087Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3794,"timings":{"blocked":2891,"dns":0,"connect":0,"send":0,"wait":894,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-8/2022831856137897.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.272Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-8/2022831856137897.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8649\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 21:05:57 GMT\r\nVia: ens-cache63.l2cn9026[35,35,304-0,H], ens-cache31.l2cn9026[37,0], kunlun9.cn7174[0,28,200-0,H], kunlun3.cn7174[30,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:33 GMT\r\nETag: \"11af623f3cc0db1:0\"\r\nAge: 126997\r\nAli-Swift-Global-Savetime: 1774127730\r\nX-Cache: HIT TCP_HIT dirn:9:402676769\r\nX-Swift-SaveTime: Sat, 21 Mar 2026 21:15:30 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547275025974e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":8649,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"24750c4b97524d7eaf1c902b9964025e","sha1":"6697fdf9de0fda7508d23e8ad16d9a115839cfde","sha256":"ce95eda54e9de9f2f45e1ae3d973499d15431b15dd0e73688e98820db08714d7","sha512":"928bd762a07f4c8260af199ffb2892ef7d24b1452bb07bd017c79052d5d2c6b1ad2608cef6b1c7e0fd59bf6df7fe1ed26481efd2e26a5a1096f7f6212758101b","ssdeep":"192:3jXGXDD9J9RlOKvb+V7Y66FDQZ0pUtfmx5DYv9C1IZYWWReFxv1z:3j2XxRQ26V7Y669QZ7fW5h6YIx","tlshash":"a902af8a2bda1cce1e8be0e1a127159c5e735d4b921248c844bdb1f5c8b0b5ce2f2f02","first_seen":"2026-03-23T08:32:41.238132Z","last_seen":"2026-03-23T08:32:41.238132Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3429,"timings":{"blocked":3107,"dns":0,"connect":0,"send":0,"wait":314,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/game-tithd.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:05.777Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/game-tithd.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 196\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:20:20 GMT\r\nVia: cache8.l2cn8428[42,41,304-0,H], cache14.l2cn8428[43,0], kunlun10.cn7174[0,0,200-0,H], kunlun8.cn7174[5,0]\r\nLast-Modified: Thu, 16 Jun 2022 08:27:50 GMT\r\nETag: \"75765ef75a81d81:0\"\r\nAge: 3732\r\nAli-Swift-Global-Savetime: 1774250994\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:29:54 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547266928662e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3 x 18, 1-bit colormap, non-interlaced","md5":"ad60bdf7305183463a5cbf003c964dab","sha1":"615e6830a17765d665f45ccc2d74385fbdd087a8","sha256":"b905946bf4517be8fdc32dcd1f5a63b1ecffcfa7d10f6fcb008717d4031c6b77","sha512":"069a59c5bd1f5f8ad21bcabff9e5f24a9678619c2ac5831d1a9d7df2e17f64a6dc51981abf02158332b3d5701123b628370b987bda6055dd4d5ca1ecd5b2cc0a","ssdeep":"","tlshash":"acd080c3eff4dd55e76ac52381d01052a425175bc101275f4c49c0d029f99ddf6b4a75","first_seen":"2025-07-06T07:33:32.524078Z","last_seen":"2026-06-13T11:24:29.908605Z","times_seen":14,"resource_available":false,"data":null}},"time_used":1064,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1064,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/download.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:05.809Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /inc/download.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:17:52 GMT\r\nVia: cache7.l2cn8428[48,47,304-0,H], cache13.l2cn8428[49,0], kunlun9.cn7174[0,0,200-0,H], kunlun9.cn7174[5,0]\r\nLast-Modified: Tue, 02 Dec 2025 11:21:55 GMT\r\nETag: W/\"b2b91dd7d63dc1:0\"\r\nAge: 278\r\nAli-Swift-Global-Savetime: 1774254447\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:27:27 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547259335007e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":10750,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"690a534482bcb08712ffcfd93481200b","sha1":"401856e64e8c6ec0c073738ca994fcf2c7b2e9e9","sha256":"025e80930280cda9a6e4865e932336dcdb13ca82bc49430c64a926d1a0060d00","sha512":"19e8591d5f5b38353fd6da898b427912e03237f9edb1b2111c976bd70c7d35d217646fe74467e7592677ae23f2826af5e5124b7413845d9411f0ae75cd3d24fe","ssdeep":"192:XT/CRe5K8g94IUU2HCjAiUVs94oKJLNppJjq1o5ojJFV0jnbC6jbfeL:OAK8m1UjaeJLNpphC9QbO6jbO","tlshash":"333263843a9a356d539623152bfd4194eca790b35c4dc100f60c9dab3bf0e39e86fad9","first_seen":"2026-03-17T07:27:49.128307Z","last_seen":"2026-06-13T11:24:29.937606Z","times_seen":9,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022120909285958537.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.245Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022120909285958537.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 38160\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 15 Oct 2025 16:23:31 GMT\r\nETag: \"67e1e2bf03ddc1:0\"\r\nVia: cache24.l2cn8428[0,0,200-0,H], cache13.l2cn8428[1,0], kunlun6.cn7174[0,0,200-0,H], kunlun8.cn7174[4,0]\r\nAge: 95942\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:38 GMT\r\nX-Swift-CacheTime: 141326\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547260965637e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":38160,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 338x600, components 3","md5":"7a115d254d15ab98749919983d52b4c4","sha1":"d041d15d9862fba1556e77a93477b7eadfd318f7","sha256":"eb816855358d382b83e15e10f85855d32605bd41840e110c0673850af983da87","sha512":"5ec61565a1c6f749ec25ebcf5ed0c7e6cdc43a67cc2d2e159dfacdfc9a486694be79c4d8c5eee579335c23d297cfca9605a194025c3f4cef9412e3575dfe539c","ssdeep":"768:z59j6OKxeOogEgrL0DKw/+OxtmfsatGUzG+448SqYY8LE0aA:zjj7seOogEgroDKU+eKsanzG+FWYY8Lt","tlshash":"7903e1152bf3ab84f1e90cf026aad4d1d2bc5ecc48a7d7e775492460c295e1da811b3d","first_seen":"2026-03-23T08:32:41.240485Z","last_seen":"2026-03-23T08:32:41.240485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2037,"timings":{"blocked":1723,"dns":0,"connect":0,"send":0,"wait":277,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281116338696.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.257Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281116338696.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 34736\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Mon, 07 Apr 2025 16:03:05 GMT\r\nETag: \"529e98cd6a7db1:0\"\r\nVia: cache2.l2cn8428[0,0,200-0,H], cache5.l2cn8428[1,0], kunlun6.cn7174[0,0,200-0,H], kunlun9.cn7174[18,0]\r\nAge: 95944\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547280267678e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":34736,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"d40f15676b84cc58b85162c271a86b22","sha1":"2235df1e0e2acdb939b1574d02ec88ae3ef6f214","sha256":"7dcb3b12d53e3d68367d55dddfbe31b14de21a1741d76d3fa161d71ad8bead18","sha512":"76d5d1031b90a633b14b161b648d0649bc7b2dbf33462f378cc187786c8758f51329e8f8283056100f155eaca37920f53ae8664e94b865b264b588950c784f18","ssdeep":"768:KKusFdjdTYSdZ03ZKJ1+kp3xEGHeT+W8L89lCFo8eDdQtot:KKNd2R0ukXEGHFol7jDdCot","tlshash":"15f2f110a3cb7f2b8f585006f303e53b99d2959c1b9117d04b8896cbd91ff49841a85f","first_seen":"2026-03-23T08:32:41.241372Z","last_seen":"2026-03-23T08:32:41.241372Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3976,"timings":{"blocked":779,"dns":0,"connect":0,"send":0,"wait":3162,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2023-1/2023141651366559.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.271Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2023-1/2023141651366559.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 9066\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 03:00:53 GMT\r\nVia: cache8.l2cn8428[35,35,304-0,H], cache13.l2cn8428[37,0], kunlun10.cn7174[0,0,200-0,H], kunlun1.cn7174[9,0]\r\nLast-Modified: Sat, 18 Oct 2025 17:15:29 GMT\r\nETag: \"c6f98ecd5240dc1:0\"\r\nAge: 105699\r\nAli-Swift-Global-Savetime: 1774149028\r\nX-Cache: HIT TCP_HIT dirn:9:247063633\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 03:10:28 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547274063681e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":9066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"db8c6081ddd82c255a1c8f439516a561","sha1":"c9d695d4ec3bd040be137b2baa70ba530404f5ed","sha256":"45f00fdfa06aa8455fd95973834243716ce10c0b6b0c81a5d35969f68fb97728","sha512":"6d0aa0a84655f8349a499774e15c912e58155a6741481d4bd3f0240cafe6d32dc2404586e2f2ac8cdf39f1440cd37ce505313f3a61a22816b970e52cd7c60a98","ssdeep":"192:vIsp2ZC0ho6spdhSmQ2jfYW6eLxG/tJqwW44SEuZ3fsuksYHq271/YpaJ:wsp2k0IpjQW6mGpWJuZ3EbLHq2RNJ","tlshash":"cb12bfc379b06e677ff8602f89ad1146e5c882d484f2d31d0cf26a9a6864f543accdc4","first_seen":"2026-03-23T08:32:41.242119Z","last_seen":"2026-03-23T08:32:41.242119Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3297,"timings":{"blocked":3030,"dns":0,"connect":0,"send":0,"wait":258,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ip.9663.com/ipdata?callback=dggf\u0026q=javascript\u0026count=1\u0026sign=singcww5cwP7cKh3en2f\u0026_=1774254724783","fqdn":"ip.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.57","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.792Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ipdata?callback=dggf\u0026q=javascript\u0026count=1\u0026sign=singcww5cwP7cKh3en2f\u0026_=1774254724783 HTTP/1.1\r\nHost: ip.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/html; Charset=gb2312\r\nContent-Length: 341\r\nConnection: keep-alive\r\nCache-Control: Public\r\nSet-Cookie: ASPSESSIONIDAADDSQRS=BOBPOPCACIJMJPJCDHJEOKEE; path=/\r\nX-Powered-By: ASP.NET\r\nDate: Mon, 23 Mar 2026 08:22:30 GMT\r\nVia: cache33.l2cn1800[48,48,200-0,M], cache35.l2cn1800[50,0], kunlun5.cn7174[77,76,200-0,M], kunlun8.cn7174[79,0]\r\nAli-Swift-Global-Savetime: 1774254725\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:32:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547258054196e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":341,"size_decoded":0,"mime_type":"text/html; charset=gb2312","magic":"ASCII text, with very long lines (339), with CRLF line terminators","md5":"ced71516be6a2a8bbe64dce854ef0853","sha1":"b6dfd21c03317fdcb472711aae60a4ecd58d3e08","sha256":"acd4d6716cb0904c67976484d57863216ff5a3df9a7765fe4e0dc6208ffd8826","sha512":"eaa358656c1fd819984149dfffff0acf40956ab827f761bacc502c36835f24b091db39d2d735eea2dd35698420b094a7474d7135d0d25036ab5ba34012444a62","ssdeep":"","tlshash":"31e04f9da410e750e5c86f1c66398e6265c8f871ca9ab40844eac29243f8534f774121","first_seen":"2026-03-18T13:32:45.907736Z","last_seen":"2026-05-17T21:41:37.01741Z","times_seen":8,"resource_available":true,"data":null}},"time_used":2134,"timings":{"blocked":909,"dns":673,"connect":237,"send":0,"wait":315,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"ip.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"163.177.17.97","port":80,"asn":136958,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.186Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Mon, 23 Mar 2026 08:32:06 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-06-13T19:56:19.322835Z","times_seen":24449,"resource_available":true,"data":null}},"time_used":807,"timings":{"blocked":267,"dns":1,"connect":268,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://www.9663.com/downinfo/38620.html","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"182.61.244.229","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.729Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://www.9663.com/downinfo/38620.html HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Mon, 23 Mar 2026 08:32:07 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T01:33:42.567327Z","times_seen":16400444,"resource_available":true,"data":null}},"time_used":1421,"timings":{"blocked":565,"dns":281,"connect":284,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281510388622.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.253Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281510388622.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 10260\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 09 Apr 2025 14:47:14 GMT\r\nETag: \"a051a6485ea9db1:0\"\r\nVia: cache5.l2cn8428[0,4,200-0,H], cache18.l2cn8428[7,0], kunlun8.cn7174[0,0,200-0,H], kunlun9.cn7174[6,0]\r\nAge: 95940\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547248737369e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":10260,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"4d6dd1467bfa6e9a04df2dcb2d73b455","sha1":"11d782101bdb2fdb4fb288f0913a3f0a814b814f","sha256":"d0fbe754ebde720a6c78f6fea3de306c203fd2585e8757624c6c748d430fe028","sha512":"00daf5a81fea0f37fea16a79531231bb897964c4e715c8b3f1a70909e24126fbf575cd597b0d6fe70cecfe3a7dab7d9916eaa6d183d250f78a093d10e118a067","ssdeep":"192:VzzzMUc42/xq1p2AH7hbNPOG0MJtxp0xfGmGDy3K7HgzYCCy5CFlaI:BXT3yoNN21W/+w5miHJCkFN","tlshash":"2122c081c60c8086d6e4347b65e89d66f4abc0d2d2a8385ac7cb305abf54493ad6c893","first_seen":"2026-03-23T08:32:41.244407Z","last_seen":"2026-03-23T08:32:41.244407Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1376,"timings":{"blocked":530,"dns":347,"connect":241,"send":0,"wait":252,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281351576722.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.254Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281351576722.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 10482\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 09 Apr 2025 14:47:14 GMT\r\nETag: \"7f5e9b485ea9db1:0\"\r\nVia: cache12.l2cn8428[0,0,200-0,H], cache9.l2cn8428[1,0], kunlun9.cn7174[0,0,200-0,H], kunlun10.cn7174[2,0]\r\nAge: 95941\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547251677609e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":10482,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"157163a8478f38643db58d697f103075","sha1":"933f0969813bc671e23fd9d81e878449c9cb1ef2","sha256":"54ac29e4b401e7476904d41e12ed50dc8ef4116dc67c7ad897ec5f7bf3ffb2e9","sha512":"815f965f16234dcb28c9be6383c4cfe673340ca91a211ab656aedc60bda2e016f7adb0306d352a05b27cbf4effb79a8c65ac91aa1edc95dd58543fd5f2e6d6e8","ssdeep":"192:j43ygKYtT0F9dfOFbskgyqB/DmgdA0GVj0UuwZ77hsaPSJguN8:LgbtT08gzdAnVYUuwZ79sHr8","tlshash":"ef22bfc5f461df573f271e332867e248113e40c86e5c187931d935ac0b79a2aca9e5b4","first_seen":"2026-03-23T08:32:41.245203Z","last_seen":"2026-03-23T08:32:41.245203Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1064,"timings":{"blocked":528,"dns":0,"connect":266,"send":0,"wait":268,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-6/2022614167522813.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.269Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-6/2022614167522813.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8255\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 02:20:28 GMT\r\nVia: cache12.l2cn8428[0,0,304-0,H], cache9.l2cn8428[1,0], kunlun3.cn7174[0,25,200-0,H], kunlun5.cn7174[30,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:31 GMT\r\nETag: \"9f967b3e3cc0db1:0\"\r\nAge: 108125\r\nAli-Swift-Global-Savetime: 1774146602\r\nX-Cache: HIT TCP_HIT dirn:10:285364818\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 12:53:37 GMT\r\nX-Swift-CacheTime: 135385\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547272598506e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":8255,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"c98069914f1bdbebf98df16eb3c613aa","sha1":"ca46308283dfe7dce492dd684b6be3de35d55299","sha256":"23346c7beb9beb4b03f5a0191b0d7908db9a7efb532bd046dac435ac44f6aa56","sha512":"50bb90f037588e5af360d96da5ebfb49e1582169f27501c059556a6a91f06b2ab22f3bd533593f3b56f489a437b86391d0a005ea38d038776b5334f7e169d723","ssdeep":"192:9zihWjJ/v+XqKbPzjkELOWtmybikqhSJSg:R+I/v+Xq6PzgELNtxbqhZg","tlshash":"1d02afa021b6f49257cf5e6ad6300c79c7a5111356a834c6c2ecd85b34b2bdcfbb6132","first_seen":"2025-07-14T23:47:46.62255Z","last_seen":"2026-03-23T08:32:41.246037Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3174,"timings":{"blocked":2891,"dns":0,"connect":0,"send":0,"wait":274,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/20227271754337526.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.273Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/20227271754337526.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 16793\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:32:29 GMT\r\nVia: cache27.l2cn8428[34,34,304-0,H], cache6.l2cn8428[35,0], kunlun9.cn7174[0,26,200-0,H], kunlun5.cn7174[30,0]\r\nLast-Modified: Thu, 13 Nov 2025 17:10:30 GMT\r\nETag: \"fad256ac054dc1:0\"\r\nAge: 96605\r\nAli-Swift-Global-Savetime: 1774158123\r\nX-Cache: HIT TCP_HIT dirn:9:148021293\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 05:42:03 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547281575102e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":16793,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"4a7f573f27e2778f365e21dcc813cd1b","sha1":"75b95f3ba26856fb4617b9e10b7a3b0af3eb2f54","sha256":"d82042295358b178f9ab1975f69e64b7459237dbecfd8aef64aa643af180d796","sha512":"960781f8579437280cc95b0615c13528e051bf123a69d93fd20c74bb407115cee484eccd5ea904f7f3af9becb0662cce7921509083e6f8fd6e90c0818525ddd2","ssdeep":"384:4LaYWeR9lzuUPkcT+uZPRBegN0FT3vU+lI64OCgwK5XaQ8cT6X/:4nVR9luUcE7BTN0FTfU+l0K5XaQZ2P","tlshash":"c472e11470c372c55477f7924b9ce23fb10a08a3acbb9038f54d619be30aff0465518a","first_seen":"2026-03-23T08:32:41.246934Z","last_seen":"2026-03-23T08:32:41.246934Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4072,"timings":{"blocked":3169,"dns":0,"connect":0,"send":0,"wait":889,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/skin/gr/images/comment_tg.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.139Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skin/gr/images/comment_tg.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 341\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:20:23 GMT\r\nVia: cache8.l2cn8428[23,23,304-0,H], cache28.l2cn8428[24,0], kunlun10.cn7174[0,0,200-0,H], kunlun5.cn7174[1,0]\r\nLast-Modified: Fri, 29 Dec 2023 09:58:24 GMT\r\nETag: \"0e1db8f3d3ada1:0\"\r\nAge: 3729\r\nAli-Swift-Global-Savetime: 1774250997\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:29:57 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547262343614e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":341,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 88 x 26, 8-bit colormap, non-interlaced","md5":"ab4fe0dbf13f79be416918e3f5b937a9","sha1":"3e37cb5809d5df0206ea5649c184ac088c28da05","sha256":"f971cf368e31bb12c42eb88971d2b73ba2e8b728e95f8f1dcd32c5d2f2abc6d7","sha512":"7945522eaad926f6c55bfb3e881420aeaabc81fd51205cbc2a259f26a6a565f9bf087676a45cc4c914d7573f6a4f4599fa5aad7909bb1dc01cf4b96b9092cd29","ssdeep":"","tlshash":"ffe02de21ec61f14ed3761a533a3a81a480321cace0a270d0459c420e0274cca8aca10","first_seen":"2025-07-06T07:33:32.54163Z","last_seen":"2026-06-13T11:24:29.940659Z","times_seen":14,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=5B1A49BA758A41A3\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=564575592\u0026si=baf83e8dd433374f1bc0166eff0c59af\u0026v=1.3.2\u0026lv=1\u0026sn=25672\u0026r=0\u0026ww=1280\u0026u=http%3A%2F%2Fwww.9663.com%2Fdowninfo%2F38620.html\u0026tt=i%E5%8D%9A%E5%AF%BCapp%E4%B8%8B%E8%BD%BD%E5%AE%98%E6%96%B9-i%E5%8D%9A%E5%AF%BC%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BDv2.8.1%20%E5%AE%89%E5%8D%93%E7%89%88-9663%E5%AE%89%E5%8D%93%E7%BD%91","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:07.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=5B1A49BA758A41A3\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=564575592\u0026si=baf83e8dd433374f1bc0166eff0c59af\u0026v=1.3.2\u0026lv=1\u0026sn=25672\u0026r=0\u0026ww=1280\u0026u=http%3A%2F%2Fwww.9663.com%2Fdowninfo%2F38620.html\u0026tt=i%E5%8D%9A%E5%AF%BCapp%E4%B8%8B%E8%BD%BD%E5%AE%98%E6%96%B9-i%E5%8D%9A%E5%AF%BC%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BDv2.8.1%20%E5%AE%89%E5%8D%93%E7%89%88-9663%E5%AE%89%E5%8D%93%E7%BD%91 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Mon, 23 Mar 2026 08:32:07 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=C513B1B2884A5D2F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-14T01:26:21.016685Z","times_seen":367670,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/9663logo.jpg","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.242Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/9663logo.jpg HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 3235\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 06:55:43 GMT\r\nVia: cache27.l2cn8428[0,0,304-0,H], cache1.l2cn8428[1,0], kunlun1.cn7174[0,0,200-0,H], kunlun8.cn7174[2,0]\r\nLast-Modified: Sun, 16 Nov 2025 14:26:30 GMT\r\nETag: \"c0792c0557dc1:0\"\r\nAge: 5207\r\nAli-Swift-Global-Savetime: 1774249517\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:05:42 GMT\r\nX-Swift-CacheTime: 7175\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547249197727e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3235,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 220x70, components 3","md5":"e54cf64f8a0ace549f5d711bc1ed2edb","sha1":"344dc071d78bd240f83d96d6c1e768e5906fcb13","sha256":"6253c852c216c231403e4005a4c7e2abb9c422af9a73113ab1c2a0e41338afeb","sha512":"0ec0e6e11a28c4be3634feffc24a373b0a7b39fc37b0671b36f3de4dc70a8005bab27a6758fc809d697ca39c482d070b6121c7c3b088bd39c19d59f3872ee928","ssdeep":"","tlshash":"e6612a299984d588ef6275f21c8217bec35de4c2b4996cc95484880efed3472c4b226a","first_seen":"2025-11-18T09:52:04.703451Z","last_seen":"2026-06-13T11:24:29.910462Z","times_seen":10,"resource_available":false,"data":null}},"time_used":857,"timings":{"blocked":541,"dns":0,"connect":0,"send":0,"wait":280,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022129918544799.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.250Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022129918544799.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 31928\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 14:28:04 GMT\r\nVia: cache13.l2cn8428[34,99,304-0,H], cache21.l2cn8428[100,0], kunlun10.cn7174[0,0,200-0,H], kunlun8.cn7174[2,0]\r\nLast-Modified: Fri, 09 Dec 2022 01:18:54 GMT\r\nETag: \"7e5f8a346cbd91:0\"\r\nAge: 64467\r\nAli-Swift-Global-Savetime: 1774190259\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547264117365e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":31928,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3","md5":"67c01f2f011f1ad09c33f857c507b711","sha1":"6db4cc7b48df3a3f9f57f3e810df078068c49080","sha256":"e884c37697c5d30af16457bf48ac442cc6fe18d632826fbab921a31aeb345c4d","sha512":"6cdacf0961339682ebfab02e5fab39e04d11a039debd45d368ea317ee38df6fd032c5a80424e013ff259f47163fc2b7f58ccdb8aa88547dbfcbe1abf9f42db97","ssdeep":"768:vZK+LBu4SkKZDVexACFkfYCuq9au5m/YM/3R4U7EU8:vZK+LA4SkKZDwxAN3u7y7M54UQH","tlshash":"68e2e1c984043b387f7e7a71dc536079e8849d47beb6e2e442c4d616f7bbb09a24126c","first_seen":"2026-03-23T08:32:41.251344Z","last_seen":"2026-03-23T08:32:41.251344Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2338,"timings":{"blocked":2032,"dns":0,"connect":0,"send":0,"wait":275,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-6/2022691643207142.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.267Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-6/2022691643207142.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8424\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Mon, 23 Mar 2026 01:20:46 GMT\r\nVia: cache16.l2cn8428[19,19,304-0,H], cache11.l2cn8428[20,0], kunlun8.cn7174[0,15,200-0,H], kunlun5.cn7174[61,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:32 GMT\r\nETag: \"8018d03e3cc0db1:0\"\r\nAge: 25305\r\nAli-Swift-Global-Savetime: 1774229421\r\nX-Cache: HIT TCP_HIT dirn:9:26434808\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 01:30:21 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547269447052e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":8424,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"c910de70fe11a7914c0002d01b7eb3bc","sha1":"d86b0be3536c2dcc301b5d6600ffb85fa6c12b1b","sha256":"b198e199203745babe0b2ac34e7e20b5d56136b0b23eff94fd45b5a4cf67986e","sha512":"74ad5207325ba58f8f55f40d09e5a1e8712d65d365cc5fa58556c182b76ad51dc494ee25fbb84f180180ebf917afb78699963c46577ce74d8d31e518272e3009","ssdeep":"192:Q804AR1uC9YAcgnAYOmFi2aSG74m7d4KBXYjVO:Q8vc1uFAcjYF/TG74m7SQXYk","tlshash":"3902bfca77c46cdf8c0705069d283b21646c8a3bb82412acb964b6177332dedb22cb71","first_seen":"2025-07-14T23:47:46.636396Z","last_seen":"2026-03-23T08:32:41.252197Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2894,"timings":{"blocked":2578,"dns":0,"connect":0,"send":0,"wait":308,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/202271141814060.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.272Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/202271141814060.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 7090\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 04:06:54 GMT\r\nVia: ens-cache46.l2cn9026[33,33,304-0,H], ens-cache48.l2cn9026[34,0], kunlun1.cn7174[0,9,200-0,H], kunlun10.cn7174[12,0]\r\nLast-Modified: Sun, 16 Nov 2025 15:15:47 GMT\r\nETag: \"2fd78fe2b57dc1:0\"\r\nAge: 101738\r\nAli-Swift-Global-Savetime: 1774152989\r\nX-Cache: HIT TCP_HIT dirn:8:144134274\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 04:16:29 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547275393221e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":7090,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"e9ae9fc15bb49616d249d1ebe415810d","sha1":"38c44d7a8c4695fcc85f5411a7fecdd9aaf545d7","sha256":"35ce6ea636c53e34560cf1cbeb42178549bb072e3a899586d55e394d3ea6648f","sha512":"0151875d167d2dd3648a8efca102c6bcef17a125e740e9c590b6fbd9943ad1a592edefc8c5adbee30254cc79c1a3d36694c142dde629819d6870fdd3ff12dacb","ssdeep":"192:MOGi1D4VVtkLuJNr+yADoEuMSYl/CkTtc:rG0D4Pt3r+yrBYEAtc","tlshash":"7ee19ee9324d1e75a6bfaea65cc4f3fbc3b18e683a920d824680416522d295400ff60f","first_seen":"2026-03-23T08:32:41.253224Z","last_seen":"2026-03-23T08:32:41.253224Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3433,"timings":{"blocked":3148,"dns":0,"connect":0,"send":0,"wait":279,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/nodomain.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.795Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/js/nodomain.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nContent-Length: 466\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:14:42 GMT\r\nVia: cache24.l2cn8428[0,0,304-0,H], cache18.l2cn8428[1,0], kunlun1.cn7174[0,0,200-0,H], kunlun5.cn7174[1,0]\r\nLast-Modified: Fri, 27 Feb 2026 16:00:26 GMT\r\nETag: \"4eedec2f2a8dc1:0\"\r\nAge: 4069\r\nAli-Swift-Global-Savetime: 1774250656\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:40:04 GMT\r\nX-Swift-CacheTime: 6252\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547256018376e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":466,"size_decoded":0,"mime_type":"application/x-javascript","magic":"Unicode text, UTF-8 text, with very long lines (466), with no line terminators","md5":"42507016f5524446a40d3e003c9d752d","sha1":"cf58114b68271def4aa86ec4fb20b666c5e3da05","sha256":"ae64000397d604df1858e0a3ca3ab12e4ff1955ab8373eb740ec02d5aa7e6b2d","sha512":"96f79512fc5f446fbf71439351821a8bce2acd5ebd14f26cd0c199df03e9c11e525ff953e59d73d582a556102f37d7318cf7e53ad9cda72440c1e874abfa985a","ssdeep":"","tlshash":"cdf09eb58f03456880f42885946c2d0402be2227f700ccfaa796080b7d3d70d2119dde","first_seen":"2026-02-23T20:03:02.589759Z","last_seen":"2026-06-13T11:24:29.928047Z","times_seen":52,"resource_available":false,"data":null}},"time_used":957,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":957,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/azspr.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:05.841Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/azspr.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 26090\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:22:17 GMT\r\nVia: cache28.l2cn8428[45,45,304-0,H], cache20.l2cn8428[46,0], kunlun8.cn7174[0,0,200-0,H], kunlun10.cn7174[5,0]\r\nLast-Modified: Fri, 17 Jun 2022 01:29:02 GMT\r\nETag: \"c5055a0e981d81:0\"\r\nAge: 3614\r\nAli-Swift-Global-Savetime: 1774251111\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:31:51 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547259743597e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":26090,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 680, 8-bit/color RGBA, non-interlaced","md5":"551507282380f31acbcc6a5cc1483355","sha1":"69c5565ea2d2d5d44fbcd6ce28d933d8097ad977","sha256":"26076e1b42fd29b7fbee987586fbc62d1d901dbfccb4f76ed19049f434752b2d","sha512":"c0822f29fc2a5a2661976d34546631d3b7f8426f670f95f0c0bd3935be4f013c5a42a8512e0b46d0be0e73b11adcf6acb48edc3faeeb3963e146c5a8efa88254","ssdeep":"384:Fa9uKPjV4SZ/rgcm6G19I+8DZyPclaxFA65088ex3GrOEgpZM7999N99UN+X997g:s9uKPNgcm/I9DsPne6F3iO9mo+wICd4A","tlshash":"76c2d07a16860703a8e7a65df15e016e32200e11e3d7cfe9268ed0e50468d69cfbfe17","first_seen":"2023-07-19T20:31:31Z","last_seen":"2026-06-13T11:24:29.909526Z","times_seen":98,"resource_available":false,"data":null}},"time_used":633,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":276,"receive":357,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/close.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/close.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/lightbox.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1130\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:10:17 GMT\r\nVia: cache23.l2cn8428[43,43,304-0,H], cache25.l2cn8428[45,0], kunlun9.cn7174[0,0,200-0,H], kunlun9.cn7174[2,0]\r\nLast-Modified: Tue, 14 Jun 2022 01:08:37 GMT\r\nETag: \"a3f9c0468b7fd81:0\"\r\nAge: 4334\r\nAli-Swift-Global-Savetime: 1774250392\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:19:52 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547266068301e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1130,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced","md5":"c5a02addff39023c24758bc0feb99d82","sha1":"5f42a7dc53fb9cc9d138c265ee61d2efbd564845","sha256":"e61104d5bf3e90275a1d286994219294ad1972160bbe0cb6d691aff1dac0663d","sha512":"2e012085ac3ee3bd2b129e6971825af1cc543b0b147b7df10e94e90d449bb1cf3ce1a8a97e7d08c76d9c01c5aa66357d0a8fd9d71123222cc99de25fe7568b95","ssdeep":"","tlshash":"ab21661bed053450a1d4f4912ce68c2f862109d8d9e0e75fbccec4d22eb51f456851ef","first_seen":"2025-07-06T07:33:32.532562Z","last_seen":"2026-06-13T11:24:29.929135Z","times_seen":14,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":231,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/20227131239347826.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.262Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/20227131239347826.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 5728\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 14:28:05 GMT\r\nVia: cache9.l2cn8428[41,49,304-0,H], cache24.l2cn8428[50,0], kunlun1.cn7174[0,0,200-0,H], kunlun3.cn7174[3,0]\r\nLast-Modified: Fri, 10 Oct 2025 17:02:40 GMT\r\nETag: \"355615b073adc1:0\"\r\nAge: 64467\r\nAli-Swift-Global-Savetime: 1774190259\r\nX-Cache: HIT TCP_HIT dirn:11:105378167\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547266052083e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"b5e297c3d4789d07a6d46578ca143956","sha1":"a489bd693dc3e5af9e46dafaf7a0ff1e26804af3","sha256":"be145ba41956d1c4edad8d4a6f53434eacd2ff7de814f1db109cd2b78bcb0513","sha512":"98870fe4ef47214faa2d013305511ba2fa8ac6914892d9e702d76d2d19fe8f7e4d796791fe40b0bf51dbdd5e174e0ecabd50634db9dcd628bbc138f92113aee6","ssdeep":"96:5knU41uJCslQ9vYSJlnW2qB35oIwtICRc3OKgDup2U3OmQucZyaE1p+/eP6h9TC:56PulQ9vRl03ptpOng11kE1pX6nC","tlshash":"12c18e56106dfc0c27823c03f21157ee3b85ea7b167b460a754ef6f50c6629c7e48746","first_seen":"2026-03-23T08:32:41.255828Z","last_seen":"2026-03-23T08:32:41.255828Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2513,"timings":{"blocked":2220,"dns":0,"connect":0,"send":0,"wait":287,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-6/202269158446056.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.266Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-6/202269158446056.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 9902\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 12:31:45 GMT\r\nVia: cache6.l2cn1816[0,0,304-0,H], cache52.l2cn1816[1,0], kunlun9.cn7174[0,7,200-0,H], kunlun3.cn7174[9,0]\r\nLast-Modified: Thu, 08 May 2025 17:11:32 GMT\r\nETag: \"469cce3e3cc0db1:0\"\r\nAge: 157847\r\nAli-Swift-Global-Savetime: 1774096879\r\nX-Cache: HIT TCP_HIT dirn:10:233111088\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 10:11:23 GMT\r\nX-Swift-CacheTime: 95396\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547268973339e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":9902,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"4e587f60714735b4a6e387efacb2990e","sha1":"1d9297cc9fbc87b4a96006b6e1e4d3a65a714c0a","sha256":"6b6911f36f840218a09f7d1c6458c719018d3f2e9729bb8ec457aa22f98ee931","sha512":"091335d772f6631c88d30508df82aba110fe0bd572c15120beee19ba1ebaa0343b8e360fc5b690ef3e178d4bda1eb5462398a53dd1b717c76541ca44948f371a","ssdeep":"192:91YciOlKNnUdCcDNCmy6aAGlwC2zt/GMtdxw0yT9T8U6pP0TNe8c:4ciO3F/1aAxAMW0k9IpcTNNc","tlshash":"3512cf885bb4470f6cbe43123a3d9fdee8deaa2035418572db043b4b5ed7239da42d25","first_seen":"2025-07-14T23:47:46.632872Z","last_seen":"2026-03-23T08:32:41.258086Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2810,"timings":{"blocked":2509,"dns":0,"connect":0,"send":0,"wait":292,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/favicon.ico","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:08.449Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nCookie: ASPSESSIONIDACBBTSSR=EPPGFBNDBLOIJDFHPPHLGLDD; Hm_lvt_baf83e8dd433374f1bc0166eff0c59af=1774254727; Hm_lpvt_baf83e8dd433374f1bc0166eff0c59af=1774254727; HMACCOUNT=5B1A49BA758A41A3\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/x-icon\r\nContent-Length: 487\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:09:28 GMT\r\nVia: cache21.l2cn8428[0,0,304-0,H], cache23.l2cn8428[1,0], kunlun6.cn7174[0,0,200-0,H], kunlun10.cn7174[2,0]\r\nLast-Modified: Mon, 10 Nov 2025 00:51:37 GMT\r\nETag: \"292c132bdc51dc1:0\"\r\nAge: 4385\r\nAli-Swift-Global-Savetime: 1774250343\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:19:52 GMT\r\nX-Swift-CacheTime: 7151\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547285828973e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":487,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"292bbc2b15ccbd56620569c6032f9b9b","sha1":"1ac6636985699a9893435ac4d65b7b5cbb111d2b","sha256":"6b22a35e29c1c124fb11dbd685d3acfded6d02d6733c56a62e399ada42ca8839","sha512":"6760d2440a4b201b9ad2816c665f6629ac7de88c68f56cad4ebc1b62bb7199b6820b7958c3deef84c4a44ef40221fc1de86e35b0ca9b35d4f482455f31c61782","ssdeep":"","tlshash":"06f054f2aa736c5dea38023f7b1fe473ea1a517c2787dd002105e1644fd0f568848e65","first_seen":"2025-11-18T09:52:04.719086Z","last_seen":"2026-06-13T11:24:29.936642Z","times_seen":10,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022120909285935866.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.247Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022120909285935866.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 44887\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Wed, 15 Oct 2025 16:23:31 GMT\r\nETag: \"165ce1bf03ddc1:0\"\r\nVia: cache28.l2cn8428[0,0,200-0,H], cache24.l2cn8428[1,0], kunlun5.cn7174[0,0,200-0,H], kunlun10.cn7174[2,0]\r\nAge: 95942\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:38 GMT\r\nX-Swift-CacheTime: 141326\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547263325529e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":44887,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 338x600, components 3","md5":"8d6bb9c052cab0096b4e1dee5719cf8f","sha1":"89bb54b4550e21c279476269cb1f0968cd31ca85","sha256":"329c3bc8a508aea43728eb5c54adbe3bb92fa1f50ec5ba994dcf8c7b4ab1d2cb","sha512":"484c925bae32eadd46fe4d06d7bd7ca9f22c01a1a23a5d8499b9a88068f06cd03d906d7566c7023ff0ffc537c3bb65a2de7f11d99b4fefbc5a73d6a5387c4eac","ssdeep":"768:LwIz5OwWBnw3qAAYy17v/vpvQyk79fodiHKWeC+FRJMbVAeTSJ+dSCRXk:LwIz5P8AzyT3kZfoUT7+SRAtJ8SSU","tlshash":"2c13f1b84b2827699454653bd72d148750fcf6e72863ce68beffa4062dc5b220a9ec14","first_seen":"2026-03-23T08:32:41.259606Z","last_seen":"2026-03-23T08:32:41.259606Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2280,"timings":{"blocked":1968,"dns":0,"connect":0,"send":0,"wait":269,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022129912432528.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022129912432528.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 25485\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 14:28:04 GMT\r\nLast-Modified: Fri, 09 Dec 2022 01:12:43 GMT\r\nETag: \"987a53576bbd91:0\"\r\nVia: cache12.l2cn8428[35,34,200-0,H], cache8.l2cn8428[36,0], kunlun1.cn7174[0,-1,200-0,H], kunlun3.cn7174[13,0]\r\nAge: 64466\r\nAli-Swift-Global-Savetime: 1774190259\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547259787349e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":25485,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 512x512, components 3","md5":"07ebb9874d8b1b6c5ce408aa02d7bd91","sha1":"cb2a9cb6dcacab27214e7fddb5bf838aec9e39a6","sha256":"8be78420ac53dbf8969a53489284282b342af184fe5ce317be43142f8d490ea4","sha512":"98fb136225e72142e4eeda176d3de5fc7b098e85e3be9ed58c0377b2b04d74a64c94238f5a06dab2d6ae251cb234a3881f08584da88f0f9645fa426120ee22c2","ssdeep":"768:GygH0AH0AH0AHgntmcRbHVAyzMiPMnHf/3PQeara:GUtzR7WYMn6a","tlshash":"56b25c238d188f83f18c67d57e260ead761a2a6cac5776ff05320cc67bd17a14d9803a","first_seen":"2026-03-23T08:32:41.260551Z","last_seen":"2026-03-23T08:32:41.260551Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1906,"timings":{"blocked":531,"dns":0,"connect":283,"send":0,"wait":1086,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/ewm1.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.292Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/ewm1.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 366\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:22:16 GMT\r\nVia: cache5.l2cn8428[41,41,304-0,H], cache18.l2cn8428[43,0], kunlun6.cn7174[0,0,200-0,H], kunlun1.cn7174[4,0]\r\nLast-Modified: Wed, 24 May 2023 08:11:12 GMT\r\nETag: \"cae09c4d178ed91:0\"\r\nAge: 3615\r\nAli-Swift-Global-Savetime: 1774251111\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:31:51 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547265187049e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":366,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"9c29573287a217daa3a4707a7d74f5f4","sha1":"bd37fbc9fede45c6de3fe9b4e59bc8e00cdd5eda","sha256":"ab1063a748f42235d21d7961032bb613bf3bbb42d309385a5a6a8dd6bdaf35fa","sha512":"d72c32cfc60b5f623938ca8f35034dcc744b0060f2efa53fea2ccfea8b5d1fde1e14450eedafa18a0b24b8e9e2f86a17233fa46d51cf2d2aeb6a766025c9cdbe","ssdeep":"","tlshash":"41e0c0f077857d34df83bd29a339c50486116ec8b9101f691c55dc75d5c45df6454e82","first_seen":"2025-07-06T07:33:32.536146Z","last_seen":"2026-06-13T11:24:29.942724Z","times_seen":14,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281023376445.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.258Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281023376445.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 38594\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 14:28:05 GMT\r\nLast-Modified: Thu, 08 Dec 2022 02:23:37 GMT\r\nETag: \"6fef2814acad91:0\"\r\nVia: cache7.l2cn8428[35,39,200-0,H], cache15.l2cn8428[40,0], kunlun10.cn7174[0,0,200-0,H], kunlun10.cn7174[3,0]\r\nAge: 64466\r\nAli-Swift-Global-Savetime: 1774190259\r\nX-Cache: HIT TCP_HIT dirn:9:98914399\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547257302393e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":38594,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"eefd646233f7baeb16df5875112632cf","sha1":"b81a864170bffe1acec99d2ee16dd6a9b9958f53","sha256":"29d60fa55b0b37d1bc182922388330330f56e06dee2ecdecbffcab8ac3793184","sha512":"5abb30eba6426afb2ca42ee9b69c3777c106314b6dcec954454fd0503702f4abe701ea1090a72eeee5a7088fef896710a1833492ecbe5b448ef8e910b0aca444","ssdeep":"768:chm2K/OkCCmo++Am7EGu6fvjOHcAK5l9afLMPqArrPkov+C7D45:6m2WOVe57EGDfiHcfjj9rPkome45","tlshash":"1403f176c082e61bd637259a799f47adb31e36209c370f0372e63a4105c2b69dc852bf","first_seen":"2026-03-23T08:32:41.262735Z","last_seen":"2026-03-23T08:32:41.262735Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1660,"timings":{"blocked":1354,"dns":0,"connect":0,"send":0,"wait":269,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-9/2022922150331339.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.260Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-9/2022922150331339.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 32640\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Mon, 23 Mar 2026 08:19:56 GMT\r\nVia: cache30.l2cn8428[43,43,304-0,H], cache16.l2cn8428[44,0], kunlun8.cn7174[0,18,200-0,H], kunlun8.cn7174[22,0]\r\nLast-Modified: Thu, 22 Sep 2022 07:00:33 GMT\r\nETag: \"846470251ced81:0\"\r\nAge: 154\r\nAli-Swift-Global-Savetime: 1774254571\r\nX-Cache: HIT TCP_HIT dirn:10:321837255\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:29:31 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547254712554e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":32640,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"7349c25147a971df7f731d27a1ae2e1c","sha1":"f6ed11c3d69bd73dd7d535850b3c507047509e40","sha256":"642c0345e24d646a41497c1ce80d727c263a72eee02ece672d89888de06347ee","sha512":"7922a9bd9175448b4411ac17d0ace91e22203d9007a6c248630067fcf6e1f692e75624381b66c002fedb741c1b23cc35a202de73fcb1d2d4bbd4844ed6ebd10e","ssdeep":"768:ccySBz6aGJg/BQBI8GAkQ8GnVY6XVRa4B6TPsvVepORja:c2Bz6Tvb2YnVJXVs0uP+VeY1a","tlshash":"0ee2e1c91264aeebc5acbd321b1581ab270bbd539fc901b9010bb9a7c57f77dc40c591","first_seen":"2026-03-23T08:32:41.263622Z","last_seen":"2026-03-23T08:32:41.263622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1408,"timings":{"blocked":1082,"dns":0,"connect":0,"send":0,"wait":295,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-10/20221019143501024.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.263Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-10/20221019143501024.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 14650\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 19:50:24 GMT\r\nVia: ens-cache52.l2cn9026[33,33,304-0,M], ens-cache62.l2cn9026[35,0], kunlun10.cn7174[0,0,200-0,H], kunlun10.cn7174[8,0]\r\nLast-Modified: Mon, 13 Oct 2025 16:04:48 GMT\r\nETag: \"e655d4195b3cdc1:0\"\r\nAge: 131530\r\nAli-Swift-Global-Savetime: 1774123197\r\nX-Cache: HIT TCP_HIT dirn:9:98910861\r\nX-Swift-SaveTime: Sat, 21 Mar 2026 19:59:57 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547272491715e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":14650,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"f1ed0bcab129458d41bb2756374ae217","sha1":"9b5decb6a26beaa521624eb3c6a116c5a5960d11","sha256":"4427b8bbbf49827128fa4b29dda7309a4e46c1d0a7142c02d499d2287f03f88b","sha512":"bece8253f46e14cd85ef817625cfd763504e7027b6dd0fcdf03cd373fb61a110f0293e1640fd877dea8222b8952a2a776af49707bb32bac0e3cfaed94b4b5cd3","ssdeep":"384:QeFMj/8grq2kwPv4yQZrZEsJmJqKlz0vL0h:QecRsaQyQfXJmJV+0h","tlshash":"7662d17e2b54553f6c2628d4b61586e0fa4d8817069d7f80c531db01f6291868ac69ed","first_seen":"2026-03-23T08:32:41.264604Z","last_seen":"2026-03-23T08:32:41.264604Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3157,"timings":{"blocked":2263,"dns":0,"connect":0,"send":0,"wait":880,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/2022719109367017.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.274Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/2022719109367017.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 5931\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 01:02:42 GMT\r\nVia: ens-cache11.l2cn9026[43,43,304-0,H], ens-cache58.l2cn9026[45,0], kunlun1.cn7174[0,2,200-0,H], kunlun1.cn7174[12,0]\r\nLast-Modified: Wed, 09 Apr 2025 14:47:22 GMT\r\nETag: \"837b7b4d5ea9db1:0\"\r\nAge: 112791\r\nAli-Swift-Global-Savetime: 1774141936\r\nX-Cache: HIT TCP_HIT dirn:10:99476329\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 01:12:16 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547276665030e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5931,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 4-bit colormap, non-interlaced","md5":"f164826e3ec4a4c5c35386a161dca0b2","sha1":"7a79ca77907ce9a359d77f2ce1fca840a9d331f8","sha256":"619ed6d46de89c683a79a34bf95b44be330df9e1093d9139da9421459ba34ed9","sha512":"01166787fa81e6c13170a124c4c4ba0ecf0f5f213e3a4b06ac4f32fea41932ab436eaa8f63674c413e17e45bce6bd30d0d08f74aa2755f759e23b441569af4fe","ssdeep":"96:LRK6HtZf22uq+up/s23WljzVDxDnuWs5JAXprZqhU7Q+DpWSPh/Tfcyf8FZV6qbc:dHHtZuqX/s23WlnVluwNYhU0+Dp/hLLl","tlshash":"bfc18d45ccad7872e609a6014b6f3142f9fa78f99cda0e59d61c847cf88041094bbde2","first_seen":"2026-03-23T08:32:41.265778Z","last_seen":"2026-03-23T08:32:41.265778Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3554,"timings":{"blocked":3294,"dns":0,"connect":0,"send":0,"wait":254,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-7/20227201046454993.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.275Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-7/20227201046454993.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 3725\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 11:43:24 GMT\r\nVia: ens-cache25.l2cn9026[0,4,304-0,H], ens-cache56.l2cn9026[5,0], kunlun10.cn7174[0,4,200-0,H], kunlun10.cn7174[7,0]\r\nLast-Modified: Wed, 09 Apr 2025 14:47:23 GMT\r\nETag: \"2678904d5ea9db1:0\"\r\nAge: 160749\r\nAli-Swift-Global-Savetime: 1774093978\r\nX-Cache: HIT TCP_HIT dirn:9:153801498\r\nX-Swift-SaveTime: Sat, 21 Mar 2026 20:20:51 GMT\r\nX-Swift-CacheTime: 142327\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547278244842e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3725,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 4-bit colormap, non-interlaced","md5":"ed8cac4ca749b2cbe46c0a55c49d7409","sha1":"b0149b35d3170c70808b08711110536ea8ef1333","sha256":"5d7327718fc6b613eed1852ed7e6b6838ef205f9f9e729ab023e48522f57f672","sha512":"b588176f88f0727907615b9f334ed10e6b0420acf9fbca5b51c587c6523f12eb4596d4a2e683a90267b73d1e90a7caf871194f6bd004b2091636a9090600a912","ssdeep":"","tlshash":"a8714abc0e1c8d7f9e66628bde8c986b48e9475938b9cf2c57c5945d0924210f4da100","first_seen":"2026-03-23T08:32:41.26665Z","last_seen":"2026-03-23T08:32:41.26665Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3706,"timings":{"blocked":3430,"dns":0,"connect":0,"send":0,"wait":274,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zhanzhang.toutiao.com/s.gif?url=http%3A%2F%2Fwww.9663.com%2Fdowninfo%2F38620.html\u0026token=1c07ce30b0df262e84cc43ad00917e246008be35d3aa4b8fc28d959eee7f7b82c112ff4abe50733e0ff1e1071a0fdc024b166ea2a296840a50a5288f35e2ca42","fqdn":"zhanzhang.toutiao.com","domain":"toutiao.com","tld":"com"},"ip":{"addr":"163.181.50.191","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:07.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.toutiao.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 19 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"62:2F:34:3E:4E:D9:67:3D:23:19:1B:4E:D5:E9:3F:E8:80:D4:3E:1F","sha256":"4F:DC:FA:38:D9:5F:06:C9:77:56:0F:7C:98:AC:9F:F3:80:63:E3:94:7D:3B:A9:85:D5:53:0F:38:14:E2:F6:51"}}},"request":{"raw":"GET /s.gif?url=http%3A%2F%2Fwww.9663.com%2Fdowninfo%2F38620.html\u0026token=1c07ce30b0df262e84cc43ad00917e246008be35d3aa4b8fc28d959eee7f7b82c112ff4abe50733e0ff1e1071a0fdc024b166ea2a296840a50a5288f35e2ca42 HTTP/1.1\r\nHost: zhanzhang.toutiao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\ndate: Mon, 23 Mar 2026 08:32:08 GMT\r\nx-tt-logid: 202603231632088B563F388986B3D6C277\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-tt-trace-host: 012be64705e92d23785059d199aa7821673098c70495e80250d5528d7c5dc5f1625726af863e104f723bf88b8335f90b74c3b6cd038c1d6c40299dd7dff2a8a9d14dcbcc1e2e6f7752e7c065df9a1affa3bc1d4a05634ee92c5ed600426f81c6a5\r\nx-tt-trace-tag: id=03;cdn-cache=miss;type=dyn\r\nx-tt-trace-id: 00-2603231632088B563F388986B3D6C277-6BDF2AC86BCDC812-00\r\nvia: ens-cache14.l2de3[323,323,200-0,M], ens-cache11.l2de3[325,0], ens-cache10.it5[339,339,200-0,M], ens-cache7.it5[344,0]\r\nali-swift-global-savetime: 1774254728\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 23 Mar 2026 08:32:08 GMT\r\nx-swift-cachetime: 43200\r\nserver-timing: inner; dur=3, cdn-cache;desc=MISS,edge;dur=19,origin;dur=325\r\ntiming-allow-origin: *\r\neagleid: a3b5329b17742547278693130e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T01:33:42.567327Z","times_seen":16400444,"resource_available":true,"data":null}},"time_used":1803,"timings":{"blocked":714,"dns":618,"connect":28,"send":0,"wait":374,"receive":0,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.9663.com/downinfo/38620.html","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T08:32:02.103Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /downinfo/38620.html HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T01:33:42.567327Z","times_seen":16400444,"resource_available":true,"data":null}},"time_used":1465,"timings":{"blocked":0,"dns":729,"connect":491,"send":0,"wait":0,"receive":0,"ssl":243},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/js/jquery.min.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.60","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.238Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/js/jquery.min.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:14:48 GMT\r\nVia: cache7.l2cn8428[0,0,304-0,H], cache10.l2cn8428[0,0], kunlun5.cn7174[0,0,200-0,H], kunlun5.cn7174[2,0]\r\nLast-Modified: Sun, 16 Nov 2025 03:28:27 GMT\r\nETag: W/\"db99912a956dc1:0\"\r\nAge: 4061\r\nAli-Swift-Global-Savetime: 1774250663\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:24:43 GMT\r\nX-Swift-CacheTime: 7180\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547242741258e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":95612,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65325), with CRLF line terminators","md5":"ce33c518fb3f50a5812cc2dbb3b89c3a","sha1":"a252827a6ae5919e929b4a9bbe53df26372eaf8f","sha256":"35b61dd9b256473893c9f95e8b9ec6c337239f0c9e214173b756d6fba18e3712","sha512":"5b16c121e7f58a5aea122286f6d422a4609f9b9549e0dab994f6c3ca1d15ca1ea32a08093b7fd9ae6b662cc6a14c42a889cda1d09ce5a68579d634b0c31cddc6","ssdeep":"1536:FNjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQe:FcqmCU3zhINzfmR4lb3e34UQ47GKt","tlshash":"da9307ddb2c6b06257ab70ba407f600ff236199d684d4400f169d4e9bc78a4e827bf6d","first_seen":"2025-11-18T09:52:04.728012Z","last_seen":"2026-06-13T11:24:29.944109Z","times_seen":10,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":322,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/css/info.min.css","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.240Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/css/info.min.css HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:17:01 GMT\r\nVia: cache5.l2cn8428[41,41,304-0,H], cache30.l2cn8428[43,0], kunlun1.cn7174[0,0,200-0,H], kunlun5.cn7174[2,0]\r\nLast-Modified: Fri, 21 Nov 2025 05:00:24 GMT\r\nETag: W/\"4afd35bfa35adc1:0\"\r\nAge: 3929\r\nAli-Swift-Global-Savetime: 1774250795\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:26:35 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547245302536e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":69084,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"92df6f250de9790f8c10fbbb77b688ec","sha1":"fb76f822cc875b2858cc906e526e70e9ffa9edc4","sha256":"25f369b05f839e8af437361c69a4d7386d35e3bdcc531e7cdd2b688a9d2b04d2","sha512":"3f3cf9962cf1d838f63f2f301f8ee044b4a74965dd5c2374c438a38e554cb44798c9b72734b114fb9813a8241db0fe2b44e78e7918f8dcd340afe4f6ba9bb2f9","ssdeep":"768:g6veFnWLEifSthyeFnTuuW8SFd84FhAQCYoV4x+TSiJ3FkFI2yI:gBhthyeVqNn5EbdVyDk3S22yI","tlshash":"1f6363a79b731a49b81e81a96f6a678233155083520fcebcbfc4b34c8f494d57472b8d","first_seen":"2026-03-17T07:27:49.17809Z","last_seen":"2026-06-13T11:24:29.912827Z","times_seen":9,"resource_available":false,"data":null}},"time_used":790,"timings":{"blocked":193,"dns":0,"connect":248,"send":0,"wait":249,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-8/20228111453451973.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.264Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-8/20228111453451973.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 42261\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sat, 21 Mar 2026 19:50:25 GMT\r\nVia: ens-cache48.l2cn9026[35,48,304-0,H], ens-cache11.l2cn9026[51,0], kunlun6.cn7174[0,17,200-0,H], kunlun5.cn7174[20,0]\r\nLast-Modified: Thu, 11 Aug 2022 06:53:45 GMT\r\nETag: \"83adb8194fadd81:0\"\r\nAge: 131528\r\nAli-Swift-Global-Savetime: 1774123198\r\nX-Cache: HIT TCP_HIT dirn:11:9673346\r\nX-Swift-SaveTime: Sat, 21 Mar 2026 19:59:58 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547266395503e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":42261,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"d5915eea2a9e1af7272e040446f91411","sha1":"732548730520240eda9781e74eefc7122d33e736","sha256":"cd40941d1cce151283fcbe02ff777245f032cad4816f15d739c0702e9e12d16a","sha512":"8e9f73ebd03f0e3312ce3ad883b7d7535c963fc8e58838a14a540d60add7ba312a654edd11431b8f3aa69bda0791b6086ee72c59ec09b7866bfa9611f27a5736","ssdeep":"768:O1XeLWuaKiXJQyUK+p1tb22w1+S23pwLWy7eTFizpTEnQu/W/by9bw6fR5+uK5gM:HgKiXKyUdpiR1yqFmFizqQq42bwIRYtT","tlshash":"d913f1de0259493db37913952fbd80defebf42453416ce60aabe5a6c9e8053834c417c","first_seen":"2026-03-23T08:32:41.269737Z","last_seen":"2026-03-23T08:32:41.269737Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2580,"timings":{"blocked":2277,"dns":0,"connect":0,"send":0,"wait":262,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-9/2022971543313521.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.265Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-9/2022971543313521.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 10423\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 12:58:12 GMT\r\nVia: cache22.l2cn8428[0,0,304-0,H], cache10.l2cn8428[1,0], kunlun10.cn7174[0,0,200-0,H], kunlun8.cn7174[2,0]\r\nLast-Modified: Sun, 12 Oct 2025 14:43:04 GMT\r\nETag: \"c1177e84863bdc1:0\"\r\nAge: 69860\r\nAli-Swift-Global-Savetime: 1774184866\r\nX-Cache: HIT TCP_HIT dirn:10:138440712\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:40 GMT\r\nX-Swift-CacheTime: 167406\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547267178768e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":10423,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"ac215f3feb597c9c97429258468b7579","sha1":"49de77fe26c8eeeceede3e2e43f529bd9309bc4a","sha256":"2082527655cf32570f749ffabece88ea6f33c1b2d5cfdda476530aee8afb7b77","sha512":"0d073baa1c7bf00ecce5d0c3223b1f888db3273dae0d7775015c58ad21f5c7fed4b218262a33dea0d052db19d2c185d430b6f8980b4fed60cd25fb85fa493ee3","ssdeep":"192:w8zxlp/pkI0iGMqiJud7TTBC+4ZupJzaswsT8KISMv5sNKwAerHyvXRMI53AzJxo:pLp/iiJuduZuosT3zHe6I5RaxXdqN","tlshash":"f622c15cd11232467dd722d316fbc8291cafbe794704a6d1a4970e7f87e71ab11014a4","first_seen":"2026-03-23T08:32:41.270712Z","last_seen":"2026-03-23T08:32:41.270712Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2609,"timings":{"blocked":2323,"dns":0,"connect":0,"send":0,"wait":275,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lf1-cdn-tos.bytegoofy.com/goofy/ttzz/push.js?1c07ce30b0df262e84cc43ad00917e246008be35d3aa4b8fc28d959eee7f7b82c112ff4abe50733e0ff1e1071a0fdc024b166ea2a296840a50a5288f35e2ca42","fqdn":"lf1-cdn-tos.bytegoofy.com","domain":"bytegoofy.com","tld":"com"},"ip":{"addr":"163.181.243.177","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bytegoofy.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 19 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"3E:44:54:E8:1E:67:87:C9:9C:01:D8:41:12:36:DD:65:49:E7:95:E9","sha256":"34:DC:66:D5:B6:92:CF:76:AC:9A:4B:47:FD:E1:99:C7:79:5D:45:7D:91:42:D1:22:91:D8:99:02:A1:92:DB:1F"}}},"request":{"raw":"GET /goofy/ttzz/push.js?1c07ce30b0df262e84cc43ad00917e246008be35d3aa4b8fc28d959eee7f7b82c112ff4abe50733e0ff1e1071a0fdc024b166ea2a296840a50a5288f35e2ca42 HTTP/1.1\r\nHost: lf1-cdn-tos.bytegoofy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/javascript\r\ncontent-length: 250\r\ndate: Thu, 08 Jan 2026 02:09:30 GMT\r\nvary: Accept-Encoding\r\naccess-control-allow-methods: OPTIONS, HEAD, GET\r\naccess-control-allow-origin: *\r\naccess-control-request-methods: OPTIONS, HEAD, GET\r\ncache-control: max-age=31536000\r\ncontent-md5: LqvsFUPQ989nqVgaBGwKgA==\r\netag: W/\"2eabec1543d0f7cf67a9581a046c0a80\"\r\nlast-modified: Tue, 01 Mar 2022 02:59:26 GMT\r\nx-server: goofy\r\nx-tos-request-id: 1a94675f11da4cf4695f11da-fdbdgdc02g26g12gg19\r\nx-tos-response-time: Thu, 08 Jan 2026 02:09:30 GMT\r\nx-tos-storage-class: STANDARD\r\nserver-timing: cdn-cache;desc=HIT,edge;dur=2\r\nx-tt-trace-host: 0112b9ef8bde719701813571d19ffdf6e495367897410867c9123449c0d21e36564426a7a495599ff3907553ea694fe0737b426451a9c15592bbf0ac2d9f80175f32ecbbc82bd0e76cded2322ab3ebbed1cf0e97bc7304e30eb41968546d05996e\r\nx-tt-trace-tag: id=03;cdn-cache=hit;type=static\r\nx-tt-trace-id: 00-260108100930291D207197BCFB0F6394-37B5A96E75749193-00\r\nx-tt-logid: 20260108100930291D207197BCFB0F6394\r\ncontent-encoding: br\r\nvia: ens-cache39.l2de4[0,0,200-0,H], ens-cache13.l2de4[1,0], ens-cache11.gb9[0,0,200-0,H], ens-cache20.gb9[2,0]\r\nage: 6416557\r\nali-swift-global-savetime: 1767838170\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Mon, 12 Jan 2026 03:28:43 GMT\r\nx-swift-cachetime: 31185647\r\nx-response-cache: edge_hit\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\ntiming-allow-origin: *\r\neagleid: a3b5f3a817742547270552016e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":357,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (357), with no line terminators","md5":"2eabec1543d0f7cf67a9581a046c0a80","sha1":"1457010948371965598eb8be176bca4782855a20","sha256":"76fe1175f0b9100429f6e06ee61f795e83c496c5700d0d897fb92137ccd31c54","sha512":"093331d877b8be12f7518d5123b3bf209032141c79015a10b12250d5b729dc2c9744c85a585bbb65e5f3a9de8bdd6e24685b42fa386550c9610b89d06bebe901","ssdeep":"","tlshash":"e9e0c0a23186e51f80e4b17e5c05f02cc2734b4f0931518c869e7084e239b714233af8","first_seen":"2023-03-07T12:03:34Z","last_seen":"2026-06-13T11:24:29.906402Z","times_seen":1272,"resource_available":true,"data":null}},"time_used":1782,"timings":{"blocked":876,"dns":731,"connect":26,"send":0,"wait":28,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/css/lightbox.min.css","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.241Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/css/lightbox.min.css HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 06:55:43 GMT\r\nVia: cache10.l2cn8428[0,0,304-0,H], cache17.l2cn8428[1,0], kunlun8.cn7174[0,0,200-0,H], kunlun9.cn7174[4,0]\r\nLast-Modified: Thu, 16 Jun 2022 07:57:24 GMT\r\nETag: W/\"571d38b75681d81:0\"\r\nAge: 5207\r\nAli-Swift-Global-Savetime: 1774249517\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:50:46 GMT\r\nX-Swift-CacheTime: 4471\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742547245715809e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2608,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2608), with no line terminators","md5":"767938d77eef356b1ba76c3897384948","sha1":"27f77d2a57bee715732b0fe219baa62768544a90","sha256":"6ae3e827093ff912ba2929226fdd8392ad58e6112466f2adbd2c2e72cd794a48","sha512":"1087b2cfc8f28052eeaf3e1104982d6f6c41711eee196b3a1abeaaca03e8c06d77bd895821a967e45c87f8337e75ade3c0fb5bdc3abea4b03dc9347eb81dc562","ssdeep":"","tlshash":"e251ee36b354701ef833d246b9d497d94668e1e3fa731faea248a132d1872543c37e88","first_seen":"2023-04-07T12:56:41Z","last_seen":"2026-06-13T11:24:29.941664Z","times_seen":1824,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":206,"dns":1,"connect":262,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/inc/download.js","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.249Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /inc/download.js HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/downinfo/38620.html\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/x-javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 08:17:52 GMT\r\nVia: cache7.l2cn8428[48,47,304-0,H], cache13.l2cn8428[49,0], kunlun9.cn7174[0,0,200-0,H], kunlun8.cn7174[5,0]\r\nLast-Modified: Tue, 02 Dec 2025 11:21:55 GMT\r\nETag: W/\"b2b91dd7d63dc1:0\"\r\nAge: 277\r\nAli-Swift-Global-Savetime: 1774254447\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 08:27:27 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742547246086144e\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":10750,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"690a534482bcb08712ffcfd93481200b","sha1":"401856e64e8c6ec0c073738ca994fcf2c7b2e9e9","sha256":"025e80930280cda9a6e4865e932336dcdb13ca82bc49430c64a926d1a0060d00","sha512":"19e8591d5f5b38353fd6da898b427912e03237f9edb1b2111c976bd70c7d35d217646fe74467e7592677ae23f2826af5e5124b7413845d9411f0ae75cd3d24fe","ssdeep":"192:XT/CRe5K8g94IUU2HCjAiUVs94oKJLNppJjq1o5ojJFV0jnbC6jbfeL:OAK8m1UjaeJLNpphC9QbO6jbO","tlshash":"333263843a9a356d539623152bfd4194eca790b35c4dc100f60c9dab3bf0e39e86fad9","first_seen":"2026-03-17T07:27:49.128307Z","last_seen":"2026-06-13T11:24:29.937606Z","times_seen":9,"resource_available":false,"data":null}},"time_used":566,"timings":{"blocked":-1,"dns":1,"connect":276,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/20221281439518038.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.253Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/20221281439518038.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 12484\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Thu, 08 May 2025 17:11:31 GMT\r\nETag: \"46ad633e3cc0db1:0\"\r\nVia: cache9.l2cn8428[0,0,200-0,H], cache16.l2cn8428[1,0], kunlun8.cn7174[0,0,200-0,H], kunlun5.cn7174[9,0]\r\nAge: 95942\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 141325\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742547261313085e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":12484,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"ae846e2b7e68cf2bf4b3459cd3fb12e0","sha1":"2a593c127816e1bf840dd2d32d6fcd7d5e8a7ff5","sha256":"0e8ab2b61594e0d9479890893055e29e35c38fd3d07b186fca9e528e90766765","sha512":"074f71b9823596c4c7fa6c2e134d3fdfe905c8961d26f92f90cf0747681285e4f2db6f13c89f8fbadeff61b6e44a303b4cede5012bfcdfe5535230ff7e527d3d","ssdeep":"192:Mi3Zk+9ypMm/+scQwuaPAaQl2+JMQR7UhdOx5V3Gek8YTaMf6vATs35J0jPYhCO:Md5pMpuB/ROYx1YmMivAu5J0xO","tlshash":"2442c0a0414552f3a37bb3bea600cef65610c765f10d52bc7e4997ef7129b783281506","first_seen":"2026-03-23T08:32:41.273629Z","last_seen":"2026-03-23T08:32:41.273629Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2034,"timings":{"blocked":529,"dns":0,"connect":1249,"send":0,"wait":253,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/os.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.218Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/os.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/info.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2394\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:28:15 GMT\r\nVia: cache23.l2cn8428[45,45,304-0,H], cache30.l2cn8428[46,0], kunlun6.cn7174[0,0,200-0,H], kunlun10.cn7174[2,0]\r\nLast-Modified: Mon, 25 Mar 2024 08:44:25 GMT\r\nETag: \"b0968a4907eda1:0\"\r\nAge: 3256\r\nAli-Swift-Global-Savetime: 1774251470\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:37:50 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547263515638e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2394,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 250, 8-bit/color RGBA, non-interlaced","md5":"f5bb94d0ab2ac2a20b201e9d97e6f6e6","sha1":"3e9173a79e4b5f3544de9a7efc51a325d737f2db","sha256":"b1714f27f19b4044d54ea48737097f9fa2e43821c45a187daf871e08ed22bdcc","sha512":"c172648f3db88684703ba755f4dd5ae2a9ca049f0ab66bdd51688c3a78ac669034e1dd3e21bb76aa5ce00150752cfa199abab8a15a4a26e6357e695740d9b716","ssdeep":"","tlshash":"d1413b87fad0ad46879ca8cb0f5f16008d75a88c096255f030f9f49e856e44a9056397","first_seen":"2025-07-06T07:33:32.552247Z","last_seen":"2026-06-13T11:24:29.907244Z","times_seen":30,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/2022120909285960531.jpg","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.246Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/2022120909285960531.jpg HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 42132\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 05:43:30 GMT\r\nLast-Modified: Fri, 09 Dec 2022 01:28:59 GMT\r\nETag: \"337f9c9c6dbd91:0\"\r\nVia: cache23.l2cn8428[0,0,200-0,H], cache23.l2cn8428[1,0], kunlun9.cn7174[0,0,200-0,H], kunlun3.cn7174[1,0]\r\nAge: 95942\r\nAli-Swift-Global-Savetime: 1774158784\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:38 GMT\r\nX-Swift-CacheTime: 141326\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742547262808652e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":42132,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 497x883, components 3","md5":"0e4c103b4cc787ea5fb1b561510c07d5","sha1":"33ba1830b28358e7717cbd7679dc86b7c16677ad","sha256":"2b83bd418cd000246d2da7e0e40dc9cc25031d418301404d17a755771300ac1c","sha512":"8b39b8e992c64ff347aa10f7d7dcbbcdd3061fe92a3b4d03b2cbee828f3a791cc87e51ceb1ab8607aff1dff134ee6c0d4e921a2a4fd8b814bbc216f1618d7eb5","ssdeep":"768:RI1EZSYOcxWbCJp6thNBAonZqP0Cc82I2PckkkkkkkRRZGuSztootOXPtZv880ca:RqQSEn4fPnMP0m2Pckkkkkk0/SzmWOX+","tlshash":"2313d1a3cd5589a5e95953702f7bbe270e679832f19138b630c8dfab44e9b4d1f05b00","first_seen":"2026-03-23T08:32:41.275066Z","last_seen":"2026-03-23T08:32:41.275066Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2236,"timings":{"blocked":1912,"dns":0,"connect":0,"send":0,"wait":284,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"pic.9663.com/upload/2022-12/202212715838287.png","fqdn":"pic.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.59","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:04.259Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/2022-12/202212715838287.png HTTP/1.1\r\nHost: pic.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 42049\r\nConnection: keep-alive\r\nLast-Modified: Wed, 07 Dec 2022 07:08:03 GMT\r\nAccept-Ranges: bytes\r\nETag: \"6e2a23a6aad91:0\"\r\nX-Powered-By: ASP.NET\r\nDate: Sun, 22 Mar 2026 14:28:05 GMT\r\nVia: cache26.l2cn8428[43,42,200-0,M], cache24.l2cn8428[43,0], kunlun1.cn7174[0,0,200-0,H], kunlun1.cn7174[6,0]\r\nAge: 64468\r\nAli-Swift-Global-Savetime: 1774190259\r\nX-Cache: HIT TCP_HIT dirn:11:165805554\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 14:37:39 GMT\r\nX-Swift-CacheTime: 172800\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742547271022144e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":42049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"155aa0b10147a2d59c9f0e5c5dfd2e7f","sha1":"220f3a49857c5f5e9a586eb5b966a42f83542f62","sha256":"510e291dca28faee00b10f4aa54a0dc5df937f023a0c544e9886c231c90044cb","sha512":"8ab36da0597a4e2bf5b48175c21ff0c7930450f6e3405c67cbc813f95dde57cfd760649023f3a0ff88ddc3a8198b69e175c3e273178786f19aaec67a92b5532d","ssdeep":"768:Zh0pEk2rqLC4di/1qKiBLrHixnGbymzCRxaJQ12IB7TjmsBMFvVm4tIAvskIak:Zh0ikqAbdIgFBKxnGbyPxai1tjmAwvV0","tlshash":"231302341237487060ed55fbb726a580701293cb694ef5aca671ceaee41ca5a84c4b3b","first_seen":"2026-03-23T08:32:41.276301Z","last_seen":"2026-03-23T08:32:41.276301Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3042,"timings":{"blocked":1303,"dns":0,"connect":0,"send":0,"wait":1693,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"pic.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.9663.com/statics/images/next.png","fqdn":"www.9663.com","domain":"9663.com","tld":"com"},"ip":{"addr":"180.163.146.50","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.9663.com/downinfo/38620.html","date":"2026-03-23T08:32:06.247Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /statics/images/next.png HTTP/1.1\r\nHost: www.9663.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.9663.com/statics/css/lightbox.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1350\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: sameorigin\r\nAccess-Control-Allow-Headers: Content-Type,api_key,Authorization\r\naccess-control-allow-methods: POST\r\nAccess-Control-Allow-Origin: *\r\nDate: Mon, 23 Mar 2026 07:22:17 GMT\r\nVia: cache21.l2cn8428[39,38,304-0,H], cache27.l2cn8428[40,0], kunlun6.cn7174[0,0,200-0,H], kunlun10.cn7174[4,0]\r\nLast-Modified: Thu, 16 Jun 2022 08:27:45 GMT\r\nETag: \"c88949f45a81d81:0\"\r\nAge: 3615\r\nAli-Swift-Global-Savetime: 1774251111\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 07:31:51 GMT\r\nX-Swift-CacheTime: 7200\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742547266076852e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1350,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced","md5":"31f15875975aab69085470aabbfec802","sha1":"777e92c050f600b4519299c3d786b8f2f459fea4","sha256":"15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a","sha512":"edc920dcd2f5ac9a6e08098c6a59f888a9cb135ff4ef3dc2183931e065b6531e00e2c8acd3c329a3d90eb939ea3db318a9b677b5aa78a227815373d7008d40aa","ssdeep":"","tlshash":"c221d8f1f658249b813a8279587be1602cbf985e31b4cb8709ddbb3323b5c04e102376","first_seen":"2023-04-05T16:20:30Z","last_seen":"2026-06-13T23:14:20.509457Z","times_seen":19723,"resource_available":false,"data":null}},"time_used":501,"timings":{"blocked":226,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.9663.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}