{"report_id":"195686fa-125d-46cd-af59-b53ff66f8d7e","version":0,"status":"done","tags":[],"date":"2026-07-01T12:23:36Z","url":{"schema":"http","addr":"j98x.vip","fqdn":"j98x.vip","domain":"j98x.vip","tld":"vip"},"ip":{"addr":"103.27.177.163","port":0,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"18114.xyz/home","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"title":"welcome-BET365","dom":{"size":421749,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (49981)","md5":"cef41ff85f1fabd0ef681d7ec5e08078","sha1":"1764b276e5357bd390a213f713f01d20c3819f51","sha256":"56901f5c004051eb9964bba1262d98684bd087fbdf838bc0825d075b7993342d","sha512":"982d6256226e3b3582d4ca93c5747220eca5c48eeba537dad9cb0906c7a5d16325b80a8b31ed67d64ebe2df8a3b0aec1f0492773adb18f70b30970aa6c21e370","ssdeep":"1536:K0fvv0ejv0esv0eVv0eov0eNv0ecv0euv0eMv0ePu3OUv0e3xJPhfbO1lJ1ThU70:nsu3tTO1l/TMIlPXS1VC","tlshash":"d9943cf4425c42f6e40b879dbc723d6136e230abbfc54608f3ad4ad19bf29c6d469852","dom_hash":"domhashe9592ccba0654e391ef36095af5ce573","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"j98x.vip","fqdn":"j98x.vip","domain":"j98x.vip","tld":"vip"},"ip":{"addr":"103.27.177.163","port":0,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-05T12:23:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"ssl.hw301.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"img.esportsdata.cc","ip":{"addr":"104.26.3.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-01","domain_rank":0,"first_seen":"2023-07-06T16:47:53Z","last_seen":"2026-06-30T17:44:48.681703Z","alert_count":8,"request_count":4,"received_data":68647,"sent_data":2320,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"j98x.vip","ip":{"addr":"103.27.177.163","port":443,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-22","domain_rank":0,"first_seen":"2026-07-01T12:23:46.18526Z","last_seen":"2026-07-01T12:23:46.18526Z","alert_count":3,"request_count":1,"received_data":174,"sent_data":477,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ssl.hw301.xyz","ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2026-04-19","domain_rank":0,"first_seen":"2026-04-22T11:08:02.807624Z","last_seen":"2026-06-26T22:48:03.952715Z","alert_count":1,"request_count":1,"received_data":253,"sent_data":545,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"18114.xyz","ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-28","domain_rank":0,"first_seen":"2026-07-01T12:23:06.162271Z","last_seen":"2026-07-01T12:23:06.162271Z","alert_count":0,"request_count":137,"received_data":8989569,"sent_data":78054,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"photo.365live88.com","ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2022-08-16","domain_rank":0,"first_seen":"2025-11-02T03:06:46.95373Z","last_seen":"2026-06-29T23:40:41.258747Z","alert_count":0,"request_count":42,"received_data":1203511,"sent_data":24486,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"18114.xyz/theme.config.ef94991b.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"90d279a2980268d2835cec593c23d286","sha1":"4374bf6da5cbdf8f025434137487bda68077cddf","sha256":"1679f19badc24dea0edab376edfb8583714645e18f705fb849037af6cf0b3ff8","sha512":"362ec1b73cebe1ad224a5b745c9ceebf2b86301deab27e35d6517d499499328b34c24d76a72e5b348d623e64a4d17bfa0ab08d2aa012f02af23c6a72df51817f","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWHA:qEtlGu1Jnz45HT","tlshash":"c0b3bb7ae20c963a6177a8bfb46ce111d12f9c0c9b1d5fdef03e60a25710669c831de9","size":108079,"data":"","first_seen":"2026-06-12T19:29:57.324936Z","last_seen":"2026-07-02T13:50:16.794515Z","times_seen":160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/45540.1781011881923.25dfba7d.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7983a109fba451279f84fe7b75724983","sha1":"9487dc955240c6083cf3497e806dff89bec2061f","sha256":"80bb5c781336a9095ee3e8ae99d724f58a409c7f3c159bf0f320a9c948afe030","sha512":"ddf49f5cfb4721100ef951228391607209e248a8733d48229ff5196fd8a32fc3e759d90c1040dd591b1c0bd97ab83a1c8baaffa70fa96bbe2d556af2379478b0","ssdeep":"6144:1YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:1YD4wFsYiSAKNH3TY5","tlshash":"e724f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229366,"data":"","first_seen":"2026-06-12T19:29:57.328205Z","last_seen":"2026-07-02T13:50:16.653931Z","times_seen":158,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-07-02T16:56:39.7618Z","times_seen":230959,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/home","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-07-02T16:56:39.7618Z","times_seen":230959,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/home","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-07-02T17:06:34.900522Z","times_seen":710113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/home","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-07-02T16:58:34.577622Z","times_seen":87351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/index-399e2569.1781011881923.9d909473.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a89a32dae8cc80557b581a69e02f0d02","sha1":"00f9cfeca127af0a139c0670ed8d2e2e7ccf673b","sha256":"6f97c8ce9605a8e9e80a699696c70ec26a4b9bce20badaa6947bf4e5ac52e9d2","sha512":"2ca5bc054575932085e6cd6529613a94f145aa9a3b7731fb85b97b27286a882043110ab45b7eb4673228185ce1560b47968d3aa7b77492f17abf82e778076a9b","ssdeep":"384:pZTANHmDGIaVPkrTBTcK8K+Ehn6A3zgJ9Ks/fT5qZsxbt85F3oWf0Af/nwtU8Zci:znDGIYPkPVf8K5hn33UnKofy5FYxAfPY","tlshash":"e2b2b6e63392bdb8c24f9676f23a58ecc43f9141c30fc4f8d265bd947d98644aa92784","size":23775,"data":"","first_seen":"2026-06-12T19:29:57.227313Z","last_seen":"2026-07-02T13:50:16.819311Z","times_seen":153,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/index-a3dad144.1781011881923.1093b11d.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0fc0f4a0379e369b442d93ffb72561fd","sha1":"497d95fced30bab2efe9ad3a561c35cd40ad5e9c","sha256":"da926a537d946d3158d41a8531082a740aec7a6a4e3b98599d35546182f20806","sha512":"ef5664991d7fb472281b2696b3b25a322bf51f9bcbccf2043f77fdb67ca9a84d90b893029e93bedea935724bbc4b58a77154b35ac40b15f8e691b539cc3102e3","ssdeep":"6144:LrbhFOufhu/LHEY/T8CPis7lVV4YlRlNsmq9D7:3zBw/LHEY/TBas7lVVhsp9X","tlshash":"ed742b90f76ce1bd875e55ff7a329094902c1b41b0c89e58d29e2944fe6b385eeb04bc","size":356584,"data":"","first_seen":"2026-06-12T19:29:57.253128Z","last_seen":"2026-07-02T13:50:16.656978Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-07-02T17:06:34.900522Z","times_seen":710113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/home.1781011881923.a94e73ca.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7ad9af47a2c0c93f65e42ff84b45dad7","sha1":"eed3b4bd1191c75416f457ee41317595880f8635","sha256":"c9d64aef33c7a35945a5963b08b2bc3157f403dc91a5c9c9463c82a0d4075af6","sha512":"757a63f9b96bc8a36491424f8e0ae9fd6813983817ab2da87bb3455e18b5cb5f71d5e682919941194e4a588bea925c790888e4d27f8531ee03c777c1e2c92678","ssdeep":"3072:T5daS9tSIMcewi8uJBuoMfqFf2GMkvVJuhxffj7TEOiGRlc:T5ES9tSIMcewiLQqFRmzffjAGHc","tlshash":"93141880b5f0e275575fc2a7d7371025b2271786d0ccac60e1f66b187e2879ab236db8","size":203243,"data":"","first_seen":"2026-06-12T19:29:57.277471Z","last_seen":"2026-07-02T13:50:16.706047Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/35142.1781011881923.1d227afa.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8325235b613820a57b71043f360e5b36","sha1":"925ff977edf9892e868d43915f93d29e6feeb113","sha256":"0c505f39a463b09ece16c213b7ead75186dcdc26d25ee02dcba5a62cc0dff7c6","sha512":"efd16c9b7ff0f806890ae77542e8c0d4e954f8c797ff21b8dcde3f240e4940ca3c6d0fe75ee2fda35bf53ff5d0eb691fa7e38cfdfa82c0f231b0cd57458fbcf2","ssdeep":"6144:N0hEyLkbJDb7w/1FOAmBm7cene7Ancbt8sbyAkKJwoSlt5MMjmlHGwwzHUY9SroE:N0hEyLkFDb7w/1FOAmBm7cenaAncbt84","tlshash":"8a742b94b290b17883af86fb731a91a1d24d0e9460ccace4f27e6e407f15746b8775ec","size":340163,"data":"","first_seen":"2026-06-12T19:29:57.248751Z","last_seen":"2026-07-02T13:50:16.706979Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-init-c0d76f48.1781011881923.0f397bb1.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"815f2acbd0918250f25d4f71409219b0","sha1":"d5778078df7eada22b3175f9182b8b22e828c433","sha256":"12a61f287da39190db34dff1de7188c3d8b76ffbd1c11290962db88fd5e2ab46","sha512":"5ba4adaf4b36b4a402c30c3aaa5be5f02e292391d79400d353a5ca6c61405cb40e5179858abddb1af6dad243899e420111e49004d01d339ce9de23d8f522c379","ssdeep":"1536:zG5qxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3Ns:iQz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"5ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","size":161226,"data":"","first_seen":"2026-05-11T06:12:53.502908Z","last_seen":"2026-07-02T13:50:16.638922Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/telegram.js?t=1782908593377","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","size":116886,"data":"","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-07-02T16:15:47.028132Z","times_seen":1469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/gd.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"368318100a3c0f64373230a250953d5a","sha1":"6e0d91639cafd23f1b22aecee332da83c70b93ea","sha256":"dffc9b203a19b9e70363f75f737b7afe2164d6b8c045800d4dd7931d9093aff4","sha512":"91077ca792821795a816a0ee1a9cef242bf2915c02402706c7bd5c027c62f4bc52517b6a5e3db9f4b873e5a3c9d652758cc277c1f5ba07dc12e0d69b4f6e9eeb","ssdeep":"384:bJA61XVpi5LH4NmeJPXwXkQdcAwR0Nw3zzbSGwYg1C:bJA6BZX+oJjzzgY","tlshash":"80721f4d68f7905345a3b03c8bafa114b5388643181cde457e9ce394af6843d97babdc","size":17440,"data":"","first_seen":"2026-05-19T02:14:56.346288Z","last_seen":"2026-07-02T16:15:47.015391Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2bbd69200a3d758f89e8076a123ed982","sha1":"dfe2d66f2d85ddc2008401ed15dcba3515392f37","sha256":"b79cd0c532adb639e6139c9394527b217982efdbff4969494986edacd943e2b7","sha512":"ffb7e75ea86b911ed842f7525c08ad5cd4ef5085736e757c47f3b4e09b3c9497dad089fae69953dd819f57b3ac1cb3a54ba037f9a8ad3fa37d7aeac9ac36bcb3","ssdeep":"","tlshash":"07c0c0770f2c7f14110310230174f3ac5431c028fc15b302331f40018b50b0d0c30e40","size":178,"data":"","first_seen":"2026-05-25T23:43:55.293244Z","last_seen":"2026-07-02T16:15:47.040871Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"da7d6cf21ba9b37cce394593785671f7","sha1":"aabeaf8e874da29cee7e1645707577446b8de63b","sha256":"6912a38811267077bd6dd2630bccd25ba04b653b4967a636d75a6ec97c5bd2fd","sha512":"9739d97867822d248e0083a78d8657485d85e70bbb7a75e0fccd283c2bdb980ded0ea78b1a4fb0540c529e602ba88286021df0553bb23e45fc91281f64a4db49","ssdeep":"","tlshash":"de31ce286eb29531a413612a1f6ff2843235d62f3148ef003f0cc7651f24d6ba6356d5","size":1686,"data":"","first_seen":"2026-06-12T10:00:06.928319Z","last_seen":"2026-07-02T16:15:47.047509Z","times_seen":177,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a15b4803f5b926cf35dd50ad665005e3","sha1":"0dd0dd998736dc9db4ab3c7ee8f7cabc8e1e341b","sha256":"201c5550359d1e530619f58a4f77bfbe382200e2b0c85d4136df96523aee625b","sha512":"e21d282a7abbc3b8aba31153d7969b54c647e3c2bc2f1c786a6f3894ee0322540fc37d99351e5d8998991198a98b26c470c16fef19e5627cff75e0a6157f6e2d","ssdeep":"","tlshash":"b7700000be08a0a80000a0202828080c280238a0803b03080802c8023aa8c80288a802","size":24,"data":"","first_seen":"2026-05-25T23:43:55.294961Z","last_seen":"2026-07-02T16:15:47.056171Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f54a6c689ae3fb37bcded37e79fea08","sha1":"0861325faf70167325da7dfd6b4059a6991136aa","sha256":"c9a960988ba6d8cfea2c7e709385252a139280898d9b4010703981ce03184a1c","sha512":"08111d473c9567e7da677c4a5e61e232f670b58e2bac4f1a1d96005b83214368e6bdcf36efa1b99aa4708beb8a11bb3378270d70d1a8faa3b2fbea3abb10b4e6","ssdeep":"","tlshash":"82700008ec0088ab0000a00028000cc8380a00208a3b838f8a00008a2ea28b0000ac00","size":24,"data":"","first_seen":"2026-05-25T23:43:55.29586Z","last_seen":"2026-07-02T16:15:47.057426Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"c45b02b1f350ecba8716f39faa1d6dd9","sha1":"323d186c69f92adfbf21ac33010643886a3ada59","sha256":"81d9bb79dfb8f66568da929cceb338198f5fb8ef0d422c9bc19a97944981d729","sha512":"6cb26d6b01335a5779cf876ebce242b675745c80857fe191e0f42b927c5b8c40ff0896f64e6c28640c9bc1d9380344c6282790f6a7341d5ab74eba28fe93f4d2","ssdeep":"","tlshash":"eb017d9e483788107b2225bd537f5089f1a2516f8e8bcc103c1e5b00eff48ab25a2bd9","size":738,"data":"","first_seen":"2026-05-25T23:43:55.296647Z","last_seen":"2026-07-02T16:15:47.058764Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"077d4be9ad272f7d475481152daff715","sha1":"2f46a2943ac225687c445e0416015d1f97b7f0a1","sha256":"8d289c243d18cc7608ad59bd1b5d4c5edc5a26521213972903495b5ce1f78ff7","sha512":"310f88318435a5cee999868c4f24f906af4f7ba99540a2a5bf79b68f1cc1dc5fcd84b3c45051e8bc2e8ad3e36873f746fbd95aa84b6b92a27a76c5c84fec37d3","ssdeep":"","tlshash":"ac41027d826245a51973346a1f9e730836f340b31149e9113e5c8a802fa9a5f82b7bfa","size":2321,"data":"","first_seen":"2026-05-25T23:43:55.297422Z","last_seen":"2026-07-02T16:15:47.060602Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e2d3475f1cf5b92ebde88c18cfb52625","sha1":"b178b44e61169b2fc5f25b0120206d3812b19cc1","sha256":"3a448e6329733e72eb2a1d80d1897a5ddf20226acbafb032eecdf71d83fe307a","sha512":"802939763c96de22534a93d89f00066ef7cd4cf58814954ebaa18ad6e77aaf19e99745c8a677625be818d3f378e5fe285ec537561be58e12504a1f3eaa23f363","ssdeep":"","tlshash":"00f0a00e0ee548131963706a4c0f9201203b2513414eea08bffe9bb24f92a6886174cc","size":538,"data":"","first_seen":"2026-05-25T23:43:55.298337Z","last_seen":"2026-07-02T16:15:47.061898Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"196e0f8d81dba38fb58a2eef3490451c","sha1":"4c70fb540d5f49bd92603d0cccd3005fea9b4c4f","sha256":"eabeb94d65d8704477ca411952b078a4fde998d61c9b3cb12b6940389dadfd90","sha512":"17596a9ca2ed22c2f13f6ec692ae8c32bc6aa1a1a4c7a888639c8ea5f2596a16efb37dcbd14bbc8b514c8bce98bc3f7ace246f5fdfe4070417cd670834883566","ssdeep":"192:q2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIS:q2VwiYwJvSoVXsp+pa/iZcVk97g6nMuQ","tlshash":"78322b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa54366297be7","size":11902,"data":"","first_seen":"2026-05-25T23:43:55.299247Z","last_seen":"2026-07-02T13:50:16.830274Z","times_seen":217,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"4429af1150d1fa3b53d1df1756276b64","sha1":"1921726e78a10af853be137ddf92f3d86deda32a","sha256":"2f7789347336fe8f5baaeba0f2285060e84c161bd59ee0aa3c7d8c47cf27d580","sha512":"416f1e1d8ee3a03067609ca187a88c5e3a77cb751e8769f902a12c6115e6394121254e4d60e469c50ade2b044dff176c0f7ef93912c563c510279de31d61823e","ssdeep":"","tlshash":"0c11cc5a99e28132aa5b303735bd43887728a023d184df413dcc99456fa8da5cabf6c4","size":930,"data":"","first_seen":"2026-05-25T23:43:55.300055Z","last_seen":"2026-07-02T13:50:16.831342Z","times_seen":217,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-svg.1781011881923.7ca9cdc1.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e885a50d7dc711be337a96fe33f0c2e","sha1":"8c767dd1bdcbf35f2577bd215ff6fe495cbd0f43","sha256":"603d14d58a247671742688b96c517d62e9c636443b960bc421af5352df4c01f7","sha512":"09289e06b0db84915693f0b78ab40149972b29693d0d6b1e66e4fbe9bddf00380f5f4e8e78961512d91a132226494572994ceade62d3d8a878126fdcdeb8fd95","ssdeep":"3072:/8nz2uaLZSZvx6Q/sIPrekK+mB6Ua94sRZI7gbpF/:/8nz2uasNxpXPrekK+mB6UHsE4pF/","tlshash":"c0a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":470763,"data":"","first_seen":"2026-06-12T19:29:57.244213Z","last_seen":"2026-07-02T13:50:16.795389Z","times_seen":159,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-common.1781011881923.b470d60e.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"08afa88982cffd7b96a2190cdafe1c42","sha1":"abb87563ff4cd658f4436118c54f3f39c08f74a4","sha256":"8673d3fc3524eb9d8b4020b3da3109aa5ab5e569ed8d0074f2b72b8643f813ae","sha512":"70c9df3dd7b3e3d41a607627c6a2750f43673649dbd55c7a56606a7d3e67382cb2991f146f7ad2359cc5ff1615f9db484b54642917150351017d0fa4385c3d2f","ssdeep":"1536:jBY8bgGcdWUa2UTY6eryXHuLmbErF/G7D1dMI59H64likx/vocGAClVbGD3tFk7u:jBYCRTY6wjFetH64liC/vocGAcgD3t","tlshash":"65f3e8c5b3a0f07e9a1ed53779331499b12f758274c87c60f1a1ade6bf1a704a436ca8","size":161286,"data":"","first_seen":"2026-06-12T19:29:57.317434Z","last_seen":"2026-07-02T13:50:16.624066Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/22872.1781011881923.153832d9.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9ee602f8eeb24db94a45e276eb229fd","sha1":"add3d7dea3c94842531e4e52db7b334a705c5e6b","sha256":"3d79813c4166473dcbe19eb56d456a226f183993f5aa4108a4fccae156001245","sha512":"8ad5674af4bbf338d1188a8108d0984786a4c94afddefbd592dbc428928dae301e40d4a936d73d0e29ba68989ccd13abee0988a8a6938495736115c80a53eae7","ssdeep":"3072:XHW7tB4Vgj5tNlxyU5YegxYffj7TEOiGzZl+DJVkzEcx1nKs:XHW7tBwgttXxyUtffjAGzT+DJVkzEcxF","tlshash":"21f31bd4f2c071f6475f45f2a22b0075b26f4d92318c98b0e15ba6597f21a48c7abeec","size":157599,"data":"","first_seen":"2026-06-12T19:29:57.267326Z","last_seen":"2026-07-02T13:50:16.64215Z","times_seen":155,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/31098.1781011881923.4108b3dd.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c55e2f7f495cd530603e700dd3bf229","sha1":"fdcabc58e872fde99b7d704711a75bc32cc2b8c8","sha256":"1c38b781ee4a302e955baab7d3306365881227cafc2814e1085f93f4ab0342d8","sha512":"94954c49e71bd95a7543f652e03bf68b5dd26d00b33c91eda9003ef81e37aa5735e846bc9322d52181550f0d010d125479a73d83dec0fe51fa0c4f2489108326","ssdeep":"1536:Z+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:sKK5sY4brG7O3SnLJNpL","tlshash":"6174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","size":352738,"data":"","first_seen":"2026-05-19T02:14:56.370466Z","last_seen":"2026-07-02T13:50:16.708289Z","times_seen":171,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/83749.1781011881923.02b71cf6.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c1d2645de169d30e7a814fdbd1c1a47d","sha1":"41959bb5171f196d813c4b3c27bb3135d993ff43","sha256":"a400126839acc7fff4ce08e50633afc5560f3eb3e8aae7ec697fff30423bd26a","sha512":"21e02eeba3e71baf0938766c7abf83b68a4f54b149ea679f43c221c429729dacd395ed0e54233ff22be739636dcaf0104cd58083c50df9b6c521fcb2c3e27419","ssdeep":"1536:lcK/KnqHB3vmxuHXvKe+Gruc7iSxTcgOX8JwTl0sI5pQiVFFsdt+H+Xk:rB3vywXSex7HYgOXawTl0sgQi2tkwk","tlshash":"3693e7c4b5f4f5f8279ec5a2973644b8b02527c5b1c8ace0d2e96e147f19b62b0718bc","size":91749,"data":"","first_seen":"2026-06-12T19:29:57.252198Z","last_seen":"2026-07-02T13:50:16.625901Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/initGeetest4.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","size":14975,"data":"","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-07-02T16:15:47.021047Z","times_seen":1024,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/21954.1781011881923.57c97863.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"35aef3c03c45b75cc6c2851265c30f23","sha1":"54874afc1d2d6391142418c6c17d7639247b6c9b","sha256":"c7a0283f3d2fde40ce97fe3bb5e79621f9939000c50c3c781a4597c3242ebae2","sha512":"f74356629d65ff26f6928ad3183ba8e6e01848921202f9c14c5aef758ef72acdcabf523209e892df42d230d9c87cb47cda7bd106105ed8447718fc502b2d71db","ssdeep":"768:U/aSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:z81R6Ipyk6o","tlshash":"33132088fac2b06dd3eb7330857f505ae66a1dc0668c5434e260d6917e7198dc1fb9f8","size":41946,"data":"","first_seen":"2026-05-29T16:01:53.086335Z","last_seen":"2026-07-02T13:50:16.763405Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/65246.1781011881923.03480a32.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b98dafd31fe547add2f96acf9bea9922","sha1":"e63706f4b83ed72ce8a0ffee74c7d606968bd280","sha256":"92014e9ab9f7e62a6651d0a69b63f69a84ed58e15ee5dd8e287d46b28fe610cc","sha512":"a676475f44bd6ec6ab9e7421deb8c29430404be3852f96d012418d03e9135d3ec450ee58b4871a4f8ed2a053656c9a9a6523853d6238d701144d9b72c6df8ab8","ssdeep":"1536:f2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVO:e+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAO","tlshash":"a673a501f78272385fa7e290220f2026e16e191505ac5ed8f179ffb93ef0954aa7d7b4","size":73415,"data":"","first_seen":"2026-06-12T19:29:57.345997Z","last_seen":"2026-07-02T13:50:16.657734Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-07-02T16:58:34.577622Z","times_seen":87351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/83876.1781011881923.7ce40e6b.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"abf84df30621edc23a82d05ff0b8a83a","sha1":"e727ad94ce5d5f5b8fabec0e0b5a966fb6e6594f","sha256":"c3b02d056ac034939c3ff75a10a2da23f5f05f96a36ca1e5cea2157ce0fe12be","sha512":"db2a2a00f51cc6f75cfcbb6d988df74403fae93255982a054710e5f87a2d8407f4f8f02fef8ef1a0e5edb289736296b2d11a3b77cad6c6d9089bb831cda45be5","ssdeep":"6144:0/rOTU2/xB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:0iUjytgPJPT3p2YpHrrL","tlshash":"2f442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f265f990be7555c927fbfc","size":262269,"data":"","first_seen":"2026-06-12T19:29:57.272405Z","last_seen":"2026-07-02T13:50:16.716723Z","times_seen":154,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/13575.1781011881923.cda1d494.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"65e5fffbcacf52710ad963a4aeede3be","sha1":"f9c16a3c86649aeacf18e736faacff0cf78192e7","sha256":"36f42498ee253b0d1d5e7ec8bdf406f05c4c91e72f64169b1ff67435d2069099","sha512":"96e8263c115ca75ff63f6ce70ba8ad5af370662f86c2f95a8960a5aa5a30ce4134fa01d7fbd1694ce37f111b69e3e418f0542a7ab1bae4cec570c8c3d8d08986","ssdeep":"1536:917BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:7jHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"23141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","size":194916,"data":"","first_seen":"2026-06-12T19:29:57.266361Z","last_seen":"2026-07-02T13:50:16.799032Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/configPage.js?v=6/9/2026,%2021:37:10","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-07-02T13:50:16.630556Z","times_seen":1935,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-init-1656f0b4.1781011881923.32336986.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"149a9a32eef525724cd200e4dce7a032","sha1":"29b091925cae6d90319391653e40685f6e6c5735","sha256":"10fcb7c4e44a141964cb31c527462c6e56f78d95c956fb02c50c61fc576cefd2","sha512":"62d80403786c13019e86e1c6b991d73cf52ff5bd25d4eeaec34ca12125d677604a269fc6c56ef301f074c42798f8e7935df623d6a0a62559d70749e53082085f","ssdeep":"1536:z2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCif9:z2twqhOIK2nCLdyACifMur06/D","tlshash":"6dd3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","size":136038,"data":"","first_seen":"2026-06-12T19:29:57.333908Z","last_seen":"2026-07-02T13:50:16.631571Z","times_seen":159,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/60024.1781011881923.e9a203dc.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac04ba4305a374571b2d241fe1f50dc2","sha1":"e559b9a0a338e35fb6605942f7d14e96c031ae71","sha256":"788282499d13bd0bb6207ed41a15a3d0b2058ca97003d1e1a872e81401f02aa7","sha512":"6edc613a3f8585bf6cfb8c034199265c1c1daf368d0d3a6e2c41bf441a334a7f93139c0b0fb4147b98264567be9b135fab3cbe923e8fe040ec553e9fec04c8ae","ssdeep":"96:UR4NFRSZqe65bD7RM/Rsxkw9usN6tKex9sX2NaenPdqUDDEz:UR4NFRSZqesbD6Rgks0RxeX2NbnPdqUE","tlshash":"3491cbd876d2f071426f9678862f285fe27bead074ccb415d1c1e690aef062d8933d68","size":4601,"data":"","first_seen":"2026-06-12T19:29:57.341024Z","last_seen":"2026-07-02T13:50:16.78167Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_set_header_colormap[actor:server1.conn0.watcher17.process8//obj31 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[color_key:map[configurable:true enumerable:true value:bg_color writable:true]] ownPropertiesLength:1] sealed:false type:object]","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13},{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_set_bottom_bar_colormap[actor:server1.conn0.watcher17.process8//obj32 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[color:map[configurable:true enumerable:true value:#ffffff writable:true]] ownPropertiesLength:1] sealed:false type:object]","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13},{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_request_theme","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13},{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_request_viewport","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13},{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_request_safe_area","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13},{"level":"log","text":"[Telegram.WebView] \u003e postEventweb_app_request_content_safe_area","filename":"https://18114.xyz/config/telegram.js?t=1782908593377","line_number":139,"column_number":13}]},"http":[{"url":{"schema":"https","addr":"18114.xyz/js/22872.1781011881923.153832d9.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.397Z","timestamp":1782908593397,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/22872.1781011881923.153832d9.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2679f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da22ebf44b9\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157599,"size_decoded":50860,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9ee602f8eeb24db94a45e276eb229fd","sha1":"add3d7dea3c94842531e4e52db7b334a705c5e6b","sha256":"3d79813c4166473dcbe19eb56d456a226f183993f5aa4108a4fccae156001245","sha512":"8ad5674af4bbf338d1188a8108d0984786a4c94afddefbd592dbc428928dae301e40d4a936d73d0e29ba68989ccd13abee0988a8a6938495736115c80a53eae7","ssdeep":"3072:XHW7tB4Vgj5tNlxyU5YegxYffj7TEOiGzZl+DJVkzEcx1nKs:XHW7tBwgttXxyUtffjAGzT+DJVkzEcxF","tlshash":"21f31bd4f2c071f6475f45f2a22b0075b26f4d92318c98b0e15ba6597f21a48c7abeec","first_seen":"2026-06-12T19:29:57.267326Z","last_seen":"2026-07-02T13:50:16.64215Z","times_seen":155,"resource_available":true,"data":null}},"time_used":2815,"timings":{"blocked":2356,"dns":0,"connect":0,"send":0,"wait":337,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/60024.1781011881923.0ab0fca2.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.437Z","timestamp":1782908597437,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/60024.1781011881923.0ab0fca2.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-1439\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da235639c5b\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5177,"size_decoded":1961,"mime_type":"text/css","magic":"ASCII text, with very long lines (5177), with no line terminators","md5":"a0ef4268641ef0b005737ce8cc0c4b44","sha1":"9bb50b9000a419e7a701392b0d7d6c992cf585bb","sha256":"f64c7a7e6ecd620d1c7f8cc67e1eda83a0a115a8d86f3954efdaba3c09d62e66","sha512":"07605ebd7e16aef28f0ad5ed406f29ea9b77e8ba6b2079c810aacf8faf0b4a8d18d4f7775c62860cbf6d4379729a60076103a4daa833c860ddebeee3793ccbe2","ssdeep":"48:ZSPkOO2s2L5Pukasq+nArLkrL4QuQKhUjUkM5P6CdRDRWURcWaTHR/:iOvyP2r4rEDFP61LR/","tlshash":"d1b1412f01703349641bad6807dc67098325d8b399eb37da259d2a0dcbc3f861eb718b","first_seen":"2025-06-26T16:31:28.933081Z","last_seen":"2026-07-02T13:50:16.799819Z","times_seen":2764,"resource_available":false,"data":null}},"time_used":708,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":708,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/bj1.17ef2db8.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.685Z","timestamp":1782908597685,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/bj1.17ef2db8.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:18 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-e5eb\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908598=GAanE3MTyvCft+u1Zs9dTOsHtr+YihbqhaSSj4y9i25rK99YQLzDUcMXhl9WdQHASD1Mrun/QRRw4Vb8z0tsbulHlefjU2SfAuB5tLPKuVF71VGh3OdVXRAwqvmTFU2e9DgB2Gob2yjW36RrlbtBbrqzS5bAVpI8FKqfanmQm5Zk6XuVI9SMMOte5dYkfO/p\r\nAge: 1493\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da238976745\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58859,"size_decoded":59599,"mime_type":"image/png","magic":"PNG image data, 1920 x 1299, 1-bit colormap, non-interlaced","md5":"59f1176bd542d042d8ddecbe4ab2cbdf","sha1":"7251e6f8bc0bf8bf3e62e892b34540f8259dcf9d","sha256":"b3bc2f14721d5f84900af66179eb6ad69a9c8d5a89eae36f877cf09fc9872603","sha512":"c4e7f1491686b72482ba26e34fd94496fc71bec2a35ba1d7cf67391e1f47f859465ad9f0c7d286bd35f9a26132fd80012a2cd2f8133cf1c6013db4f4d27a85d7","ssdeep":"1536:jlJ0Z4kwI3cG0YXIPf/OWcFOtk2bnIlfyMcw68vTbD8:gxbsGvYXd8OtTbIsgTbD8","tlshash":"004302d3b5e9f610dd38c157a3d1c9da504483be3e938d0bebbe402629fd56840a6f16","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-07-02T13:50:16.811647Z","times_seen":1790,"resource_available":false,"data":null}},"time_used":1424,"timings":{"blocked":593,"dns":0,"connect":0,"send":0,"wait":640,"receive":191,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/SPORT.aab253e7.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.255Z","timestamp":1782908600255,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/SPORT.aab253e7.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:20 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-d854\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908600=syPON+2Kz5+pRykBs4QtaE3NO1FRKks/0eGizB7WB32Nr07KwPVzJ7CMnD8avbVlnlwbqhKm+rPUp/B3oGXCDokK5efJr6SBT/hoCjDgyiNSx/NWCgTrn1JK2VXFeQ2d7IBy7u4ZEVcnVu0949VAH67PTEPPBpqJ7YUy/mSmLNgKKPCcQeowpq9SRGT324V1\r\nAge: 1491\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da2405275b1\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55380,"size_decoded":56120,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"3990a0dcf110f100c97ab413079e969e","sha1":"8087b72a149b71f4f5fc43b0f8bc07b89b621583","sha256":"6ddc189e7780b1313933d4903be9fbf6644b6a590e9aba83a6e4e50fdafb170e","sha512":"6b092584d42ec1423ecb94383907f29571e93308944813286d6e74b10f6eccb27536924220780f9a080dc259a095718a33f0757fc0adb04d737c83a6fa1647e5","ssdeep":"768:aEivx5zbZ4L0zze87wWbuKu4YIsZdCPX4ueh17yEs7NsGJSLsBQ1MDAaYHKJTbYC:aEi3eL0za8xbw4UmXI1VfJIRDYqz6W","tlshash":"bc43022944944c242384f1a6ac778dbc6dffa348a5f38f639a842bec7dcd84d95f4811","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.652231Z","times_seen":1691,"resource_available":false,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":290,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.363Z","timestamp":1782908600363,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.384Z","timestamp":1782908600384,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4ab6e425123646dcbafd1d3bfc188c4d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.383Z","timestamp":1782908601383,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4ab6e425123646dcbafd1d3bfc188c4d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 9151\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1570\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"4ab6e425123646dcbafd1d3bfc188c4d\"; filename*=utf-8''4ab6e425123646dcbafd1d3bfc188c4d\r\nContent-Md5: XPRnxWYSgsnY56kLVJDSOw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fk0V3w0_mvAUHNiycwOQ3Byml3cz\"\r\nLast-Modified: Tue, 19 May 2026 13:57:34 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: p6LfsFnDr\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: cfcAAABroDKAKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9151,"size_decoded":9905,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"5cf467c5661282c9d8e7a90b5490d23b","sha1":"4d15df0d3f9af0141cd8b2730390dc1ca6977733","sha256":"2620f36702a5f5cf99c0439697862f093cc421e0efb2d9175565ac6d771b15fc","sha512":"d80324da515d33c4114da87a123ad1b4221220ea0c7f26509ada02b4408e60a8764fbc287c7fd0eb1f24e847888f66da1ca7b50d02cf4674bdf3662738407268","ssdeep":"192:O/LbvfjmjLlFioWxKItBxDi/EXNSMK2ktQ8jFQ7tdAhm:szjLFTfNSGkZA9","tlshash":"f3129e43d328c08d59c12ead4fa41a3ce7a8d0a3d6720996e9b820a5dd07c9ddd0eded","first_seen":"2025-02-24T02:30:01.367488Z","last_seen":"2026-07-01T23:37:58.518956Z","times_seen":14,"resource_available":false,"data":null}},"time_used":2157,"timings":{"blocked":1875,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/73ad5c58b4ce421fb626991ec07232da?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.402Z","timestamp":1782908601402,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/73ad5c58b4ce421fb626991ec07232da?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 39113\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 51789\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"73ad5c58b4ce421fb626991ec07232da\"; filename*=utf-8''73ad5c58b4ce421fb626991ec07232da\r\nContent-Md5: 8ucsG+afwZkUX6IBdQdeyw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fl3qEnEIDSCeiPful0lEPf5Brvc0\"\r\nLast-Modified: Sun, 24 May 2026 20:40:44 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: wU1bqPkMC\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: yioAAABiJuXT-r0Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":39113,"size_decoded":39869,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"f2e72c1be69fc199145fa20175075ecb","sha1":"5dea1271080d209e88f7ee9749443dfe41aef734","sha256":"c3e9d6b10d07b2ccf69e1980d13570ff0292b30b54950b27cef4a3c8bc8d0e94","sha512":"c9c98b3e93e34590a6da57c536d36537896e98736eebc02deb7221f5e6f293a1b5dc17e071e6326038fa56ab9c458807cb21f8e42a4ad76f3afef03124110744","ssdeep":"768:GbXAYRhsJlnlNoO+PenstFdv9DzgaKCoYKYHHfidGuhRKD:kVeRlNoOHsfdCaegHHfgg","tlshash":"e803f2211ba56b893a21f5db130334e5c3494c6dbd05a642e98bd1ad0f3efe2b6790cd","first_seen":"2025-10-05T20:13:27.563383Z","last_seen":"2026-07-01T22:21:02.891196Z","times_seen":47,"resource_available":false,"data":null}},"time_used":2970,"timings":{"blocked":2653,"dns":0,"connect":0,"send":0,"wait":274,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/gd.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.375Z","timestamp":1782908593375,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/gd.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:14 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-4420\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908594=KWihkK54rCZL679Sz9tmy9MABdejSjUb9fWmH/K9x12QVu+NEhUsH2G4fT2DhqHScaJrOGbsHCTNE8lziyQYsh8YYexjNuPVE1bs8KtZsxuRmdziDnLyk0FfiiNFMQSh3/3ZzrNAJFstMZb6pi92EfXkkKVa6y991sZ6IXEq0Z7cdzYe42VsLKSnWqfs4M5a\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da228e96722\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17440,"size_decoded":5524,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"368318100a3c0f64373230a250953d5a","sha1":"6e0d91639cafd23f1b22aecee332da83c70b93ea","sha256":"dffc9b203a19b9e70363f75f737b7afe2164d6b8c045800d4dd7931d9093aff4","sha512":"91077ca792821795a816a0ee1a9cef242bf2915c02402706c7bd5c027c62f4bc52517b6a5e3db9f4b873e5a3c9d652758cc277c1f5ba07dc12e0d69b4f6e9eeb","ssdeep":"384:bJA61XVpi5LH4NmeJPXwXkQdcAwR0Nw3zzbSGwYg1C:bJA6BZX+oJjzzgY","tlshash":"80721f4d68f7905345a3b03c8bafa114b5388643181cde457e9ce394af6843d97babdc","first_seen":"2026-05-19T02:14:56.346288Z","last_seen":"2026-07-02T16:15:47.015391Z","times_seen":240,"resource_available":true,"data":null}},"time_used":1233,"timings":{"blocked":-1,"dns":0,"connect":292,"send":0,"wait":312,"receive":31,"ssl":597},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.350Z","timestamp":1782908600350,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ff5efc9e3a7d4127bb5a602919de0286?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.403Z","timestamp":1782908601403,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ff5efc9e3a7d4127bb5a602919de0286?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 55677\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 44580\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"ff5efc9e3a7d4127bb5a602919de0286\"; filename*=utf-8''ff5efc9e3a7d4127bb5a602919de0286\r\nContent-Md5: CsK9EkV9DvOLy4MgMMcAOQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FqZ88NUW51L0vF8QQ5gtvcnyFar5\"\r\nLast-Modified: Tue, 19 May 2026 13:57:39 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: gjVDcjUro\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: og4AAAD6rGhiAb4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":55677,"size_decoded":56433,"mime_type":"image/png","magic":"PNG image data, 517 x 577, 8-bit/color RGBA, non-interlaced","md5":"0ac2bd12457d0ef38bcb832030c70039","sha1":"a67cf0d516e752f4bc5f1043982dbdc9f215aaf9","sha256":"14606b45be88ff6a4af27dca285bc4b7c1b587cd903a0c31007205d04a54d42f","sha512":"f504dd2f7a1730af77db3b21cc1be3009d745c10dd8b69d54d5bba5041049a6aaf128e360cc93e94c15ec6f3306851f6e6ddce33715b11e83795ec5aeb0f0a19","ssdeep":"768:lZPPVcIqwp/ONQ7KSYX0Rm3hG4fTFVsFLhGk8LBTQsZ7F1X93Bm6qWKh9fZBcRuQ:l9tctdq7KXUmrhVGIk+/FR9A6qnLYHAo","tlshash":"094302fed34844d24fe31bddd5e26c9496e38623c35862846695d38910fbf4c1139d9e","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-07-01T12:25:27.321083Z","times_seen":24,"resource_available":false,"data":null}},"time_used":3001,"timings":{"blocked":2662,"dns":0,"connect":0,"send":0,"wait":272,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ca52b26ee2154c67b4a792795f2493bb?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.407Z","timestamp":1782908601407,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ca52b26ee2154c67b4a792795f2493bb?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 67785\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1390\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"ca52b26ee2154c67b4a792795f2493bb\"; filename*=utf-8''ca52b26ee2154c67b4a792795f2493bb\r\nContent-Md5: +yj9bC/PXOWUXSN59Jg0bw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FhrKqR3w9GthTKnrnI3ekFzeVObq\"\r\nLast-Modified: Tue, 19 May 2026 13:57:57 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: gONdje6zj\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: hNwAAABykmKqKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67785,"size_decoded":68540,"mime_type":"image/png","magic":"PNG image data, 245 x 244, 8-bit/color RGBA, non-interlaced","md5":"fb28fd6c2fcf5ce5945d2379f498346f","sha1":"1acaa91df0f46b614ca9eb9c8dde905cde54e6ea","sha256":"0f745712faf28225afc496de02d2bf51e9fa2fd233623ca77eb1f27b71e41386","sha512":"5bdb8b3051449949f5911902d2477791ca762a60114f3ceceb88164e9da790500c8d4938aae7fedac5b85921c638814a39899b163571cbf9e7f37f441313e585","ssdeep":"1536:lvF9zE8gUZnTdrf9W3KptPT/8E66eSDTiEp/g0uE4ifn38cftAq0Vmwt:l99zE8gUFhf9WqB8E669DTi0o0uZC3fS","tlshash":"b863029313e0b55fe385a29e2e22e36ef03d3976fc33647c191ca8254356187a7a1167","first_seen":"2025-08-01T05:00:14.144007Z","last_seen":"2026-07-02T13:50:16.651314Z","times_seen":52,"resource_available":false,"data":null}},"time_used":3269,"timings":{"blocked":2758,"dns":0,"connect":0,"send":0,"wait":304,"receive":207,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/bg.a361eb32.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.414Z","timestamp":1782908601414,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/bg.a361eb32.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":154585,"size_decoded":155356,"mime_type":"image/png","magic":"PNG image data, 1440 x 806, 4-bit colormap, non-interlaced","md5":"99b1c0992c5c7fcbeb3e6ce75735becf","sha1":"e1e2dcc54eb34548302d9208923bab6d4da105ea","sha256":"8c6cd08cd8723790e6437d3611731207afec106dfc0ef380e1d17b912ba987e7","sha512":"8f1c1d8db6b95a1c1f778f9b39a68992f6fc72563d55cd9ae1f0f813e271a0ce6b02af6e1a79e9f3300f4452b18184f4398d69784fd744e639c0eb71e9992648","ssdeep":"3072:oyf+LTZ3U3ouh50C1GhZWRITJnV+Y1yhJSErL3zHYjNvP2G/mNA:oyf+h3U33xGS4JV+lJSE/TSuGONA","tlshash":"6be312c43f60657471f1c11e0a84e9c304f37d05bba72ca36ab5a5d4d688f2af2a3766","first_seen":"2024-12-10T05:06:38.814606Z","last_seen":"2026-07-02T13:50:16.822917Z","times_seen":152,"resource_available":false,"data":null}},"time_used":2108,"timings":{"blocked":1014,"dns":0,"connect":0,"send":0,"wait":305,"receive":789,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/21954.1781011881923.57c97863.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:16.701Z","timestamp":1782908596701,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/21954.1781011881923.57c97863.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:16 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-a3da\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908596=pvFJUsf8pLm12V/hEni5BP/JswMFGcRv91LURibrWHeFm798h/RyC9pd85r1im2io8X4krCNhWRq6A7WcFRYGIo3zxvRoOqHCs5lH5OU3LunlEQ7xu175s3ZQrj2YazV3OdcvHP98+uV+E0/6CL5qGmo1b7FDC+2gEqTATYSbZUNgBKd0VnPAHDfa12X2k6S\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da23270749f\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41946,"size_decoded":9458,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41946), with no line terminators","md5":"35aef3c03c45b75cc6c2851265c30f23","sha1":"54874afc1d2d6391142418c6c17d7639247b6c9b","sha256":"c7a0283f3d2fde40ce97fe3bb5e79621f9939000c50c3c781a4597c3242ebae2","sha512":"f74356629d65ff26f6928ad3183ba8e6e01848921202f9c14c5aef758ef72acdcabf523209e892df42d230d9c87cb47cda7bd106105ed8447718fc502b2d71db","ssdeep":"768:U/aSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:z81R6Ipyk6o","tlshash":"33132088fac2b06dd3eb7330857f505ae66a1dc0668c5434e260d6917e7198dc1fb9f8","first_seen":"2026-05-29T16:01:53.086335Z","last_seen":"2026-07-02T13:50:16.763405Z","times_seen":152,"resource_available":true,"data":null}},"time_used":640,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":635,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/zeren.c0aa584f.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.706Z","timestamp":1782908597706,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/zeren.c0aa584f.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-cfa\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1495\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da247eb9c6f\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3322,"size_decoded":4051,"mime_type":"image/png","magic":"PNG image data, 414 x 130, 4-bit colormap, non-interlaced","md5":"217588cbcd6216a09cac17953ae710b1","sha1":"de250755d284bb75dcee38ee45f2fc839987dcba","sha256":"24c2821b322d0c9087bcb0727dc0307311f6cfbb52af9f8a93308e48705f706e","sha512":"da190054ec0862c9927bb3bd928481459d53d4d778e9b2928c2507f2a34df5791d43adda750fcf184b767c1ba3a3f92e45dc57242a80869e253a9b37639abb4a","ssdeep":"","tlshash":"50616c01eb9130b8129c286701bd3fcda4c64d993d203d798d87b29bd6f970d288b123","first_seen":"2025-08-29T11:05:53.326961Z","last_seen":"2026-07-02T13:50:16.632477Z","times_seen":1684,"resource_available":false,"data":null}},"time_used":4788,"timings":{"blocked":4495,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.146Z","timestamp":1782908599146,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: fPDK/Wr+oVA7WTz9lK4p1hYJXDgMB9Mt+/xTux2i6lSQsZI3WwUXdz+b+dlOdqPdg7EB/NF7MDqT80BlivwfPgdmcMMgHcnXfRJPrz5RCtzek1I7hRXMGkzEM3in+4ouipRGB354320Fca6GmXp6gyad0IdN2vGHs73BQyYJVkI=\r\ntimestamp: 1782908599136\r\nsign: o3a7p1g7t523g1eh\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:28:19 GMT\r\nCache-Control: public, max-age=300, s-maxage=300, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: 82db4e1fbf994ab2b705512a6b6d2622\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da23bfb5571\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34785,"size_decoded":35828,"mime_type":"application/json","magic":"data","md5":"b5c7a16f3864d23f70f7d9b042155aa7","sha1":"90ee91705bffad947a01b3da35aad700560b741c","sha256":"0c16baba935166d621016c137b4d5da74316a5419d2a6048bb62cf4d76ba70b9","sha512":"59580ba31bdce6526817ced6f95db00df60949a9f5f576721c347234d20446243a0a6ff63a7128707cad5fb6a56ffedd568d93dcffe51aeb80d9dc67b7853c2c","ssdeep":"1536:ONYaIoREIl5QAfUR5mC5vdf4d0qALKKMZx7V:5aQAI5vdqALKKoxh","tlshash":"6c33d1034610f7f0d2fa90eba10a27e05205ce9863dbaee5cb75e1642e5552e23cd597","first_seen":"2026-07-01T12:22:34.275622Z","last_seen":"2026-07-01T12:25:14.967997Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1050,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":624,"receive":426,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.352Z","timestamp":1782908600352,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.373Z","timestamp":1782908600373,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/89395d9d8b154a76b337676a3265f86f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.370Z","timestamp":1782908601370,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/89395d9d8b154a76b337676a3265f86f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/pay.8f35ebe1.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.705Z","timestamp":1782908597705,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/pay.8f35ebe1.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-154d\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da246bf9c6d\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5453,"size_decoded":6144,"mime_type":"image/png","magic":"PNG image data, 492 x 132, 4-bit colormap, non-interlaced","md5":"05d444b76263f6958a37ac82e45daa67","sha1":"a067d3a654da1ec4c51d8f049aabaa112183e355","sha256":"49166910b376f5487f30174e60fcf13aaaca9620ef1aa58cfb2c94a8c111ea8d","sha512":"7d276d57b068ec4a0125512e0781c501a96bf6c30b30304d247251190c6421a9ed7a03ec208a590d19d9a1183e3837b06d141bddd99abb7b0ee4e2a1ba28b28b","ssdeep":"96:u9g9Yof8+keuD1Kai/MXG5BHMsDiCNPFH/qX4iWXnqvcIzDRHSVyl07TrOKCm0R4:u9g9rJuYai//7FiSXnqvNYGmrOKcPwzp","tlshash":"74b18e749d6efb2a26b315c30d7499c21ea45c9e0d94f1c2244776963c732de3270985","first_seen":"2025-08-29T11:05:53.301829Z","last_seen":"2026-07-02T13:50:16.754278Z","times_seen":1687,"resource_available":false,"data":null}},"time_used":4495,"timings":{"blocked":4195,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/714ede11baf6431d8bb8f55f51319f87?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.375Z","timestamp":1782908601375,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/714ede11baf6431d8bb8f55f51319f87?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":110148,"size_decoded":110904,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"b1bffe8ccd68094d45efef840739b119","sha1":"8312d8a942938bfbbb6d3c8b0918e1eefe9d7dd1","sha256":"ffe99b93185332b51c8fbe610a6755926bd7b3973dcc6d1006a4f75a3b8fa102","sha512":"fd3642d343cbf22953f10c52bc46ed33d241b4f7a695ef7fdf96786e552f3487f7bfee2b70c494f82749577342fffead6a9e2bbb0df4d1c464fb22faa5ff9a5c","ssdeep":"3072:arCzvQ66FvlsGaFghqsHWqRYqcWjmKJP8:argI66FWfg4sHWqRYqFK","tlshash":"6cb302fb601b37a7e8bcacfc07a0977883adc445627ba15b97952f5c305ec51abc1122","first_seen":"2025-06-02T17:30:28.976639Z","last_seen":"2026-07-01T12:25:27.340995Z","times_seen":10,"resource_available":false,"data":null}},"time_used":2105,"timings":{"blocked":1345,"dns":0,"connect":0,"send":0,"wait":318,"receive":442,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/away-bg.00d4ba2a.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.413Z","timestamp":1782908601413,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/away-bg.00d4ba2a.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/home.1781011881923.a94e73ca.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:16.721Z","timestamp":1782908596721,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/home.1781011881923.a94e73ca.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:16 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-319eb\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908596=pvFJUsf8pLm12V/hEni5BP/JswMFGcRv91LURibrWHeFm798h/RyC9pd85r1im2io8X4krCNhWRq6A7WcFRYGIo3zxvRoOqHCs5lH5OU3LunlEQ7xu175s3ZQrj2YazV3OdcvHP98+uV+E0/6CL5qGmo1b7FDC+2gEqTATYSbZUNgBKd0VnPAHDfa12X2k6S\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da232827596\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":203243,"size_decoded":60718,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64174), with no line terminators","md5":"7ad9af47a2c0c93f65e42ff84b45dad7","sha1":"eed3b4bd1191c75416f457ee41317595880f8635","sha256":"c9d64aef33c7a35945a5963b08b2bc3157f403dc91a5c9c9463c82a0d4075af6","sha512":"757a63f9b96bc8a36491424f8e0ae9fd6813983817ab2da87bb3455e18b5cb5f71d5e682919941194e4a588bea925c790888e4d27f8531ee03c777c1e2c92678","ssdeep":"3072:T5daS9tSIMcewi8uJBuoMfqFf2GMkvVJuhxffj7TEOiGRlc:T5ES9tSIMcewiLQqFRmzffjAGHc","tlshash":"93141880b5f0e275575fc2a7d7371025b2271786d0ccac60e1f66b187e2879ab236db8","first_seen":"2026-06-12T19:29:57.277471Z","last_seen":"2026-07-02T13:50:16.706047Z","times_seen":137,"resource_available":true,"data":null}},"time_used":673,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":361,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.348Z","timestamp":1782908600348,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.357Z","timestamp":1782908600357,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.359Z","timestamp":1782908600359,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.369Z","timestamp":1782908600369,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ecdb97db8c7f480eb80ca9455133f8e2?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.366Z","timestamp":1782908601366,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/ecdb97db8c7f480eb80ca9455133f8e2?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/d126b7bebc5274eb5bfe3d2622b3ffce.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.3.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.400Z","timestamp":1782908601400,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 May 2026 05:13:55 GMT","end":"Fri, 14 Aug 2026 06:13:50 GMT"},"fingerprint":{"sha1":"7B:E3:E8:7B:91:D6:3E:9F:F0:F7:3A:7C:C5:7A:54:CE:9B:6E:14:ED","sha256":"68:DB:B9:F9:00:0A:BE:FD:15:45:47:19:18:DD:59:D1:DD:43:B2:42:8E:7C:EB:50:14:F6:0C:3B:FC:5D:CD:67"}}},"request":{"raw":"GET /202/1/d126b7bebc5274eb5bfe3d2622b3ffce.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 01 Jul 2026 12:23:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 30911\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"d1dccd264759aaef526bed1947090b64\"\r\nlast-modified: Thu, 23 Apr 2026 18:00:21 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18BDF942AEB85A93\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 89\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TXOrmG%2FbejFliK9Cbx%2B6swWd88xXyPUq0IIXONa1qZH%2B%2F8joixiaxZRz6CgPXkQVOTLaph4XRTX20ttpq20GMkQCYEugWi7aQ6muEVTTTurfbunwHbsvEahPy7SCRjnOaonkYQ%3D%3D\"}]}\r\ncf-ray: a14561a918f91525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":30911,"size_decoded":31860,"mime_type":"image/png","magic":"PNG image data, 363 x 376, 8-bit/color RGBA, non-interlaced","md5":"d1dccd264759aaef526bed1947090b64","sha1":"f84680cbe8cade7b75d08549e7fa538e05f26e6e","sha256":"178a1c9f721302ecc3a0836222fa562947f4090b4a02758ae8b02c6000a39e60","sha512":"14547827b938d81cce6f8bbe91853f902906c30dd78abe2cbad8a1b66481730c7e6dcf3ca16db7ea362e22aa0d99bbf33aff1ea9d7779911b24e7a685118815e","ssdeep":"384:gVu1XkBASZTs5SOqQRQsjJ7W7sepUqNf9VXScFNIpOIe0SZqNGVuilBoFDZcbeeJ:yAIZTw7jjJCdNF8CNcx4cUC0c4EIYYP","tlshash":"e7d2e1136530802c82f6eabc5dac72a45f7dfb1b9b2950e14a84bf4c0d739d1958dc1e","first_seen":"2025-08-03T21:40:07.663418Z","last_seen":"2026-07-01T20:27:58.373388Z","times_seen":57,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":349,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/configPage.js?v=6/9/2026,%2021:37:10","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.370Z","timestamp":1782908593370,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /configPage.js?v=6/9/2026,%2021:37:10 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 949\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:20 GMT\r\nETag: \"6a281710-3b5\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908593=QGdno2nkbhil2sQzcsIm7nkvCJY74Qjk9SEFrSfsUOERzYD9aF4Kk5XrPIhf2YHS9qEyJggi4cgFow9bTTckkJjXVy/Xtl63+UEpGPiPRChEnyC8jaFvn4/s2hRriLlw4ec6CxftDwGvq8wCEHZosHQiWwI+PMWlO+YD6FD1ro5sTBovrXDfKbRBegY0bMmm\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da2256a44ae\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":1622,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-07-02T13:50:16.630556Z","times_seen":1935,"resource_available":true,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":330,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/LIVE.88ccbf98.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.256Z","timestamp":1782908600256,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/LIVE.88ccbf98.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:20 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-f0e1\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908600=syPON+2Kz5+pRykBs4QtaE3NO1FRKks/0eGizB7WB32Nr07KwPVzJ7CMnD8avbVlnlwbqhKm+rPUp/B3oGXCDokK5efJr6SBT/hoCjDgyiNSx/NWCgTrn1JK2VXFeQ2d7IBy7u4ZEVcnVu0949VAH67PTEPPBpqJ7YUy/mSmLNgKKPCcQeowpq9SRGT324V1\r\nAge: 1491\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2405474aa\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61665,"size_decoded":62396,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"372d01a2bda7ccdca1e7966af39c2327","sha1":"d438c1947b711d032c5621a6b4b08bbbca2c338d","sha256":"4eac7be4c06fa607ef5e95789e3ead43806bfeff97872ed6567e3810f2f661bc","sha512":"9f04160df8696cf984cd77604dddaea73969479e4f1c5050e53351df7f11e85d8ecccb14ecb87dcd58bea0ba04d9ba5ea3f99c69a179ba88ad38d5416b7a94d3","ssdeep":"1536:jTjrlfQBxhFWiXt2lnJE9mARbSK0k2C8ve1HfarCtt:jH1QjwWUC9mA10jC8WZfaQt","tlshash":"dd53124a2ecc3a1f7bf21e5e06f286814d36a186d0f9ba5bc6e70ef1218521de0e4535","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.789758Z","times_seen":1678,"resource_available":false,"data":null}},"time_used":889,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":280,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.364Z","timestamp":1782908600364,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.375Z","timestamp":1782908600375,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/2c73a519621c4e88b1fe46487df45b2f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.356Z","timestamp":1782908601356,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/2c73a519621c4e88b1fe46487df45b2f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/2eac38e8ae994d599f5f081ae631ebd5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.388Z","timestamp":1782908601388,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/2eac38e8ae994d599f5f081ae631ebd5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 20072\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1869\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"2eac38e8ae994d599f5f081ae631ebd5\"; filename*=utf-8''2eac38e8ae994d599f5f081ae631ebd5\r\nContent-Md5: dp3LVcnizffEM7OS76s2cw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FuAumsL7WEueNi1i-wKaDXtT8c1J\"\r\nLast-Modified: Tue, 19 May 2026 13:58:00 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: L9qs27hFU\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: j5QAAABFA306KL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20072,"size_decoded":20827,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"769dcb55c9e2cdf7c433b392efab3673","sha1":"e02e9ac2fb584b9e362d62fb029a0d7b53f1cd49","sha256":"f94c1892229feae53060b5b1e0ea824550c5a7183bc42fb8a9de5e3391c099a1","sha512":"d6c746dc7eeceabc508ff0b2561ba509bb51a7c97114c9aabc0c232690385ef28215c63333dca0b9d6544cf42721f9cdc6b50f9d0aed9d7aa13dae285e042ca2","ssdeep":"384:Tecdy7fa5Mxp1ZwPAqgVrTOh+KZ/VIA8TgHFsKcs/EqkqMPrAqfvjb8:KcM7SWxe4no+qdNtisRPM1fvU","tlshash":"1592f230ff895cb7107b8eab4013e06bb06c71ecffa0e723e95855af5259264c2c2645","first_seen":"2026-01-21T15:19:45.491263Z","last_seen":"2026-07-01T12:25:27.383741Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2379,"timings":{"blocked":2065,"dns":0,"connect":0,"send":0,"wait":291,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/65246.1781011881923.03480a32.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.674Z","timestamp":1782908597674,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/65246.1781011881923.03480a32.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:18 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-11ec7\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908598=GAanE3MTyvCft+u1Zs9dTOsHtr+YihbqhaSSj4y9i25rK99YQLzDUcMXhl9WdQHASD1Mrun/QRRw4Vb8z0tsbulHlefjU2SfAuB5tLPKuVF71VGh3OdVXRAwqvmTFU2e9DgB2Gob2yjW36RrlbtBbrqzS5bAVpI8FKqfanmQm5Zk6XuVI9SMMOte5dYkfO/p\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da237f544e7\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73415,"size_decoded":19758,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48666)","md5":"b98dafd31fe547add2f96acf9bea9922","sha1":"e63706f4b83ed72ce8a0ffee74c7d606968bd280","sha256":"92014e9ab9f7e62a6651d0a69b63f69a84ed58e15ee5dd8e287d46b28fe610cc","sha512":"a676475f44bd6ec6ab9e7421deb8c29430404be3852f96d012418d03e9135d3ec450ee58b4871a4f8ed2a053656c9a9a6523853d6238d701144d9b72c6df8ab8","ssdeep":"1536:f2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVO:e+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAO","tlshash":"a673a501f78272385fa7e290220f2026e16e191505ac5ed8f179ffb93ef0954aa7d7b4","first_seen":"2026-06-12T19:29:57.345997Z","last_seen":"2026-07-02T13:50:16.657734Z","times_seen":137,"resource_available":true,"data":null}},"time_used":1415,"timings":{"blocked":419,"dns":0,"connect":0,"send":0,"wait":364,"receive":632,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/help.4e3cf897.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.700Z","timestamp":1782908597700,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/help.4e3cf897.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/index-399e2569.1781011881923.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2852\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da243ca74af\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10322,"size_decoded":11052,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"6dd52a6a4d07f2786b1926fac1b4b06a","sha1":"9c9908204401fbe65d33cf7df8881639d6aea37d","sha256":"e02471f47b506ab510d0e0dc4224cffc03c34f950b649ce347ccd71af0bcf0ab","sha512":"fdd52f532e5c2e2c182db20e2053eee0ca8c26cec51ff75e1bc341b01911461ac72fa75887fa3114188ba32aa6341c0974d81d071fc42b605e72f73dfb87ab9c","ssdeep":"192:x0C+pMwjX2XZ456BAJu+1KzdjCfDrRq6wUPlJyh2h4PAmWP5yQSkHxfYX32H5TRm:EjGXZau+1MjCrrRLlqGOnWcQSkRQX3IG","tlshash":"3822c054370836084f737a4362ac4e837a06040ffdf9b7919a6372659a5b94e44cfb66","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-07-02T13:50:16.643733Z","times_seen":1763,"resource_available":false,"data":null}},"time_used":3745,"timings":{"blocked":3439,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.328Z","timestamp":1782908600328,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 83944\r\nConnection: keep-alive\r\nEtag: \"cd3cf96ac48355aa8a68b4dd114b3511\"\r\nLast-Modified: Sat, 06 Dec 2025 06:32:14 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mMyfEEVhySier4BAiS5nN08Z9LtZlEWG3BFvTUc8RkFiINKKSnsBMmR29469hHbATddNNYn4x5ejIMnpAKO2RB9m3tulYP7juSHrhBQKAA3hrdiSZ1BOatf4eY7cuTyZP%2FRoCfH3u4aOTPwaJ9rn1GI%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1497\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d2cef4004d5-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da250b475c7\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":83944,"size_decoded":85091,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cd3cf96ac48355aa8a68b4dd114b3511","sha1":"344310d10f86fbdbc05ee7080d3ca849573ac9ef","sha256":"e9d91b84873b60fda60b6113151bcb7abb1225aa67f1d823343f611eac3c92af","sha512":"987cad3ea6ba2be77a3fd0904132cb11c1945e1e5556cdec550708d2e22c279398f951312a4029b369980af4ab0b30f4fd72ad5d38740800d6dd48938d323016","ssdeep":"1536:Ka0Pq9/ipy6cNgUraO4ysYwAcTa6bfr9BHltyI4VGeglGZVClKy:Ka0Pq9/hzvhsTAp6bhBH7QLZolKy","tlshash":"2a83128e457a2ceec4bf7de9267cf94f60ca5e31557b1add437826c5208b80cd227292","first_seen":"2026-04-24T23:10:16.791296Z","last_seen":"2026-07-02T13:49:21.879023Z","times_seen":440,"resource_available":false,"data":null}},"time_used":6742,"timings":{"blocked":4091,"dns":0,"connect":0,"send":0,"wait":333,"receive":2318,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202606/_webp_size1298x1156_317f68a9-d367-4c78-837b-bba9a02cccbd.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.346Z","timestamp":1782908600346,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202606/_webp_size1298x1156_317f68a9-d367-4c78-837b-bba9a02cccbd.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:26 GMT\r\nContent-Type: image/webp\r\nContent-Length: 104872\r\nConnection: keep-alive\r\nEtag: \"7225fe319e0063733dc28dc3cc064ba5\"\r\nLast-Modified: Tue, 09 Jun 2026 11:46:19 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1496\r\nCf-Cache-Status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ClboxJOChIxOG9LGceN31kePb3tPwlRnoA0tuSZ%2FvUujvqzXiGcSXqywqAAhnBXleMq5%2BLnG18wHXt8OBGBiVH%2FyZsDA5Js0ocj6M9jzm6qIMfkHHhyr%2F9iLBp8HNOjkn2BfioHT3dpdZcogSBJB5g8%3D\"}]}\r\nCF-RAY: a1453d3db9340cd6-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908606=nd9OCJcH8/j3gVTBw2Tu9HBCrF+FQb7dQX9jTPCs4+g182MnFTKwizyKV+Yy4RAo5Dz2xSKPHS4eew+KPCLIsWVADI3ktcwCFWR6yXc3CefMoF8EOp8P3VD/H05ZtdK7ZGKjiGiErSPLYm8ISdBg7pom4oao8b35+nXpD4MiRQ2ZSLU2ccVeTKUsKuf3sMJH\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da259046775\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c778976a05964777b609ee59a581545c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.390Z","timestamp":1782908601390,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c778976a05964777b609ee59a581545c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 52526\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1719\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"c778976a05964777b609ee59a581545c\"; filename*=utf-8''c778976a05964777b609ee59a581545c\r\nContent-Md5: XucUm2TcZUx/ouQ8egzxLg==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fo7cS2zfNNcBX6IKm_95s6n7aH45\"\r\nLast-Modified: Tue, 30 Jun 2026 15:01:28 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: a9b6eXlmD\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: U60AAAAUm2ddKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52526,"size_decoded":53281,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"5ee7149b64dc654c7fa2e43c7a0cf12e","sha1":"8edc4b6cdf34d7015fa20a9bff79b3a9fb687e39","sha256":"c55e8e4f20df19f42551efc40dca6af0646f49e2199b26967c414f259c80b28a","sha512":"e471f00a6e3adfa428d7f866a72d3476bdd9d246fec8969fd74d799787d583b552783f25163eccada4df3250e330f22db05d1b2e02f8becdeb3f587c8d790b8f","ssdeep":"768:1WyVkf5LTCELIJORK6f5hMY95uMgRFFZ9+cNJsDVnhnE2dauEt9+bVU8GWuScE:11cBT+HKP9zuM+N+UJsDcS+eVUGuG","tlshash":"3e330272584fdbfd9ffc0a5e149edeb7a42c16c73b82754acc9500124c3f2d29aa9092","first_seen":"2025-01-29T13:39:14.784045Z","last_seen":"2026-07-01T12:25:27.333387Z","times_seen":64,"resource_available":false,"data":null}},"time_used":2656,"timings":{"blocked":2147,"dns":0,"connect":0,"send":0,"wait":315,"receive":194,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/82d769a30cd640cc8ef2444bc205dde4?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.406Z","timestamp":1782908601406,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/82d769a30cd640cc8ef2444bc205dde4?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 41672\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1390\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"82d769a30cd640cc8ef2444bc205dde4\"; filename*=utf-8''82d769a30cd640cc8ef2444bc205dde4\r\nContent-Md5: EZNq+v8IVVqtDxeSezilzA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fghh-xoTKg8SIVAVMGRAFbvTpkfA\"\r\nLast-Modified: Tue, 19 May 2026 13:57:57 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: bolzwrYAw\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: 5HwAAAA3tF6qKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41672,"size_decoded":42427,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"11936afaff08555aad0f17927b38a5cc","sha1":"0861fb1a132a0f1221501530644015bbd3a647c0","sha256":"e39e3222097516a82de3b8df145dd21ec952d948e8d06e1111cf139a54ec04ff","sha512":"741e773f91f82f5a7a9999a61d631f3314ef9153aa6e59eba3abfa2da247aebe559f5f73307c52c53d816be2a877f7679ec5e65aeb68f3dfb5b4a7a73f203803","ssdeep":"768:w2xVmce5GaoHzRVAfdSeLAErOa/ICeP+i1f08M8+W4xlVnrgfNa:3x1n/AfdSyrXDmf078+flVr8Na","tlshash":"b213f10411e02c11f165c694347a438babf7e7c8afcb05caddba416ecfd64d8320e982","first_seen":"2025-03-16T06:48:52.329775Z","last_seen":"2026-07-02T13:50:16.782542Z","times_seen":61,"resource_available":false,"data":null}},"time_used":3120,"timings":{"blocked":2713,"dns":0,"connect":0,"send":0,"wait":291,"receive":116,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.680Z","timestamp":1782908599680,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 36728\r\nConnection: keep-alive\r\nEtag: \"52398a59ef91dae075d096fc4ff3afd5\"\r\nLast-Modified: Wed, 10 Dec 2025 10:48:28 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xAHvatZ%2FrYQb6SWf9HcJxnJh6w5hUQGDmp6wsD7VdMYk4cBX%2FIrb62h5qrl%2FRGrdwCRrnWMQKJLeOdLIjFtcKaPZFoJp2pQ4IK1H1onUTjcdwtJhw4%2FMcWZ1k2qZAIbyK54TBVjQXWPN21huaxsubcU%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 5065\r\nCf-Cache-Status: HIT\r\nCF-RAY: a14561b76cda0990-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da24e6d557f\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36728,"size_decoded":37884,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"52398a59ef91dae075d096fc4ff3afd5","sha1":"715ca96c95f7b75bd6343de6602afcc7e7ccf18f","sha256":"2e8e6e9cbe50fbf5f51840e5623faf0f36db820671ff2be4b6b081cb1291e12e","sha512":"c07a7de6ef0d1d3354bcadee066770459b970a5055407f504cfdabf079769658313aa63c703e8368197fd058aa17ef6dcb3370f91b189afa43ca1d9fdb4d348e","ssdeep":"768:sBvs73CSqIdqVjockR0g1C89hQMFd0gAgojNSB5uZE259v14vG:sBvs7vDacRR0g1C89hV0gA9SBgn59NSG","tlshash":"7cf2f173d312052e65293ba2aa1c6b7b2cff7e34c77d82d150a278570d01adb07ac764","first_seen":"2026-04-24T23:10:16.817294Z","last_seen":"2026-07-02T13:50:16.812302Z","times_seen":435,"resource_available":false,"data":null}},"time_used":4922,"timings":{"blocked":4187,"dns":0,"connect":0,"send":0,"wait":718,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.326Z","timestamp":1782908600326,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 148768\r\nConnection: keep-alive\r\nEtag: \"2c43663cd3eeae27a4e751556307f507\"\r\nLast-Modified: Sat, 06 Dec 2025 06:32:06 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mHTRnliV8keEL0mmhu6A%2FSHey4pqVu98OZV5aGE2QuLsfuAmuiSprlBpdnrtCs9kT0mE%2B8YgHipWromExnc9G6z9sLVap1MIHIrVV0cfZvnIhc%2BAUk7GBBfyMM9Y7uYeIFxu9iEhxyQ%2FxqZLHk3mwJk%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1497\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d2c9d9036f1-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da24ee04fb0\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148768,"size_decoded":149922,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2c43663cd3eeae27a4e751556307f507","sha1":"231f268ff0432bf21cea23c1a2cc12003c10f7be","sha256":"cdd625ad600403b36dcbcf589300926ee189bf9d47b2cc2c0715f91c5f6968a5","sha512":"d9ba3dcde4fcd162ea361339bce1c4b8313875af3fe94297a7a55cb8d245e815421dbfb9e5017c19e6a6d50b5ca654e02a326190c2e300b0fd369aa245726567","ssdeep":"3072:IgpSjBxCU8A3MroXYq21tKxGDaxxoyg4KtBHs7T8YMA4q8B4:IgpSjBGYuOYqGKx7ygoBqT8Yln8","tlshash":"3ee313b7f29017bdda91ca376b9f02f832041f64f4077e34a5509801839daada2bb572","first_seen":"2026-04-24T23:10:16.7755Z","last_seen":"2026-07-02T13:50:16.640522Z","times_seen":442,"resource_available":false,"data":null}},"time_used":6249,"timings":{"blocked":3653,"dns":0,"connect":0,"send":0,"wait":671,"receive":1925,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.347Z","timestamp":1782908600347,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.361Z","timestamp":1782908600361,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d27b144b9b5d4d5ab84fe04fdc882d01?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.373Z","timestamp":1782908601373,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/d27b144b9b5d4d5ab84fe04fdc882d01?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.356Z","timestamp":1782908600356,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.376Z","timestamp":1782908600376,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/d6bfe8f059085fb3b976d0680c87add1.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.3.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.398Z","timestamp":1782908601398,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 May 2026 05:13:55 GMT","end":"Fri, 14 Aug 2026 06:13:50 GMT"},"fingerprint":{"sha1":"7B:E3:E8:7B:91:D6:3E:9F:F0:F7:3A:7C:C5:7A:54:CE:9B:6E:14:ED","sha256":"68:DB:B9:F9:00:0A:BE:FD:15:45:47:19:18:DD:59:D1:DD:43:B2:42:8E:7C:EB:50:14:F6:0C:3B:FC:5D:CD:67"}}},"request":{"raw":"GET /202/1/d6bfe8f059085fb3b976d0680c87add1.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 01 Jul 2026 12:23:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 20390\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"bdaedc9cbcf85cee35fde58a872a8f64\"\r\nlast-modified: Thu, 23 Apr 2026 18:00:21 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18BDECC297A389B9\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 89\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VZrLpUXTlAj5xwLygEdkUSLcDtlr8y3qIGi6ys0RMnrrpujfgBK20yh%2FAxMZvS%2BOuMY1pGG1UWve4BWV%2FY9r4Tw1io4hsiyN584JlT94oFOqUo%2BwoTevfv%2Bsp4VwleiAW6D9gQ%3D%3D\"}]}\r\ncf-ray: a14561a918f41525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20390,"size_decoded":21341,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"bdaedc9cbcf85cee35fde58a872a8f64","sha1":"02f1774392704fe12232a259d20b60760510d64b","sha256":"60ad9ad9799af013eb90aabeff1c48d4fae494efa4a773be1bddae1782f99f12","sha512":"90465252b91a7f49bc857549168e6cb0398bd8541c25be2686c784159594b30b6706b3ecacba1b298711bca7850664f84c081a41755e23eb23336abb0efd23a6","ssdeep":"384:8wrR6z2eAMCt7qWVO+u3QTyXlc/9U0g6ifc8jH5TXUZc1uhcCK1JvwOc0cHYFRy:BVwituQO+ib1f6ifc5Z+wcKx0wURy","tlshash":"1292d031073b9170804e4d6eb16366acf091f3919929794f9cb4a1ccc52ffe0aa94a1d","first_seen":"2025-07-09T02:40:53.590732Z","last_seen":"2026-07-01T12:25:27.366573Z","times_seen":77,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":333,"dns":0,"connect":3,"send":0,"wait":9,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-init-c0d76f48.1781011881923.0f397bb1.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.388Z","timestamp":1782908593388,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-init-c0d76f48.1781011881923.0f397bb1.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-275ca\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da22bd844b6\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161226,"size_decoded":53264,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"815f2acbd0918250f25d4f71409219b0","sha1":"d5778078df7eada22b3175f9182b8b22e828c433","sha256":"12a61f287da39190db34dff1de7188c3d8b76ffbd1c11290962db88fd5e2ab46","sha512":"5ba4adaf4b36b4a402c30c3aaa5be5f02e292391d79400d353a5ca6c61405cb40e5179858abddb1af6dad243899e420111e49004d01d339ce9de23d8f522c379","ssdeep":"1536:zG5qxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3Ns:iQz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"5ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","first_seen":"2026-05-11T06:12:53.502908Z","last_seen":"2026-07-02T13:50:16.638922Z","times_seen":162,"resource_available":true,"data":null}},"time_used":2359,"timings":{"blocked":1616,"dns":0,"connect":0,"send":0,"wait":357,"receive":386,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/partner.dca3fc6e.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.704Z","timestamp":1782908597704,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/partner.dca3fc6e.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-7129\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da246be74b3\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/LOTTERY.4e81790a.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.260Z","timestamp":1782908600260,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/LOTTERY.4e81790a.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-e929\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1492\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da244bb4fa2\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59689,"size_decoded":60429,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"f86c9671c7aed55212fe0eb5219a664d","sha1":"6e765dfb0ce3c646d8c808940071554e78e7d409","sha256":"4ba3fff550a17eff9585d6acbc4a96bd515149510f6a8bb7638985fb4b41a181","sha512":"706aa66f138a3459eaf34f5b7a8ffed3dfacecec6adf14a2e83f1149143cfbb059f97aaaac2032587a80c0e30c62e5b46b07b4dc6f3cf5925e6e1db2a8ed45d6","ssdeep":"1536:Cyp1EBaRnsFt9ZXZj0wEYsRvqm1waPbZsY:CLB+sFtzXN0w2ym1fFsY","tlshash":"914302f36beb0bc5b07adbcf4ed354f0067a71496b42dcd44f4120e61ea6199bac420a","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.815173Z","times_seen":1674,"resource_available":false,"data":null}},"time_used":2159,"timings":{"blocked":1125,"dns":0,"connect":0,"send":0,"wait":654,"receive":380,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.335Z","timestamp":1782908600335,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:25 GMT\r\nContent-Type: image/webp\r\nContent-Length: 112700\r\nConnection: keep-alive\r\nEtag: \"62970d9f3c6d5069ad898724c19a4277\"\r\nLast-Modified: Sat, 06 Dec 2025 06:28:28 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4WoEZ0XPDZ8acG2MaF0VptKl6WxZhTQ23IKwmGQuDC0nSHY6GyLG0ubusJvkLi984OxNWjNivW7q7xlViZNM1CPt8d5roE5HDvTWnQvEDiiYOoEblwUoeA%2FkwGFhOVxz0s%2B%2BxySQAc883xQzCFpqOCo%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1498\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d2d5c4e035b-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908605=rl9fHSIY8CX3nBFMwcz5hHAgtcnAILDmt63yQRZj/5h8SgT8CpoVtOcxJ8FTz6zkTPg2Jhk0HreHVFPoTTuKAGYYTsqccuWfa38FkfTS2guWTohMUW/xQFy5dK1gc+p8PoIMETXRp+eQpLSkZgRyhz2JRVfQrqgIdnEkFMfe+Ej9qZ36pRTwerk+7lrF0/I2\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2547b74c5\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.351Z","timestamp":1782908600351,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.370Z","timestamp":1782908600370,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/dbbd348cda8448908cdea8a80917c642?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.382Z","timestamp":1782908601382,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/dbbd348cda8448908cdea8a80917c642?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 28505\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1720\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"dbbd348cda8448908cdea8a80917c642\"; filename*=utf-8''dbbd348cda8448908cdea8a80917c642\r\nContent-Md5: pxmjQobiuxE9brXqH1hKxg==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FjnEZ1MSUQHwqTFePR23BMgv8Vat\"\r\nLast-Modified: Tue, 19 May 2026 13:57:34 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: FiRbrqw2L\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: trkAAAB3V1ldKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28505,"size_decoded":29260,"mime_type":"image/png","magic":"PNG image data, 224 x 225, 8-bit/color RGBA, non-interlaced","md5":"a719a34286e2bb113d6eb5ea1f584ac6","sha1":"39c46753125101f0a9315e3d1db704c82ff156ad","sha256":"d7c7636bb78c1fb01e7d9eded3c5954f3f99c2ad35f2b72f973965628ca75b22","sha512":"cab2e5507985ad6a0e54a5862f4bd25ddceb98c32e4dd08985736200693ee4b1d27165546088ab4bcee49e942e40a46f76823600ea3692259fb859f4ec59b380","ssdeep":"384:9diy1Ixc3Gq4Ygu8dKVi5fQ1IlTkusl2I4nUavu8RYsp6Yvf6dJp2v+YJhQwLRCD:fizPYlIRmlR4eaZn36hZW5Rub","tlshash":"5dd2e1ed292466e147d5838cedba062075b3ad58c5236e7c9cfb253f16370e19c62b83","first_seen":"2026-07-01T12:22:34.477116Z","last_seen":"2026-07-01T12:25:27.30865Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2067,"timings":{"blocked":1702,"dns":0,"connect":0,"send":0,"wait":299,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/69d72113b41e43c5b3d7f4073843de95?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.386Z","timestamp":1782908601386,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/69d72113b41e43c5b3d7f4073843de95?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 15255\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1870\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"69d72113b41e43c5b3d7f4073843de95\"; filename*=utf-8''69d72113b41e43c5b3d7f4073843de95\r\nContent-Md5: hTPvGgbGQn2/ZJ9MXzUVAw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FgeoFdy1G5Bb6FhALsnY84_-MGsc\"\r\nLast-Modified: Tue, 19 May 2026 13:57:59 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: wI0R3LAgc\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: OlAAAAD4Z2I6KL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15255,"size_decoded":16010,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"8533ef1a06c6427dbf649f4c5f351503","sha1":"07a815dcb51b905be858402ec9d8f38ffe306b1c","sha256":"3d42a71fa6e5403028e4a6df46cda124927e33dd8858c58b4e76677460ec0221","sha512":"c41611c5331c5c316048904890efecd9cda2243db9182a301e5342a291ac8719730fa5ddb692fe783aa6c26e797e8ecada184b72c8423da0ba8c04cae80775ba","ssdeep":"384:6OYoSMQlQQ6AREWby6M7RIXrsCLccXY5fdvaYQcFvOlDm:oMRXIDBMGXgCb6N9OFm","tlshash":"7362d071bb87252cb9db548cc4d42abbbf531228d3f2d3465d672d0d89b8de9404f1a8","first_seen":"2025-11-27T11:23:17.476483Z","last_seen":"2026-07-01T12:25:27.375383Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2323,"timings":{"blocked":2062,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j98x.vip/","fqdn":"j98x.vip","domain":"j98x.vip","tld":"vip"},"ip":{"addr":"103.27.177.163","port":443,"asn":135357,"as":"HONG KONG KOWLOON TELECOMMUNICATIONS CO.,LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T12:23:07.485Z","timestamp":1782908587485,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b40l.top","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Jun 2026 07:36:17 GMT","end":"Sun, 27 Sep 2026 07:36:16 GMT"},"fingerprint":{"sha1":"9A:14:07:DC:7D:3A:97:8D:A9:4A:FE:C3:DD:87:93:39:E9:8B:60:6E","sha256":"03:37:26:39:3C:C7:14:32:E5:72:8F:FA:6E:47:DE:44:E6:ED:0D:71:74:5E:AC:A7:6C:E5:85:B8:C5:1D:13:4C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: j98x.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nCache-Control: max-age=259200\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"j98x.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/undefined","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.672Z","timestamp":1782908597672,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: public, s-maxage=600, max-age=0\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c519f1da2364476a6\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24594,"size_decoded":11457,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"e79ba8d5268f3090203c26b2ec87119f","sha1":"67ec737a939ce7eb32f6c9ab0f6cb36a5d0c5045","sha256":"f03b70608a46781f56d44226537411cfd4da69014f8c6540319977c45398149b","sha512":"378079455a3539b8fa003afc4351f6acd844d704e0f41250b71dda29b445cb99821596e562eed3afea6a7d0b6de1ff61e22754a4c3d9384952d09b90f4dc3e55","ssdeep":"384:21ERlxqNBPJu2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:1RXqrJuiNYiKop/E6wkpcu2llz","tlshash":"05b2195a9df3497a2423303a1f7fb20869b0d0134309ed803e4de7594f95aaa56f3bd6","first_seen":"2026-06-12T19:29:57.247756Z","last_seen":"2026-07-02T13:50:16.704028Z","times_seen":165,"resource_available":true,"data":null}},"time_used":421,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":350,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/loading.da46bff6.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.744Z","timestamp":1782908597744,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/loading.da46bff6.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-7384c\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1494\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da24b7c74b9\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":473164,"size_decoded":468831,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ac7ca483f10bc73cffa89f639f6ffa56","sha1":"03873b9607c635752526968af31773498d259afa","sha256":"a054b81d2850fe2da5b4f97a1c50c05ee59a24c37f1c700e5cc45fe6079598b6","sha512":"caa6b3e243f02c86ccaf71aafd0e716834a7a0cf07305c5c7cc0a1b9d637cc2802caa067b0010c7c3c064e3fe8f7881b26992f57137f98477266653342257760","ssdeep":"6144:NFoYczeWIF3Q/IUPYhuF0KX38I4z/tcKZPehCIjAl/CS+b:rLczeTUPpF083CBdeh7MlvI","tlshash":"79a423929b411988e1096432215fab4d23993b6458ab5fbf78843d88893cf059ff763f","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-07-02T13:49:21.900605Z","times_seen":1732,"resource_available":false,"data":null}},"time_used":7668,"timings":{"blocked":5366,"dns":0,"connect":0,"send":0,"wait":313,"receive":1989,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.334Z","timestamp":1782908600334,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 79930\r\nConnection: keep-alive\r\nEtag: \"bd7f8602db8e332117b1715d58aef000\"\r\nLast-Modified: Sat, 06 Dec 2025 06:20:07 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q3f8Tw7JeqRU%2B3v0aKchMppR44%2BUOsH%2FEKJfzzFgvBTTBty2M32wbQvKo0phKYk%2BEu3XjXH2XQYKrutgEjV5qc3bvaw%2BBQhNCpUoS9kkkhwz41VWRdMdhJ6g4bMD9qm6WOG6pBMkur4T2OVaY101wVU%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1497\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d2cb85f08bc-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2519974c3\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79930,"size_decoded":81085,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bd7f8602db8e332117b1715d58aef000","sha1":"7e5e353a2493869ab29d7087ed6854d05eaa1dbe","sha256":"289cf0eaed99d77e8ca59df43b5dd2e5a2e28fc8efbf2b4f918bd33293c6801c","sha512":"b3493bc56d6f778167f81e32ba77c61328584255960ca10373c2bccbe8f13b9f886c806142bd05e1e116ccd835870db787ae4225843b1aced6de971e177f90d8","ssdeep":"1536:1Vx1HKbkHPxLc4OWZ0+j0j8R+dWMIFtCTbYgw:1Vx1H6kHZTOWV0kMGsTbNw","tlshash":"cd7302a40e4e35b3dc0bcb7fb59c8e7606fb9be3251da9c00d55674adad81ad13a10c8","first_seen":"2026-04-24T23:10:16.741634Z","last_seen":"2026-07-02T13:49:21.893994Z","times_seen":439,"resource_available":false,"data":null}},"time_used":5912,"timings":{"blocked":4337,"dns":0,"connect":0,"send":0,"wait":702,"receive":873,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.343Z","timestamp":1782908600343,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:25 GMT\r\nContent-Type: image/webp\r\nContent-Length: 72760\r\nConnection: keep-alive\r\nEtag: \"f3567ecc873ade2418801f0f5a4a755f\"\r\nLast-Modified: Sat, 06 Dec 2025 06:17:08 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ST7qDGdxvuvh58v8%2BmFp1NT5l1nOVktt7QhxbZXnAEz4A4K502Y%2Fs1U%2FlsC2kpjbFnioid1lF%2FcrL61kkK%2B163ILicEtE297CIzGj5LXOOVF2DWy1CqDwZWM2GxAA9viVxNGfPp%2FsWkwAYQOjS5IF%2BY%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1496\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d3c992addc8-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908605=rl9fHSIY8CX3nBFMwcz5hHAgtcnAILDmt63yQRZj/5h8SgT8CpoVtOcxJ8FTz6zkTPg2Jhk0HreHVFPoTTuKAGYYTsqccuWfa38FkfTS2guWTohMUW/xQFy5dK1gc+p8PoIMETXRp+eQpLSkZgRyhz2JRVfQrqgIdnEkFMfe+Ej9qZ36pRTwerk+7lrF0/I2\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da256016771\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72760,"size_decoded":73919,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f3567ecc873ade2418801f0f5a4a755f","sha1":"e8fc02b34bd284bdffb53faea4cf595658b0313c","sha256":"4b1a175ed7a2578bee0892a9483844a11bd86070caf612d6714d961747b38420","sha512":"857339772b7cd720df654fc85ac26d103e6cb1ef75e2e1b3dd377b6403b34112dd44a07521fdcd476bdb0b657c3525cb25796ad3ae24a8820ef947c6718d9c44","ssdeep":"1536:GqiacLi4hDdd3WrRvp1BtjWbzMEws521D5kBTVhe3w/PKgXJcuSOe:G71L7hgrhXBtjgzMEF5A+VkEPhNe","tlshash":"0b6302ccd2cc9aa0c4a46cd7f4057b38a962b589664f997303e2e387cac4bd917171bd","first_seen":"2026-04-24T23:10:16.730515Z","last_seen":"2026-07-02T13:50:16.771768Z","times_seen":431,"resource_available":false,"data":null}},"time_used":6104,"timings":{"blocked":5444,"dns":0,"connect":0,"send":0,"wait":605,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.371Z","timestamp":1782908600371,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_nav_web_3.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.684Z","timestamp":1782908597684,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_3.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-1cf4\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1497\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da24d774fac\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7412,"size_decoded":8115,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"eb94a297c215863d5d2232eaa67f4779","sha1":"d006f382f63ada4e4ef65d124a75eac2e4e72dd0","sha256":"6bd46b617bf27cb28fb798d50b2d6daa2aaed1a278ed50e9aa549b6e4fac48c3","sha512":"dc7759393acb5e7d1a635b4d91d73e84abc41fe6afde99a85a8e4ed6f4f8b1b5819bbcaa80b1c213c00c89df8b81db512a7bff142b24c50565ff1e6289f1a30c","ssdeep":"192:Sfq39wgHGYB1fcUWobKUUR6IHaDmzDxfbTow:uQ9gCEUWoWUe6DeJQw","tlshash":"94e1ad76a7f6d695a6b7908cfece94050fbba2722c6352762b7b8c02170c339525b411","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:49:21.870113Z","times_seen":1737,"resource_available":false,"data":null}},"time_used":6298,"timings":{"blocked":5931,"dns":0,"connect":0,"send":0,"wait":367,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f8306425eba6e0167bcdb25a31b67ec8f","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.141Z","timestamp":1782908599141,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f8306425eba6e0167bcdb25a31b67ec8f HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: JC3Lvp2ihDY7qb8wDDNUYWzdVmF3P21louNYVzTCa4yL7RECXRsdW7KBi6NWRMzZdlYi3MT1JrPed4NmauQj8ojJt0+HC03zZoqZh5QW9i/jAiYu+QCbdvK71TiEMVKpPZ/5QvVDuMzTGbGnVldS27ARl06sAoG0QLpWzzwOf8w=\r\ntimestamp: 1782908599136\r\nsign: h592t3ga2m5o1j1i\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:26:19 GMT\r\nCache-Control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: d0f026c5fd1c4ed4b49f554c5bd552e2\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da23bf644ec\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4073,"size_decoded":5106,"mime_type":"application/json","magic":"data","md5":"ce86fbd44da207ab937e318befe3a7f7","sha1":"1f9d390802a0faf8d50f4aa554031fe741384a85","sha256":"9beb612b0a6c90b9798eb386b2050512512614ac4ff408a1fbbbcf8fc078be07","sha512":"70ed42ad1f99f985fffe5035eec2c3b3f6f2d0110c386b118492a0953eed3b2fba386ea4e66d1d16827fa2261a45867923aa24757b847cb6852f751abc21c73d","ssdeep":"96:eOGS7hTEAzTZf7EcsXxUCQA7Gx4jJ1onRw6THKH8r68yKmJINFfHtBD/Rj/FcpZu:VP7SalfgcUDQqGqjJIjGZKmJIxHXNbFD","tlshash":"0dd19ea91242b334a13363fa584c4ec54d8513eaf8e3ee12c205357aa9f214ff65fc11","first_seen":"2026-07-01T12:22:34.282555Z","last_seen":"2026-07-02T13:50:16.822156Z","times_seen":39,"resource_available":false,"data":null}},"time_used":843,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":833,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.344Z","timestamp":1782908600344,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:26 GMT\r\nContent-Type: image/webp\r\nContent-Length: 47886\r\nConnection: keep-alive\r\nEtag: \"ba0be3142a5adac8fdffb8c21b319dbb\"\r\nLast-Modified: Sat, 06 Dec 2025 06:30:09 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QUrkVMYx4%2BeNfEx9HwhjgPoXyHLHgwozWGMh3SeXHeD9AXIiqazglo%2FXdupjxVJBpabNQPjw4FXrYbGWiELgiOEvQobOhEl5J70nYfqY1OTN3YW4a3iSBU2jfZNFcIUSiVCnqVs9nQ91KKXn1HXFUVU%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1497\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d3cbe6890d1-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908606=nd9OCJcH8/j3gVTBw2Tu9HBCrF+FQb7dQX9jTPCs4+g182MnFTKwizyKV+Yy4RAo5Dz2xSKPHS4eew+KPCLIsWVADI3ktcwCFWR6yXc3CefMoF8EOp8P3VD/H05ZtdK7ZGKjiGiErSPLYm8ISdBg7pom4oao8b35+nXpD4MiRQ2ZSLU2ccVeTKUsKuf3sMJH\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da257c274c8\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.382Z","timestamp":1782908600382,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/312ffd0c9699474abb24729df37dc9fa?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.350Z","timestamp":1782908601350,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/312ffd0c9699474abb24729df37dc9fa?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 35780\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1567411\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"312ffd0c9699474abb24729df37dc9fa\"; filename*=utf-8''312ffd0c9699474abb24729df37dc9fa\r\nContent-Md5: t6afoqEORHEwwGvBASmIvw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FjN-99CyT-jQTvujwqEkAEDs0sov\"\r\nLast-Modified: Tue, 19 May 2026 13:53:40 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: hgc8LfF3h\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: CDQAAABXRitgmLgY\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35780,"size_decoded":36538,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"b7a69fa2a10e447130c06bc1012988bf","sha1":"337ef7d0b24fe8d04efba3c2a1240040ecd2ca2f","sha256":"38140d9a8984b5c9811ae561afb68c22125c6af0f43d51d9b86d50c37f301b42","sha512":"2bfd88b15cc2cea7e9da904d74035acf85e03c364c4b3c6449e4178469187736a9ad232b10deb0293fa98fa2d6746c0a3b70bd86a6ffd33b1cad348d5a50eaef","ssdeep":"768:/or0Df/cUBa3RXoLwS91N18w/91C1QdasBvhtLivC:q0DcUBl518AH2aasBp5ivC","tlshash":"ebf2f117bb1c8e331c94fd3ff6693a8ece2865c0495ca3976152c0ada619d01862cf9b","first_seen":"2026-02-28T07:27:01.778452Z","last_seen":"2026-07-01T12:25:27.365565Z","times_seen":13,"resource_available":false,"data":null}},"time_used":1256,"timings":{"blocked":726,"dns":0,"connect":0,"send":0,"wait":334,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/46431.1781011881923.bc5df1d1.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.379Z","timestamp":1782908593379,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/46431.1781011881923.bc5df1d1.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:14 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-552d2\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908594=KWihkK54rCZL679Sz9tmy9MABdejSjUb9fWmH/K9x12QVu+NEhUsH2G4fT2DhqHScaJrOGbsHCTNE8lziyQYsh8YYexjNuPVE1bs8KtZsxuRmdziDnLyk0FfiiNFMQSh3/3ZzrNAJFstMZb6pi92EfXkkKVa6y991sZ6IXEq0Z7cdzYe42VsLKSnWqfs4M5a\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da228db758a\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348882,"size_decoded":87418,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"93f90e3733fc4af32a4ef4b34416c531","sha1":"bbe0b8f50268073f57565c76a1ac45b46f6c668e","sha256":"ce07d563179018eb4ccfcaf005a871d6baee3ad2ac4400e6e4768a2d35c5aa1e","sha512":"664e0ea56bcf02d80d7e148c8c999493c6501c5b8b6138fb0c5a05c0c0a9c3b5facac9d711aa2ce216eb335328be867456dbbbb2864f99531faffa5fb74eaade","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929srbnpTP4T:z4+4ZTu4+4yaT","tlshash":"b774fa6caf1030ae15a7cb27b660f5199c36a443f9bfde9af3e53d580789a510623c13","first_seen":"2026-05-09T01:34:22.507922Z","last_seen":"2026-07-02T13:50:16.669541Z","times_seen":207,"resource_available":false,"data":null}},"time_used":2257,"timings":{"blocked":-1,"dns":0,"connect":287,"send":0,"wait":310,"receive":1077,"ssl":583},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/telegram.js?t=1782908593377","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.401Z","timestamp":1782908593401,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/telegram.js?t=1782908593377 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:16 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-1c896\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908596=pvFJUsf8pLm12V/hEni5BP/JswMFGcRv91LURibrWHeFm798h/RyC9pd85r1im2io8X4krCNhWRq6A7WcFRYGIo3zxvRoOqHCs5lH5OU3LunlEQ7xu175s3ZQrj2YazV3OdcvHP98+uV+E0/6CL5qGmo1b7FDC+2gEqTATYSbZUNgBKd0VnPAHDfa12X2k6S\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da2308a44c1\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116886,"size_decoded":18895,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (483)","md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-07-02T16:15:47.028132Z","times_seen":1469,"resource_available":true,"data":null}},"time_used":3190,"timings":{"blocked":2816,"dns":0,"connect":0,"send":0,"wait":338,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/home.1781011881923.38488e2a.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:16.718Z","timestamp":1782908596718,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/home.1781011881923.38488e2a.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:16 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-163b3\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908596=pvFJUsf8pLm12V/hEni5BP/JswMFGcRv91LURibrWHeFm798h/RyC9pd85r1im2io8X4krCNhWRq6A7WcFRYGIo3zxvRoOqHCs5lH5OU3LunlEQ7xu175s3ZQrj2YazV3OdcvHP98+uV+E0/6CL5qGmo1b7FDC+2gEqTATYSbZUNgBKd0VnPAHDfa12X2k6S\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2328074a0\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91059,"size_decoded":33286,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"e74f15d7fec8fd844f3f07595fad8d36","sha1":"6b072e1cd8db98eabc09e33e5aaecec0fa1f385a","sha256":"e0a518c123b57bf6db4c12b779cb9414056760733b9d1d59ccd160d4ce0f08d2","sha512":"74d96ef5f45097c02d494946f446bb8a1d5fb7b89389543f9c278b5b93678e4b50e75ae534fa8ded5c2b377381acd47403d8baadcf01676bed44d997eae44d1b","ssdeep":"1536:fwRzO3RM7jufawS2d3a8WiLKbzGhbG9jpXdNdp9khN+sJ/:fBiuSJwLUK09j7p9khN+C/","tlshash":"20933b76a610253db427ca72baf05bd8b524c846d7634a3df2537e25cbc72f21236394","first_seen":"2026-06-12T19:29:57.241174Z","last_seen":"2026-07-02T13:50:16.817236Z","times_seen":137,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_nav_web_1.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.681Z","timestamp":1782908597681,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_1.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-1e8d\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1498\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da24d0e74bc\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7821,"size_decoded":8528,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"0eb441aa3c30cc3c92da984283938f90","sha1":"74a769808afa9b87ea483a82d47958bf05ab9b87","sha256":"146f45de163728bb850c9a8e6c1693dd4c82caf7b6e1f58728395003b84f286c","sha512":"d1c9c8824c4f42f71db8ce2b62955647aa55bb590305765cd931000d0fc6023f7d57cd3daf6992094365ca6ecb42f02f93d606d79f6643a2f89d52f71200461e","ssdeep":"192:AnUYZGCj89cpWsWKE+hAqF7k4Pk7KJw7OjF57HUNuvs7alaUd:AFEijWKE+hHF7kt7857HU/eRd","tlshash":"20f19f3eececd52cd1a745f68caf47a6142c5031ee9d7929b82fdc728649a409d403c5","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:49:21.887311Z","times_seen":1739,"resource_available":false,"data":null}},"time_used":6216,"timings":{"blocked":5835,"dns":0,"connect":0,"send":0,"wait":381,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/CHESS.80cb714e.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.258Z","timestamp":1782908600258,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/CHESS.80cb714e.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:20 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-e587\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908600=syPON+2Kz5+pRykBs4QtaE3NO1FRKks/0eGizB7WB32Nr07KwPVzJ7CMnD8avbVlnlwbqhKm+rPUp/B3oGXCDokK5efJr6SBT/hoCjDgyiNSx/NWCgTrn1JK2VXFeQ2d7IBy7u4ZEVcnVu0949VAH67PTEPPBpqJ7YUy/mSmLNgKKPCcQeowpq9SRGT324V1\r\nAge: 1491\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da2405644ef\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58759,"size_decoded":59475,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"727b4dc207a4141335b27fa73f76fb10","sha1":"bb63b02e635f5503d76c4fc3532c2c652a06cac8","sha256":"5d840214ae46c94540df7d0a94963cc398b32c7b868edddb6a4f2a2faf113e42","sha512":"c1512f9d9a191ea10e806fe3a8f812f78dec9832568373b7b5362fafe9aef6783947d248deb2fc8d30ba1c61fd3b94f308298e69c1de32686110fa35f7bd4ed4","ssdeep":"1536:gtPCh483gu6aLw9AJeteTzkprgTWEHbP4BzrJ:344U9Xte3kprgKE7gZJ","tlshash":"0543025a13c1159f422f37b8148758a6d8154f9f38f32ea11a9e2afda58cb0af431c3d","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.697653Z","times_seen":1679,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e15d681d997d4d40b94b421df91f92c5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.330Z","timestamp":1782908601330,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e15d681d997d4d40b94b421df91f92c5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 21115\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 73287\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"e15d681d997d4d40b94b421df91f92c5\"; filename*=utf-8''e15d681d997d4d40b94b421df91f92c5\r\nContent-Md5: HEnoReLExYvP8nl83FVTQw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FmWNi3tmKsy7c96gGjTa0TeuAypV\"\r\nLast-Modified: Sun, 28 Jun 2026 03:26:27 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: Tesm0GNk4\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: -AUAAADZjchF570Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21115,"size_decoded":21871,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"1c49e845e2c4c58bcff2797cdc555343","sha1":"658d8b7b662accbb73dea01a34dad137ae032a55","sha256":"6b2b1bc75d77c0432eb2bff6d84e41bb086a7578000cf6990532051ae3664a04","sha512":"5084032ec7c37fed78b8616bab717ca85148c03fa948ba2b9dad9620bbc9bfc4aa36ae4f5916bc89fc7538f3307978b7b91921ea415081cd3ad119ef80d7f6fd","ssdeep":"384:6n3akg5Ls/hzZZIfxuOmtoF0qOS1KbX5TGKPWW9pB920XVW:63eLsbCfxuO8oF0ms5TG0B9AaVW","tlshash":"aa92f1ce47683db162d6dc56dd37219e3249d8ba0fab149c0cf1caa70b24b1190dcaf4","first_seen":"2026-06-16T17:13:24.843108Z","last_seen":"2026-07-01T12:25:27.363121Z","times_seen":58,"resource_available":false,"data":null}},"time_used":1038,"timings":{"blocked":-1,"dns":1,"connect":251,"send":0,"wait":502,"receive":26,"ssl":258},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/437ad8b062044c079605077a167a7da6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.396Z","timestamp":1782908601396,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/437ad8b062044c079605077a167a7da6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 8828\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 76998\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"437ad8b062044c079605077a167a7da6\"; filename*=utf-8''437ad8b062044c079605077a167a7da6\r\nContent-Md5: iDtRYUoCPbSjE11hYS5FdQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fka5SneGIed52faqXWObQ9rRGA0b\"\r\nLast-Modified: Tue, 19 May 2026 13:57:39 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: Pez1jCZRo\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: zSEAAADiAj3m470Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8828,"size_decoded":9583,"mime_type":"image/png","magic":"PNG image data, 95 x 95, 8-bit/color RGBA, non-interlaced","md5":"883b51614a023db4a3135d61612e4575","sha1":"46b94a778621e779d9f6aa5d639b43dad1180d1b","sha256":"6248fa8d43c3c0130d39b9f2974e4904ce9c75b276d004aeb6f607fff461593e","sha512":"eaa33a7c403beb70cadbd1b7a5932517b294ac6f0387ed8f6a79904424e1dd793e6bf113ae9fe5a1911f7a8ccb9f7081d26ea6db9f5bba9047ff495e11fc4f81","ssdeep":"192:t4iZMmEcoDIAfYyUPZLzt3lUCU7Lu0A4SKt5UnWrKQVBmBCqj:t4iZ3uIcY3f1U7DAUt5IWqZj","tlshash":"3002c06768e01ed6a723d864b7bb60e4441a94a020f8434f49abfc3f6685f318c0dfe5","first_seen":"2024-08-19T19:47:54.933243Z","last_seen":"2026-07-01T12:25:27.344938Z","times_seen":65,"resource_available":false,"data":null}},"time_used":2761,"timings":{"blocked":2479,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T12:23:11.791Z","timestamp":1782908591791,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:12 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: public, s-maxage=600, max-age=0\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908592=RxIojHKty76lrPbyWw+EYzFl8eO7DBfMl3cFzfrRmbItqfp6Yu3rAv10DcSLPDvzE2TnxBJhpgbMoDSpGs4RV5e/BqcyjbS4ilunxVx1tEHjxqnka0nWFvzG+y9wkDMmnRKTLVqW3SkHPmHa6RG1qHuyEo+NOLaDYqAH8W2fTl+SSA2ns4VaROWHICFZAwun\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da2219844ab\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24594,"size_decoded":11457,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"e79ba8d5268f3090203c26b2ec87119f","sha1":"67ec737a939ce7eb32f6c9ab0f6cb36a5d0c5045","sha256":"f03b70608a46781f56d44226537411cfd4da69014f8c6540319977c45398149b","sha512":"378079455a3539b8fa003afc4351f6acd844d704e0f41250b71dda29b445cb99821596e562eed3afea6a7d0b6de1ff61e22754a4c3d9384952d09b90f4dc3e55","ssdeep":"384:21ERlxqNBPJu2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:1RXqrJuiNYiKop/E6wkpcu2llz","tlshash":"05b2195a9df3497a2423303a1f7fb20869b0d0134309ed803e4de7594f95aaa56f3bd6","first_seen":"2026-06-12T19:29:57.247756Z","last_seen":"2026-07-02T13:50:16.704028Z","times_seen":165,"resource_available":true,"data":null}},"time_used":1572,"timings":{"blocked":0,"dns":3,"connect":292,"send":0,"wait":645,"receive":328,"ssl":304},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/index-399e2569.1781011881923.a7b0b4f4.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.382Z","timestamp":1782908593382,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/index-399e2569.1781011881923.a7b0b4f4.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:14 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-faee\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908594=KWihkK54rCZL679Sz9tmy9MABdejSjUb9fWmH/K9x12QVu+NEhUsH2G4fT2DhqHScaJrOGbsHCTNE8lziyQYsh8YYexjNuPVE1bs8KtZsxuRmdziDnLyk0FfiiNFMQSh3/3ZzrNAJFstMZb6pi92EfXkkKVa6y991sZ6IXEq0Z7cdzYe42VsLKSnWqfs4M5a\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da228ee7488\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64238,"size_decoded":34291,"mime_type":"text/css","magic":"ASCII text, with very long lines (64238), with no line terminators","md5":"1f30d2cd291b70a1848607e3460d9278","sha1":"e91e48518ec94fcaacf418789927f34d7527dc99","sha256":"8ce1851c7bd6e7db80ee5ee8da7a0c808f29756dda3c941bb3811dc3bd3e5afd","sha512":"3cf09b1afc740c4a219a45a233489d76587ec8bd80a57c52ab133f33fdffa8a3fe35a0a27e386270ebeaa9e86d156897e44733b8eb83ee6935fe67749c30cd0f","ssdeep":"768:E0ouVbMisnf7X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+G:HoGws9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"c6538d3123e0286ee27b6b16ec51e659352b8602f127625af703362fc1d72f5c67b742","first_seen":"2026-03-20T12:57:26.768432Z","last_seen":"2026-07-02T13:50:16.802029Z","times_seen":709,"resource_available":false,"data":null}},"time_used":1821,"timings":{"blocked":-1,"dns":0,"connect":291,"send":0,"wait":345,"receive":589,"ssl":595},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/83749.1781011881923.2e202a68.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.566Z","timestamp":1782908597566,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/83749.1781011881923.2e202a68.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-6f2f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da235ec673e\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28463,"size_decoded":6305,"mime_type":"text/css","magic":"ASCII text, with very long lines (28463), with no line terminators","md5":"1ead8072763d5fe20963f033dc63d94e","sha1":"36eeb0853a1b5681ab464dc1ef3682160e420e60","sha256":"8f014d5d9b2798ecfc473bac7c23f80295b94af3cbeff054fcaf973b286f8240","sha512":"92670a870b9db4259e71072ab72699e3431fa9eb53027f4b90c954b51eaf1869f5f50987808e5c625e9101ea4ea3aca655b81ba73f3ba2ced4cd480eb9a915cc","ssdeep":"384:DYCKpsUIc1F8l1TANI34yQyqPPQwmfzIfRbHx6+OhCcbakzeYaTONdqdK:DYCKpcPE64yDqbodqdK","tlshash":"07d2739ae5d4b13e6c1fbb35ebc5a1ecb1399450df620e7af202762547c3af1012216d","first_seen":"2026-04-29T03:41:13.425526Z","last_seen":"2026-07-02T13:50:16.717343Z","times_seen":541,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":394,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.385Z","timestamp":1782908600385,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/99545210676f49008ce404c63a037913?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.369Z","timestamp":1782908601369,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/99545210676f49008ce404c63a037913?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/92e0688da2c444359aa36c7f3e158060?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.378Z","timestamp":1782908601378,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/92e0688da2c444359aa36c7f3e158060?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 10660\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1540\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"92e0688da2c444359aa36c7f3e158060\"; filename*=utf-8''92e0688da2c444359aa36c7f3e158060\r\nContent-Md5: rSHTP5Z/1lIr2R9jV/anOQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FjWwgjjRGa_PIMLl3A9Qym9GHqwM\"\r\nLast-Modified: Sat, 27 Jun 2026 03:32:37 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: UT3HAio3P\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: n1UAAACk7zSHKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10660,"size_decoded":11415,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"ad21d33f967fd6522bd91f6357f6a739","sha1":"35b08238d119afcf20c2e5dc0f50ca6f461eac0c","sha256":"834acdc2c646665993fe0f343eeec78048a0fedb5ce6bb9e4a9592272566195e","sha512":"ea3eec2d88a871b06392f0bf41886535ddf04fa47d45b643148c078f866b4f5f0374491d50481f9fa39dc33c1530c1a52fd76fc43dc690e2306b19f23d50ba24","ssdeep":"192:rN8HKih14so9FNGwL6Y89ZN2/wE9Yx71IHfax+6Rv1dPRbR:rktKF7WYuN4vfax+KvJ1","tlshash":"d022bf42b931ef1b5db0491fbb1981c429be48da4c0d1bda768667f8152cc9b40dc6da","first_seen":"2026-05-05T13:36:24.318153Z","last_seen":"2026-07-01T12:25:27.342981Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1899,"timings":{"blocked":1598,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/11a0a7b0c2be4e8cbd9dd4e9d1905b6f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.395Z","timestamp":1782908601395,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/11a0a7b0c2be4e8cbd9dd4e9d1905b6f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 29279\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 76998\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"11a0a7b0c2be4e8cbd9dd4e9d1905b6f\"; filename*=utf-8''11a0a7b0c2be4e8cbd9dd4e9d1905b6f\r\nContent-Md5: nTMxGWgPmfCigDUQ85ymbA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FnLnV6FE6eIhNj10pGkG3QUdb5VP\"\r\nLast-Modified: Tue, 19 May 2026 13:57:39 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: 7UJrtxZhN\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: ciIAAAD3Jj3m470Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29279,"size_decoded":30035,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"9d333119680f99f0a2803510f39ca66c","sha1":"72e757a144e9e221363d74a46906dd051d6f954f","sha256":"b861d7002ccbb9adc41c8409035a792a3a5033e8bacce2d68bd56b721a85647d","sha512":"6bc1c636b03cf598579806951f9dad2f0844b1c1e336660061e19bdd9a233251b139ed22cbf5cc3340e8fbf020a7518029e967b580bb7b31f91504ec037cbcbd","ssdeep":"768:CUVQp7N/C8LJ0CSM6eAfBBGIzJLrc21zAkrpd:CqQJNlVMVx1Dpd","tlshash":"c3d2e19882384839d073f1505d35f0f11766966442f4caa0fa9733bdcb4ded248a9ed4","first_seen":"2025-03-31T13:06:08.201356Z","last_seen":"2026-07-01T12:25:27.33443Z","times_seen":63,"resource_available":false,"data":null}},"time_used":2678,"timings":{"blocked":2383,"dns":0,"connect":0,"send":0,"wait":274,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssl.hw301.xyz:8900/?u=https://j98x.vip/\u0026p=/","fqdn":"ssl.hw301.xyz","domain":"hw301.xyz","tld":"xyz"},"ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T12:23:11.090Z","timestamp":1782908591090,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cloud.hw301.top","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 08 Jun 2026 00:00:00 GMT","end":"Wed, 23 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"67:F4:44:A8:2A:80:5A:70:54:A1:CF:76:81:D8:73:BE:07:8A:03:BF","sha256":"6D:29:23:0E:AA:5C:2D:C5:FB:64:FA:CA:EE:F0:40:A5:66:21:88:96:78:F4:E6:C3:EA:8D:6F:71:1A:2E:8A:B0"}}},"request":{"raw":"GET /?u=https://j98x.vip/\u0026p=/ HTTP/1.1\r\nHost: ssl.hw301.xyz:8900\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://j98x.vip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 01 Jul 2026 12:23:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://18114.xyz\r\nX-Frame-Options: DENY\r\nVary: Origin\r\nReferrer-Policy: same-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":3,"connect":161,"send":0,"wait":202,"receive":0,"ssl":328},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"ssl.hw301.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.360Z","timestamp":1782908600360,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.387Z","timestamp":1782908600387,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/b20c5ff6831748aa9d0c7cb2f10689c4?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.345Z","timestamp":1782908601345,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/b20c5ff6831748aa9d0c7cb2f10689c4?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 7303\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 58998\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"b20c5ff6831748aa9d0c7cb2f10689c4\"; filename*=utf-8''b20c5ff6831748aa9d0c7cb2f10689c4\r\nContent-Md5: rNfsRr+Fqd1/O0jHaYTe3Q==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FgCfzlHase_DmDooLVo85wRDMu6c\"\r\nLast-Modified: Sun, 28 Jun 2026 03:26:29 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: MCrjyPL6K\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: n9MAAACUMstE9L0Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7303,"size_decoded":8058,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"acd7ec46bf85a9dd7f3b48c76984dedd","sha1":"009fce51dab1efc3983a282d5a3ce7044332ee9c","sha256":"74a4ef1711b214f7bfe477d6aec3bb735e93210d3c6233673e1d9aefdfc3c2a7","sha512":"06b759ad89ebb3325eb08076598a57287dbf64863fa838bd4dbf3047ede83c318d25b43b64954591beedc7831d043133954c8056e3b49e8f60f8c1540adc89fa","ssdeep":"192:4t0AKmxMT//YgyCXv2O/Np5Xs82VkKK07:4t9E//hyC/2OW82Vkc","tlshash":"ffe19d8eabe21a6d07adfbe5651e008188445f2380c6d32a260f35fd036aedd7a4700f","first_seen":"2026-06-22T20:52:31.771329Z","last_seen":"2026-07-01T22:21:02.99943Z","times_seen":51,"resource_available":false,"data":null}},"time_used":748,"timings":{"blocked":-1,"dns":0,"connect":247,"send":0,"wait":248,"receive":0,"ssl":253},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/33330e3e6e964eff8dc37a13008ea63f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.352Z","timestamp":1782908601352,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/33330e3e6e964eff8dc37a13008ea63f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 11268\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1567411\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"33330e3e6e964eff8dc37a13008ea63f\"; filename*=utf-8''33330e3e6e964eff8dc37a13008ea63f\r\nContent-Md5: zQF+KDgdmauTAuUmf89ImQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FlmbO5ZM64gsEW3i39Vpw0NAsJeo\"\r\nLast-Modified: Tue, 19 May 2026 13:53:40 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: oGiz09KoQ\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: T6EAAABk6StgmLgY\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11268,"size_decoded":12026,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"cd017e28381d99ab9302e5267fcf4899","sha1":"599b3b964ceb882c116de2dfd569c34340b097a8","sha256":"e72f0f4ba7cc36c62977282cd6cbda6440ae27887177486f480e10f2176d2126","sha512":"be8318b564c5a5e8b2c07fd2f020679238b7d5779ab2de89815b7af176e0a7c05aa6c35c1f54c778f59ba0c81201f01f171b03eabbf544708bd0f69c86e06f38","ssdeep":"192:RDISmt/Lda+gglhq05qZNzgY4KpvNzFZVYCHTrNB5HF8m6IoomzlZS+k3aZ8K0aH:RkJtzdGKqnnsY4KpvNzFZVFzr9HF3ooe","tlshash":"0232c0b36251bdb5f137e07a251b689fa3064b8b2c8a19d4138c8736dc7a32dd61cb43","first_seen":"2023-08-11T12:57:53Z","last_seen":"2026-07-01T12:25:27.3328Z","times_seen":14,"resource_available":false,"data":null}},"time_used":1048,"timings":{"blocked":743,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9d691750dbc242faaf1fe195874e673e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.357Z","timestamp":1782908601357,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/9d691750dbc242faaf1fe195874e673e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/b9ccb16ecdbe462589d4aa3fdcdb6686?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.389Z","timestamp":1782908601389,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/b9ccb16ecdbe462589d4aa3fdcdb6686?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 23785\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1720\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"b9ccb16ecdbe462589d4aa3fdcdb6686\"; filename*=utf-8''b9ccb16ecdbe462589d4aa3fdcdb6686\r\nContent-Md5: eezhbGQOys9PO0WzX7JSGA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FpvhwxQ5wbHUwc13MawrV-CPIh_7\"\r\nLast-Modified: Tue, 30 Jun 2026 15:01:27 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: 9GA3TeBQ7\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: jEoAAAC0qlpdKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23785,"size_decoded":24540,"mime_type":"image/png","magic":"PNG image data, 139 x 181, 8-bit/color RGBA, non-interlaced","md5":"79ece16c640ecacf4f3b45b35fb25218","sha1":"9be1c31439c1b1d4c1cd7731ac2b57e08f221ffb","sha256":"5340fff66065df827c291249accf939b23c904a5dc41bea98712bde4ce20f33e","sha512":"4e83422fc78423559d1a9399e7c7f85fe39c24496a4bbf38f5dc37aaffc1b6015a564eddad27e183d8f64fa938f84505443c6e31e0eacd07b2e740ab74430719","ssdeep":"384:w/BNNv4zCE7ns+oIP7rLRpOe0Iq1VDvW3N/EQ1hJIQkCFpjNlckzMUUOclskxI1h:w/xiF7ns+oq/Oe0DrW35EQtIVVkzfOJM","tlshash":"e4b2f1f38986009cf2d13788c226944166d5d96fa462f73a6c343fda8c0bdb8df18d85","first_seen":"2025-03-28T18:20:50.051008Z","last_seen":"2026-07-01T12:25:27.309162Z","times_seen":7,"resource_available":false,"data":null}},"time_used":2384,"timings":{"blocked":2097,"dns":0,"connect":0,"send":0,"wait":274,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0c771460fa7d471ea304c5a3577753ff?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.405Z","timestamp":1782908601405,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0c771460fa7d471ea304c5a3577753ff?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 26325\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 44579\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"0c771460fa7d471ea304c5a3577753ff\"; filename*=utf-8''0c771460fa7d471ea304c5a3577753ff\r\nContent-Md5: z8otA7LegCMEShDBSOimhA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fr1sd9PNh1XNi6T6hzCSFKpdT0Dx\"\r\nLast-Modified: Tue, 19 May 2026 13:57:39 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: qzhNmBqUZ\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: SpkAAAAJOH5iAb4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26325,"size_decoded":27081,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"cfca2d03b2de8023044a10c148e8a684","sha1":"bd6c77d3cd8755cd8ba4fa87309214aa5d4f40f1","sha256":"ff5921cde947e77f1fcbd9b9940228969e3a6b3d9066144782d7b636acfc1a16","sha512":"392936824524bbb06f4e68fc918d6a205deb38a2d9be6e6d94c90cd983f7ef1abb4edba10fb9f8675a108a49ddceb40aee1be751fae4c66bed51b6463aa80506","ssdeep":"768:KNdYKAhijOchKgEHx+EWKfjiP+SI1BR1RZ/HnTYWgNJY41zmnI:8yKi5v3Hx+BKYpIp1bn0veI","tlshash":"b1c2cf7002fb71d4ac27d2aef7fb8090aa5a80c2756c41aa8e8b5489036f551df61de9","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-07-01T12:25:27.345444Z","times_seen":30,"resource_available":false,"data":null}},"time_used":2967,"timings":{"blocked":2676,"dns":0,"connect":0,"send":0,"wait":274,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/theme.config.ef94991b.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.385Z","timestamp":1782908593385,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /theme.config.ef94991b.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:13 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:10 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281706-1a62f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908593=QGdno2nkbhil2sQzcsIm7nkvCJY74Qjk9SEFrSfsUOERzYD9aF4Kk5XrPIhf2YHS9qEyJggi4cgFow9bTTckkJjXVy/Xtl63+UEpGPiPRChEnyC8jaFvn4/s2hRriLlw4ec6CxftDwGvq8wCEHZosHQiWwI+PMWlO+YD6FD1ro5sTBovrXDfKbRBegY0bMmm\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da226b544b0\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108079,"size_decoded":16737,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"90d279a2980268d2835cec593c23d286","sha1":"4374bf6da5cbdf8f025434137487bda68077cddf","sha256":"1679f19badc24dea0edab376edfb8583714645e18f705fb849037af6cf0b3ff8","sha512":"362ec1b73cebe1ad224a5b745c9ceebf2b86301deab27e35d6517d499499328b34c24d76a72e5b348d623e64a4d17bfa0ab08d2aa012f02af23c6a72df51817f","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWHA:qEtlGu1Jnz45HT","tlshash":"c0b3bb7ae20c963a6177a8bfb46ce111d12f9c0c9b1d5fdef03e60a25710669c831de9","first_seen":"2026-06-12T19:29:57.324936Z","last_seen":"2026-07-02T13:50:16.794515Z","times_seen":160,"resource_available":true,"data":null}},"time_used":805,"timings":{"blocked":300,"dns":0,"connect":0,"send":0,"wait":396,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_web_1.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.739Z","timestamp":1782908597739,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_1.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/31098.1781011881923.4108b3dd.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.083Z","timestamp":1782908599083,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/31098.1781011881923.4108b3dd.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-561e2\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da23bbc4f98\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":352738,"size_decoded":65643,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65338), with no line terminators","md5":"3c55e2f7f495cd530603e700dd3bf229","sha1":"fdcabc58e872fde99b7d704711a75bc32cc2b8c8","sha256":"1c38b781ee4a302e955baab7d3306365881227cafc2814e1085f93f4ab0342d8","sha512":"94954c49e71bd95a7543f652e03bf68b5dd26d00b33c91eda9003ef81e37aa5735e846bc9322d52181550f0d010d125479a73d83dec0fe51fa0c4f2489108326","ssdeep":"1536:Z+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:sKK5sY4brG7O3SnLJNpL","tlshash":"6174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","first_seen":"2026-05-19T02:14:56.370466Z","last_seen":"2026-07-02T13:50:16.708289Z","times_seen":171,"resource_available":true,"data":null}},"time_used":1694,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":690,"receive":1004,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.148Z","timestamp":1782908599148,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: hW0LRLDpUCswvi32EPIGaCfLxPxkpiB7c8TyYg0DW6w5lqtPEHpFfro36OETL4I0E1I6C+NgvqyHSvC52rpHc7bLVwRkiqz5r4dWWW4YK4Pc60QLmFiTl8y4IcNmqUybthkJotHOmbns3yVL3dW9RqJg4kHzv/O85B2CME+shFk=\r\ntimestamp: 1782908599136\r\nsign: 1e2ds6i3a7b165a7\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:33:19 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: a90d26b7e55b47c99ea703c7e93a9b93\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c219f1da23bfc5e66\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2142,"size_decoded":3175,"mime_type":"application/json","magic":"data","md5":"e86e08f22fb9b8516a726f81c381edb3","sha1":"dcf3196981798135a3fd1b6f0ae0d59f12b99775","sha256":"711836ab4d3370b2aee86c4cd9858db7ce45e2db8ef5666586a89985722900f5","sha512":"12f9e659e418897021c414e016c9efcfa343d46dfe738343c8e53edb6bb7c1fc0c0ac8cf6d2b5dc454ffdb17462d7e5c61a5209d90647b2c9480503f3df6bf54","ssdeep":"","tlshash":"86613c189152db30931eb570800185a5cb4b91d4ffff9c58c62dd179da4f908a69ca3a","first_seen":"2026-07-01T12:22:34.372681Z","last_seen":"2026-07-01T12:25:14.989785Z","times_seen":6,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":328,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.329Z","timestamp":1782908600329,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 69604\r\nConnection: keep-alive\r\nEtag: \"bf4ab4dd29a7e850bb98cc23f8aa469b\"\r\nLast-Modified: Sat, 06 Dec 2025 06:31:49 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IzHjFwqP8PdXaL16gnk7UwZ87JBpwKnpO3DjAFzYU9rljqyQ7peKgu3fWMhmO22JcnaGCMFs67z1t%2FEEbnqrshYl4j5wTXh5TOZ09qGgT9rNJIpWLbSLMEO%2Fd7D3noZXu6Cqo0mDvxqTo37tmm0JrWc%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1497\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d2cae5b2107-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da250d29c77\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69604,"size_decoded":70753,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bf4ab4dd29a7e850bb98cc23f8aa469b","sha1":"bf8a5db8a24980c822ff470dfd5c400c3a7c9318","sha256":"2755467e92e31efad621b2e575f92ee22de6de608fa8f2fddb67db94b677b946","sha512":"21ee32c3081cdce13a032da5e97d59e0a8abd54778a0be5efadea03e95f5a9876414faeb43046ddeeeb580bc384b67ef786ac80243a9b7d10b4695ed25a5fb03","ssdeep":"1536:kzZ24Ia5yjsOfOLgsOtyLr/i7deYSzcwqzpf1btvhp61:kzZDIa5yjDMkyLr/z/cwqzpdxpp61","tlshash":"f76302aa4a11d1c8af767507133a99aa77ec93ea60d612f04077944f162bddba1f0c0f","first_seen":"2026-04-24T23:10:16.876074Z","last_seen":"2026-07-02T13:50:16.81024Z","times_seen":437,"resource_available":false,"data":null}},"time_used":5217,"timings":{"blocked":4143,"dns":0,"connect":0,"send":0,"wait":329,"receive":745,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.365Z","timestamp":1782908600365,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.369Z","timestamp":1782908600369,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-svg.1781011881923.7ca9cdc1.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.387Z","timestamp":1782908593387,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-svg.1781011881923.7ca9cdc1.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:14 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-72eeb\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908594=KWihkK54rCZL679Sz9tmy9MABdejSjUb9fWmH/K9x12QVu+NEhUsH2G4fT2DhqHScaJrOGbsHCTNE8lziyQYsh8YYexjNuPVE1bs8KtZsxuRmdziDnLyk0FfiiNFMQSh3/3ZzrNAJFstMZb6pi92EfXkkKVa6y991sZ6IXEq0Z7cdzYe42VsLKSnWqfs4M5a\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2270c7487\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":470763,"size_decoded":90048,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"2e885a50d7dc711be337a96fe33f0c2e","sha1":"8c767dd1bdcbf35f2577bd215ff6fe495cbd0f43","sha256":"603d14d58a247671742688b96c517d62e9c636443b960bc421af5352df4c01f7","sha512":"09289e06b0db84915693f0b78ab40149972b29693d0d6b1e66e4fbe9bddf00380f5f4e8e78961512d91a132226494572994ceade62d3d8a878126fdcdeb8fd95","ssdeep":"3072:/8nz2uaLZSZvx6Q/sIPrekK+mB6Ua94sRZI7gbpF/:/8nz2uasNxpXPrekK+mB6UHsE4pF/","tlshash":"c0a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2026-06-12T19:29:57.244213Z","last_seen":"2026-07-02T13:50:16.795389Z","times_seen":159,"resource_available":true,"data":null}},"time_used":2196,"timings":{"blocked":326,"dns":0,"connect":0,"send":0,"wait":489,"receive":1381,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-init-1656f0b4.1781011881923.32336986.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.390Z","timestamp":1782908593390,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-init-1656f0b4.1781011881923.32336986.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-21366\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da22c7f672f\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136038,"size_decoded":38262,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44088)","md5":"149a9a32eef525724cd200e4dce7a032","sha1":"29b091925cae6d90319391653e40685f6e6c5735","sha256":"10fcb7c4e44a141964cb31c527462c6e56f78d95c956fb02c50c61fc576cefd2","sha512":"62d80403786c13019e86e1c6b991d73cf52ff5bd25d4eeaec34ca12125d677604a269fc6c56ef301f074c42798f8e7935df623d6a0a62559d70749e53082085f","ssdeep":"1536:z2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCif9:z2twqhOIK2nCLdyACifMur06/D","tlshash":"6dd3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","first_seen":"2026-06-12T19:29:57.333908Z","last_seen":"2026-07-02T13:50:16.631571Z","times_seen":159,"resource_available":true,"data":null}},"time_used":2485,"timings":{"blocked":1783,"dns":0,"connect":0,"send":0,"wait":337,"receive":365,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/api/tenant/domain/list","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.164Z","timestamp":1782908599164,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /api/tenant/domain/list HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nx-request-source: https://18114.xyz\r\nXign: q72onruJWquLHOKh4ZaKFRpk30w4DNRYwsYow05ihUF6GRjKIMiihkQ/5xl3oYCCV7hKUoDu4zx3XACAi7Utugve1iWtGeDBqjqf7IlUcrNJbKNIdL67TIgAlYfRvhYuWAGyUIk9tik5bEjV8YVwx4MVrP64fjdw7NGInSGuV3c=\r\ntimestamp: 1782908599134\r\nsign: 3j3r627i5i5h2n17\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Wed, 01 Jul 2026 12:33:21 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: 740e7ea425bf489e97a52d481240aa2e\r\nPragma: public\r\nVary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nX-Content-Type-Options: nosniff\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da243594f9e\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1108,"size_decoded":1825,"mime_type":"application/json","magic":"JSON text data","md5":"5d9e96bd132a2c24281ae50f2b09efe4","sha1":"503ea18100d0f1573baa195933355a1372e93841","sha256":"7f205b18b5deaae96622989dbc8ad73999a9616e96ef26d909f19525deadb328","sha512":"ab5a589dc81944d2fe05d656777e9e490d42a2fd68c7e577387cfdd47c9b0c5276ca2f91a3868407c373e500d00bb5360a5ae035c7c0cb1addf47f20755a268b","ssdeep":"","tlshash":"fb11c6101c6f12c8d6e8d29263503345388d8b76056db91b69d6b74fae0583a32120a4","first_seen":"2025-08-29T11:05:53.144028Z","last_seen":"2026-07-02T13:50:16.788262Z","times_seen":1776,"resource_available":false,"data":null}},"time_used":2214,"timings":{"blocked":1865,"dns":0,"connect":0,"send":0,"wait":346,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.678Z","timestamp":1782908599678,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/webp\r\nContent-Length: 35652\r\nConnection: keep-alive\r\nEtag: \"460db28ebf94215162fde2f45aa09227\"\r\nLast-Modified: Wed, 10 Dec 2025 10:48:14 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=61WCDzmyOmIC7JIQoY00ew1KhEZMUMDXXMZMz7lvcQU%2F4lhBLc6ZOjM3f2aTYcqzK0AJ9%2BpFmzFQGqOYfCSRNS%2BrWGtslq838Ln0xpNwtokcz%2FjajLmHR7a1FLWLrPmt0G1Jf5inX8vxy%2Bkps9mdkzI%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 5063\r\nCf-Cache-Status: HIT\r\nCF-RAY: a145619d1e075def-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da23e0e674c\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35652,"size_decoded":36810,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"460db28ebf94215162fde2f45aa09227","sha1":"0225f7e91dc41547efad18932766b6c015ad8067","sha256":"6f2bb6b02eec8a75b36f50f9a85e80a7153785bb31d41c7204bfd276c6407fcc","sha512":"e95968ce697aedd21f9c2bca132aeb5704265c25d540eda3e4d08832b3d0d0e71e454d137ed5de531807499279ab56121b0a5975f340670b2ece902d60fbcc0d","ssdeep":"768:tNbBFG8Mzu+7ftXGrZ98VqOhCHza3+conChKku0aOwq9J9r7Z1I:bDG8MZh2rZQqYNUkWOR9J5jI","tlshash":"44f2e18ec1c932eee97bc29101be2be0ff89966bf15857662dd2c0c98e51311848fc5d","first_seen":"2026-04-24T23:10:16.885462Z","last_seen":"2026-07-02T13:50:16.768386Z","times_seen":438,"resource_available":false,"data":null}},"time_used":1016,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":666,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.679Z","timestamp":1782908599679,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/webp\r\nContent-Length: 37528\r\nConnection: keep-alive\r\nEtag: \"906ab41cba21ba54bbb80ed3dacbb04b\"\r\nLast-Modified: Wed, 10 Dec 2025 10:48:21 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MiiYJPDHeYCZmmqXgqhnGZqw7INCkqBA05BvV%2BbtC%2B%2B1US3e4C07vRnFpT6uk3A4RGLq1OrJCCpSUck%2FsSFdDAj%2FIdwDSMnD%2BrpIVsEuyKbZuQgI0EiL2u%2F3t3Mrr3ujy4%2BjB68Ose6VWfualwLvMGM%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 48195\r\nCf-Cache-Status: HIT\r\nCF-RAY: a145619d1e50e2ff-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c219f1da23e0f5e6a\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37528,"size_decoded":38693,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"906ab41cba21ba54bbb80ed3dacbb04b","sha1":"e08f7dbbfa8dbd35da5d1dcd0f053655549ab960","sha256":"a1ab44f6e154a62ec1ef0e0298fd9b4844f915511f4f611b7c0249fe0c18cf96","sha512":"e2f606f28782502ed4817ea9526830bb828b6519748e5ffb9877151958d0e4b971f028c39fe42c321df89af615265f25fce12495edfc0a668b07032b17b38f1e","ssdeep":"768:FlLwXc9bK7xo/wY1n6usZ+BDB6rZgXCEMyLjPzfQ/rbRe:XLwc9e7xoR5BDCgPMQfU3I","tlshash":"56f2f12f58773be86d763b7184e94068b008659b7f4b0c56087f338b866f73617e11a6","first_seen":"2026-04-24T23:10:16.777817Z","last_seen":"2026-07-02T13:50:16.627111Z","times_seen":436,"resource_available":false,"data":null}},"time_used":1226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":874,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.341Z","timestamp":1782908600341,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:25 GMT\r\nContent-Type: image/webp\r\nContent-Length: 77072\r\nConnection: keep-alive\r\nEtag: \"81934df1c48f153ec91149ba3c3beb37\"\r\nLast-Modified: Sat, 06 Dec 2025 06:20:21 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PwsLia5tiFETvjU0JC73fce8di1m2xPNObSqWqc2EZssIF7gwV8h66kc72pxvQl2XUngzXeiAbER4Wb0%2F8uUM5c%2FFyGIBXFb8Kqo%2FWpVD3hwuKbcP%2B%2FaLZ0aOgAkXABGfaypgCMDZYIknZuHTgyjzhs%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1496\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d3c8b60dd65-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908605=rl9fHSIY8CX3nBFMwcz5hHAgtcnAILDmt63yQRZj/5h8SgT8CpoVtOcxJ8FTz6zkTPg2Jhk0HreHVFPoTTuKAGYYTsqccuWfa38FkfTS2guWTohMUW/xQFy5dK1gc+p8PoIMETXRp+eQpLSkZgRyhz2JRVfQrqgIdnEkFMfe+Ej9qZ36pRTwerk+7lrF0/I2\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da255039c7a\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77072,"size_decoded":78227,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"81934df1c48f153ec91149ba3c3beb37","sha1":"263dec3db6f316ad859fae46f18adc5cbb9e5c61","sha256":"9393129dc2d2eb90aa6b0e3cae170e77eccc785d4fca575804e1d25a2bee1383","sha512":"9d322a35877bc71c33fad174b47d6377f214fba0f11bc6a6180c5032765a9f4332354a4e6192a33049ab7a20a79ef58804de08d54098f64d8511c08b50e2b6ca","ssdeep":"1536:vow5Jv2vmGSpZk1IdIwZojJkcFgxPAifiE3TcBUPpCoS+LsAEZhO96:vowCOGYZk1w7q+PaE3T8uS+Lr2hO96","tlshash":"a573127b5c2c0bb32fc676c6e2e9b5c82cc817b1478556cf5b7958af95a4311232c02a","first_seen":"2026-04-24T23:10:16.861629Z","last_seen":"2026-07-02T13:50:16.770912Z","times_seen":431,"resource_available":false,"data":null}},"time_used":6254,"timings":{"blocked":5197,"dns":0,"connect":0,"send":0,"wait":617,"receive":440,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202502/_webp_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.354Z","timestamp":1782908600354,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202502/_webp_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.374Z","timestamp":1782908600374,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/chunk-common.1781011881923.b470d60e.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.392Z","timestamp":1782908593392,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/chunk-common.1781011881923.b470d60e.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-27606\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da22c957492\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161286,"size_decoded":36940,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"08afa88982cffd7b96a2190cdafe1c42","sha1":"abb87563ff4cd658f4436118c54f3f39c08f74a4","sha256":"8673d3fc3524eb9d8b4020b3da3109aa5ab5e569ed8d0074f2b72b8643f813ae","sha512":"70c9df3dd7b3e3d41a607627c6a2750f43673649dbd55c7a56606a7d3e67382cb2991f146f7ad2359cc5ff1615f9db484b54642917150351017d0fa4385c3d2f","ssdeep":"1536:jBY8bgGcdWUa2UTY6eryXHuLmbErF/G7D1dMI59H64likx/vocGAClVbGD3tFk7u:jBYCRTY6wjFetH64liC/vocGAcgD3t","tlshash":"65f3e8c5b3a0f07e9a1ed53779331499b12f758274c87c60f1a1ade6bf1a704a436ca8","first_seen":"2026-06-12T19:29:57.317434Z","last_seen":"2026-07-02T13:50:16.624066Z","times_seen":157,"resource_available":true,"data":null}},"time_used":2397,"timings":{"blocked":1804,"dns":0,"connect":0,"send":0,"wait":383,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor.json?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.668Z","timestamp":1782908597668,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: application/json\r\nContent-Length: 646\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nETag: \"68dbcacf-286\"\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da23643556f\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":1261,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-07-02T13:50:16.718783Z","times_seen":1944,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":335,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/heying.d446c85d.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.737Z","timestamp":1782908597737,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/heying.d446c85d.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.353Z","timestamp":1782908600353,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.361Z","timestamp":1782908600361,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/653a5fadd90b4a7e8ce1701d4b699094?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.362Z","timestamp":1782908601362,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/653a5fadd90b4a7e8ce1701d4b699094?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/9dafb490add16b2663c21d290ee8b327.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.3.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.399Z","timestamp":1782908601399,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 May 2026 05:13:55 GMT","end":"Fri, 14 Aug 2026 06:13:50 GMT"},"fingerprint":{"sha1":"7B:E3:E8:7B:91:D6:3E:9F:F0:F7:3A:7C:C5:7A:54:CE:9B:6E:14:ED","sha256":"68:DB:B9:F9:00:0A:BE:FD:15:45:47:19:18:DD:59:D1:DD:43:B2:42:8E:7C:EB:50:14:F6:0C:3B:FC:5D:CD:67"}}},"request":{"raw":"GET /202/1/9dafb490add16b2663c21d290ee8b327.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 01 Jul 2026 12:23:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 10674\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"a14e3851634a4e52557e01d33864b45a\"\r\nlast-modified: Thu, 23 Apr 2026 15:00:17 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18BDF942ABC3B8B9\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 89\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FPzTwdrc6dlKON8QcHpaNZWjBcXm29BcWHg1ghZAkKT3%2Bdckm5Q5WB9%2BFn3I%2FnNGbG5rKeNTNsR0lnbYIRIG7QvkRZ0DIpKyP7OSZuXfibxBbXMMgIg3jruJV82cvPQo2blkhw%3D%3D\"}]}\r\ncf-ray: a14561a919171525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":10674,"size_decoded":11621,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a14e3851634a4e52557e01d33864b45a","sha1":"0c7c29ab0e5204b17b45470c9405ae9db77c394e","sha256":"8b0c8b8edbfe14f10bf64d5ad6343034bf14fb5b6427b693e1be0fd3f2e5304f","sha512":"8ca9319f56bc4059a503332ed35d7f1e52ad55566c356eaef3249acedda6cacb72d4929441deb2b6b3975668568ff49087888d515d356c4ecee9c8f3aaf5c7ef","ssdeep":"192:BdqInyMZnJgWgVytL4VAokM2h/0AXkJvYkvltsTm63D8rw5IIN/jSk+5c:OIyMTeVy12AokB1tQlKSw5dN/2k+C","tlshash":"a222c0539537b427ea91e81b186da823ce810532853208c662b460bd2d6bf6df6e8137","first_seen":"2025-07-02T05:27:53.707214Z","last_seen":"2026-07-01T20:27:58.454654Z","times_seen":81,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":346,"dns":0,"connect":1,"send":0,"wait":5,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/index-399e2569.1781011881923.9d909473.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.400Z","timestamp":1782908593400,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/index-399e2569.1781011881923.9d909473.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:16 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-5cdf\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908596=pvFJUsf8pLm12V/hEni5BP/JswMFGcRv91LURibrWHeFm798h/RyC9pd85r1im2io8X4krCNhWRq6A7WcFRYGIo3zxvRoOqHCs5lH5OU3LunlEQ7xu175s3ZQrj2YazV3OdcvHP98+uV+E0/6CL5qGmo1b7FDC+2gEqTATYSbZUNgBKd0VnPAHDfa12X2k6S\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da22f3e6738\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23775,"size_decoded":11338,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23775), with no line terminators","md5":"a89a32dae8cc80557b581a69e02f0d02","sha1":"00f9cfeca127af0a139c0670ed8d2e2e7ccf673b","sha256":"6f97c8ce9605a8e9e80a699696c70ec26a4b9bce20badaa6947bf4e5ac52e9d2","sha512":"2ca5bc054575932085e6cd6529613a94f145aa9a3b7731fb85b97b27286a882043110ab45b7eb4673228185ce1560b47968d3aa7b77492f17abf82e778076a9b","ssdeep":"384:pZTANHmDGIaVPkrTBTcK8K+Ehn6A3zgJ9Ks/fT5qZsxbt85F3oWf0Af/nwtU8Zci:znDGIYPkPVf8K5hn33UnKofy5FYxAfPY","tlshash":"e2b2b6e63392bdb8c24f9676f23a58ecc43f9141c30fc4f8d265bd947d98644aa92784","first_seen":"2026-06-12T19:29:57.227313Z","last_seen":"2026-07-02T13:50:16.819311Z","times_seen":153,"resource_available":true,"data":null}},"time_used":2918,"timings":{"blocked":2484,"dns":0,"connect":0,"send":0,"wait":398,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.161Z","timestamp":1782908599161,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: q+48fuoVbNK3lHFcbasMcM2S4ZAyrPtUgVert+Sh/NERuKA0O8LU6apnu8QG+beSgUAzjWcSlGZKb6LKFzvBmmd/f6rtyqoT0WRV8/vImHODne2nz8aOVXY6f8s1E34vCSxD0zcXKa7mCfH8XPVswwCvYoldFkWXTs0MZ6FBQVg=\r\ntimestamp: 1782908599137\r\nsign: 2cc2t6a1962f4913\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:33:19 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: 5a22f48bff424206be933d51cabb3a9a\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da23c0a74a8\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13143,"size_decoded":14176,"mime_type":"application/json","magic":"data","md5":"a2e0cfe86d09df65f907bf460b775729","sha1":"53f070b194b5de1fa54b4fad596d0097afc02a08","sha256":"f2fbcef0429cf6592bdd3a55e2e46de999bdd0c3b7c1d7d2420fb3fdf40f046e","sha512":"14e1f853977ad6ea26a3cac20130baca2504f7265b2da841a6359942648b5fbb76c7eacd4c3c161a9898b719ed7918c51cb027e947f49813a66a47513795aa30","ssdeep":"384:RwThhSod5zSWD9th2iSEH5ncUnDCO1T33DnIdWn9Sz0Cyz3j:EhzSWDgiSEH5FxR330Y9K0hz3j","tlshash":"8582bf058210f394eb2300ff1a0151c9741bab71cbea9a74c57bd9a25e9f124b97d2fa","first_seen":"2026-07-01T12:22:34.34484Z","last_seen":"2026-07-01T12:25:15.009903Z","times_seen":6,"resource_available":false,"data":null}},"time_used":913,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":907,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.389Z","timestamp":1782908600389,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:31.636Z","timestamp":1782908611636,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nx-request-source: https://18114.xyz\r\nXign: rh1hDmZsFsxAhaa1JcpDU1aXr5tihs/fn57p435mWyVjG6ZMg5MDQXc3Do0KQMQCojoNfvctro+VJ/pTdLCdmHmAEoE6R5p4Hzx30XcMjAIxeZjp1xe1Dmc3Ec9JYbZL9UldysKWPaRLOYQoZG1jeMvj1yj82ocd8MS4upneBMg=\r\ntimestamp: 1782908611632\r\nsign: g7a6h3k3hj2u1s4u\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/35142.1781011881923.1d227afa.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.435Z","timestamp":1782908597435,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/35142.1781011881923.1d227afa.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-530c3\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2356074a3\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":340163,"size_decoded":94183,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64894), with no line terminators","md5":"8325235b613820a57b71043f360e5b36","sha1":"925ff977edf9892e868d43915f93d29e6feeb113","sha256":"0c505f39a463b09ece16c213b7ead75186dcdc26d25ee02dcba5a62cc0dff7c6","sha512":"efd16c9b7ff0f806890ae77542e8c0d4e954f8c797ff21b8dcde3f240e4940ca3c6d0fe75ee2fda35bf53ff5d0eb691fa7e38cfdfa82c0f231b0cd57458fbcf2","ssdeep":"6144:N0hEyLkbJDb7w/1FOAmBm7cene7Ancbt8sbyAkKJwoSlt5MMjmlHGwwzHUY9SroE:N0hEyLkFDb7w/1FOAmBm7cenaAncbt84","tlshash":"8a742b94b290b17883af86fb731a91a1d24d0e9460ccace4f27e6e407f15746b8775ec","first_seen":"2026-06-12T19:29:57.248751Z","last_seen":"2026-07-02T13:50:16.706979Z","times_seen":137,"resource_available":true,"data":null}},"time_used":1581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":364,"receive":1217,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_web_2.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.740Z","timestamp":1782908597740,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_2.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-a049\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da249f474b7\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41033,"size_decoded":41400,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"66036fddf71ff69f45c146ca63883070","sha1":"4b3076a271d5042ef1b6cffc2ff49f421a819f08","sha256":"93c59a52fe04b0050dd4552a135177533afbe2dec54f10c516610b0dee857e0c","sha512":"29c2fc65e144e5d13c011e4897e0bdf771c7b4c249875eca4fa25589625696c71ec015e7e8ef3a5ee45f2a6ae9df3663da0bb736a6fb13c9628f0d0957827c71","ssdeep":"768:6eyNeN9huVfPKv0KhazApErcA6cFKSkS+pbTCx81TxUqIUgYWxDHc9wZGbYGniRl:6eXXh8KcQakywKK++tTCi6xD89HbxiD","tlshash":"b003f15c4c413e7777f19baae00ac84224d11fd4fdd5e3e61a8bc659a843a68bc2540e","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.78749Z","times_seen":1799,"resource_available":false,"data":null}},"time_used":5772,"timings":{"blocked":4979,"dns":0,"connect":0,"send":0,"wait":793,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e9e3188828604362ad9454574ca9ceff?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.391Z","timestamp":1782908601391,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e9e3188828604362ad9454574ca9ceff?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 20908\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 33347\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"e9e3188828604362ad9454574ca9ceff\"; filename*=utf-8''e9e3188828604362ad9454574ca9ceff\r\nContent-Md5: b0nlXEQg4pwRmWvB6V78zQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FpBt7rAg4m_8zJ38DNE28DTKtAJu\"\r\nLast-Modified: Mon, 22 Jun 2026 19:05:55 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: GTm1z2Ob6\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: xFwAAACjaaCZC74Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":20908,"size_decoded":21664,"mime_type":"image/png","magic":"PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced","md5":"6f49e55c4420e29c11996bc1e95efccd","sha1":"906deeb020e26ffccc9dfc0cd136f034cab4026e","sha256":"79404bd69925ee4b10c476649a36f34d0975a486a1c1a9617b79d4a5c214f249","sha512":"b7a764a9e034fd6d74c11fe189930a9a2a84a5dd1453352636c3c966683932e6fa2903fd40ebce2fe62d27fd384fa76f3918e4683e2b9ba9964e37da4f8ce42d","ssdeep":"384:Mz081+ZLdcNZwlLglwVBb7VrRSr8BoG3O0j9XGh27yOZkj3QQPgu5zq:MztEUw9d7/VrRhz3vj9i+OLb4u5+","tlshash":"8792e0679de2a3d8167d05b6e40f797efb93124fb00043eca98379ca8241dd0aa19263","first_seen":"2026-07-01T12:22:34.400919Z","last_seen":"2026-07-01T12:25:27.30964Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2480,"timings":{"blocked":2154,"dns":0,"connect":0,"send":0,"wait":304,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/home-bg.1e09954b.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.409Z","timestamp":1782908601409,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/home-bg.1e09954b.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:10 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281706-fae\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1492\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da247f874b5\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4014,"size_decoded":4738,"mime_type":"image/png","magic":"PNG image data, 278 x 80, 8-bit colormap, non-interlaced","md5":"ed0eb6c81f949885511fbbe4d666a2f0","sha1":"d74fb98c3b01727753bb182eb5ee5d6eedf3da4a","sha256":"7fecf4ed61ab1535aafe2800474ac643b49264b83f54fc1da596d7334868ae75","sha512":"dd2f749e24e6b35f80fa77856c9c8b1cb1e0cacb9250b947403283e152d8bb9e7bf539df00ca6743d4162aeac014e47ce82191b62847fabe6cbb5693b4cd7fec","ssdeep":"","tlshash":"1a816c7eb31a4997296ff194138b387d74b0709d0b546934388a9c31a4791fcf39e526","first_seen":"2025-08-29T11:05:53.155399Z","last_seen":"2026-07-02T13:50:16.629338Z","times_seen":1700,"resource_available":false,"data":null}},"time_used":1086,"timings":{"blocked":792,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/api/sport/match/player/match","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.422Z","timestamp":1782908601422,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /api/sport/match/player/match HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nx-request-source: https://18114.xyz\r\nXign: l6S7Uy+r5sr6tSQId52ts04phLNR5Z7vjfzRNett0k1FLGi6NwClEmfwaH0JlNwlsz/ihE+b8o006RApxNimruVsqM0v0hbBoZ0uAd6UUQ0p9IIVnJRlVLcPqTuGjgKLXjEzbXnMBBZJs4T0Cl1LXq3wIa9B9x+8TSi0teh9Kl8=\r\ntimestamp: 1782908601361\r\nsign: 1177h54402ja5s11\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da244df6757\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":688,"mime_type":"application/json","magic":"JSON text data","md5":"ad1b5cbc37e087c212a41eca07a863ae","sha1":"f990fb40077ca4c90bbde8ffb87c73e1c06fd931","sha256":"0fca88eefe8bb5f59242b88e2b8b179148a088b4cde3499e1c56fef8c84c309a","sha512":"fe056eef22791a958cc37f63c1cc4b3f35bd990c34d1d321f34504b7b99769b571fe46cf18ede31f7ca0e564baf63aaca9d4f3601395bd7a3ce424e50a2aaf87","ssdeep":"","tlshash":"56a002473a282ea49bc31066b50e7a5500a421749a55f469cc8e623dc755453b546531","first_seen":"2024-05-26T00:49:06Z","last_seen":"2026-07-02T13:50:16.655557Z","times_seen":1817,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":478,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/bucketimg/cc0812c4-2802-41c7-8bd9-a4c28c15eb86.gif","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.533Z","timestamp":1782908601533,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/bucketimg/cc0812c4-2802-41c7-8bd9-a4c28c15eb86.gif HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":302697,"size_decoded":301147,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"b7ad12fe390d68c88df2db78219cab9c","sha1":"078960add6b85bc7199d3cc2de4714ff0e3a24ef","sha256":"a596d3cbec189f8c534cd58299ed7a13e56e515d14be3129984b219461d83612","sha512":"b15aee2efafb21410b7b89c4269f59cb86bafcff8b1f2238ed24c61b0f13959a15355005ff7eb645d8d182f02afe48c8867bf6e22d5d5a401a36dfbf86f7e162","ssdeep":"6144:fBOLj+QpSwjHvIJFo5AWMAUoGwhw2gWcXFyZNDyfIJmFvF:fQLj1pPjHv1nlwIhcXw/8IJ+","tlshash":"66542397426ccc571c4da579e80e3f1ea706556cfd119e3b50c5c4c23928a6dbcb0aeb","first_seen":"2025-07-30T05:00:30.953127Z","last_seen":"2026-07-02T13:50:16.665305Z","times_seen":141,"resource_available":false,"data":null}},"time_used":2315,"timings":{"blocked":962,"dns":0,"connect":0,"send":0,"wait":670,"receive":683,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.152Z","timestamp":1782908599152,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nx-request-source: https://18114.xyz\r\nXign: HecNXIgHuYfzWxAZu8fRWCzEfYc8zPzmeh/QE1gq7i/OYJN5tzFCXmsUGZQM2w8bOMKeuM/1KJfMbMlCxkmtsSDLySydyYYqnEp+eu5OsZXfASH08dIJR/wSKt9NPTSOwI9BT5jntH9BGbHf8NJNVWsJx3I0wb+b4NanbsgthiY=\r\ntimestamp: 1782908599132\r\nsign: f3177e3n3228396a\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: GfztyreFxPFjynyKjCpcMWG6kE6dZMMM\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da2431b9c68\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12972,"size_decoded":3389,"mime_type":"application/json","magic":"JSON text data","md5":"00189562fc362956b372eae5f4feb994","sha1":"f7d7897c4b12c59897431f85e4c258c4d6c21058","sha256":"278679736e2601d65a79409306103e2a09df7735505d1a9b91aa2440e4f172fe","sha512":"c5f00014c77d201e5a7bf954a5976c67307bff8d8c08842c31f8bc66b63bcc5021503068e3cea0fb63947e2b3f038f3fd66a786fb7f432de41ffed9a214e2bce","ssdeep":"384:e7TJHpWEmzO2mhzAZMr4aQ1qarNJxbkst3byGNnHMSNdD5J7vW1huDJf3fzBZOiK:evJHpWEmzO2mhz4Mr4aQ15rNJxbkst3i","tlshash":"dc42db9681dd18e92b9c61d55d0e3f4d88beb95b0adef5d5ee0e8f0860b43f78204d22","first_seen":"2026-07-01T12:23:11.66273Z","last_seen":"2026-07-01T12:25:27.323941Z","times_seen":7,"resource_available":false,"data":null}},"time_used":2116,"timings":{"blocked":1815,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.386Z","timestamp":1782908600386,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9e3685adde5c435aaec88ba9ab819c82?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.327Z","timestamp":1782908601327,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9e3685adde5c435aaec88ba9ab819c82?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 2886\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 73337\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"9e3685adde5c435aaec88ba9ab819c82\"; filename*=utf-8''9e3685adde5c435aaec88ba9ab819c82\r\nContent-Md5: /JNO9fZwnxZanpr3IuQNzQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fh83UtkUpZhi6KePsn2gTOPyS8DH\"\r\nLast-Modified: Sun, 28 Jun 2026 03:26:26 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: lgi5wTc1q\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: suIAAAC-PDA6570Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2886,"size_decoded":3641,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"fc934ef5f6709f165a9e9af722e40dcd","sha1":"1f3752d914a59862e8a78fb27da04ce3f24bc0c7","sha256":"9b3b1ca31fd9fbf33ed531384974069d56c334da7b7b3f73248619dabd8f277e","sha512":"e05b18bd90b4c10f7777e6636ec900c31217c7a1429fade886ec3367e02c7598f03ccef7c6112d20768df10352f3fceca11cc0daab37da7a43c494dec11cb98b","ssdeep":"","tlshash":"66512d4f8cf76c55e124c341bef43b7a88147a326e021a2fd452fea2678793107af092","first_seen":"2026-06-05T08:53:37.831916Z","last_seen":"2026-07-01T12:25:27.315195Z","times_seen":60,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":-1,"dns":3,"connect":239,"send":0,"wait":239,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/51796fd20a3b425993b53ac30d2df4b2?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.379Z","timestamp":1782908601379,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/51796fd20a3b425993b53ac30d2df4b2?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 6742\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1540\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"51796fd20a3b425993b53ac30d2df4b2\"; filename*=utf-8''51796fd20a3b425993b53ac30d2df4b2\r\nContent-Md5: 0IF21mr1u3HxdQ4F4OTUDw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fm5eZo4Y0-Jub2H7bVoGFQk-zoV-\"\r\nLast-Modified: Sat, 27 Jun 2026 03:32:37 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: oB8zq2uAq\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: DpwAAAD4iDeHKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6742,"size_decoded":7496,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"d08176d66af5bb71f1750e05e0e4d40f","sha1":"6e5e668e18d3e26e6f61fb6d5a0615093ece857e","sha256":"51f8a476e45d6e1b8fb41bc587d885f19201d32de15a3f19650c5e1e0717c060","sha512":"cd45334ed98f4382d571a440262eb2301656fc988618dc1eb2c1f94afa7eb693e4ad3b3eb7b66c7ae109aac40c31af518bb275ea1a5c724f36398b2bb14d2614","ssdeep":"192:RIAUmNpIcOMt1UtB6wdD0EZjA4HbRpJf4JKRsP:RWallUtBXdD0ef94CS","tlshash":"7ed1ae99306bf22de2e179522b0c1304e6a7c6b879b060d010c7b86bde64561f699e2f","first_seen":"2025-07-07T01:35:39.898613Z","last_seen":"2026-07-01T12:25:27.31633Z","times_seen":16,"resource_available":false,"data":null}},"time_used":1875,"timings":{"blocked":1603,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/logo/logoWhite.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.735Z","timestamp":1782908597735,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/logo/logoWhite.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Apr 2026 05:40:09 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ccafb9-547d\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1497\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da24e4575c4\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21629,"size_decoded":22175,"mime_type":"image/png","magic":"PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced","md5":"0fe99b7761db545277ab76a5eac225b7","sha1":"c0ae9d5f9473be88b84d7d46d1efc51283a57a76","sha256":"e74b087729f820069fc590a73411d4b19d3da8a22ad1d127d4e4109be832cd97","sha512":"848f1da518a00ef98cf0e70429260b91720d3f139ed89714536d0a267aaacb8acb9779dfb1c0b42b134f81cb1ec0f5af97a160f1fc327750b111e88d7c6cc239","ssdeep":"384:Ok3FHRYfLVQEST+Yh9YDQiIkXnq3H+PxYi5JLL5PI4v2Kee/0Aytd:nFHRYfL+r9AQiIk0H+ZRGQHee/yr","tlshash":"aaa2d0d63930414ec49128de0fc1b9285cb6858847fd1e944f9f5eb2b4a3df62b4b368","first_seen":"2026-03-22T09:12:55.770605Z","last_seen":"2026-07-02T13:49:21.844174Z","times_seen":564,"resource_available":false,"data":null}},"time_used":6681,"timings":{"blocked":6083,"dns":0,"connect":0,"send":0,"wait":598,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/noData/cms_noimg.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.426Z","timestamp":1782908601426,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /kc523-1/noData/cms_noimg.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.430Z","timestamp":1782908601430,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/webp\r\nContent-Length: 48628\r\nConnection: keep-alive\r\nEtag: \"170614bf75e281d0f05503cdeab75a59\"\r\nLast-Modified: Thu, 19 Mar 2026 14:50:59 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vo9OrHTxG%2FW5dwkTQoQ7uEr%2F%2B%2BR6AM4UxYXG8dDjsDglz1wPJKnodtivQ5545EmzRpcT%2Ffaye7uoVGx3PS1uXTK5ueqJC4Dth2ncKnncp0xb%2B4ukYnxWBNhaChk21a5C6%2FUylr5j4Dz%2FnlGSLf7oxKE%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 1492\r\nCf-Cache-Status: HIT\r\nCF-RAY: a1453d45a8afe34d-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da24c1f557d\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48628,"size_decoded":49789,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1196, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"170614bf75e281d0f05503cdeab75a59","sha1":"32025008b56adf94f2a64724f1b00f55939db943","sha256":"010f104d5782b172955179537b5945b89f7a5ac32185a63d67ea5405d5c13733","sha512":"e11fa01405248d40ad8f95f335734207193356f418418955cafc6ebdfa04f5a08d8e304d23c34b211fd9dc7cdab36710694ccd0585c79778a156bf214750346a","ssdeep":"768:tk9BmrgO1s4wjUc8pqYtHwHGvhSgV1iCdmcmxWSqZA16T2rrKhv0cQ6ZQOc4vS9P:tkbmrgO1srjUtkEn5LTdmcmxnqC0aKhm","tlshash":"4223f124d4de0cda1978e776f637574cdb8b325fabc4601f82c9499f800ab04c6628ee","first_seen":"2026-03-20T12:57:26.684793Z","last_seen":"2026-07-02T13:49:21.910145Z","times_seen":536,"resource_available":false,"data":null}},"time_used":2437,"timings":{"blocked":1797,"dns":0,"connect":0,"send":0,"wait":428,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/13575.1781011881923.cda1d494.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.395Z","timestamp":1782908593395,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/13575.1781011881923.cda1d494.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2f964\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da22e1d7498\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194916,"size_decoded":60169,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"65e5fffbcacf52710ad963a4aeede3be","sha1":"f9c16a3c86649aeacf18e736faacff0cf78192e7","sha256":"36f42498ee253b0d1d5e7ec8bdf406f05c4c91e72f64169b1ff67435d2069099","sha512":"96e8263c115ca75ff63f6ce70ba8ad5af370662f86c2f95a8960a5aa5a30ce4134fa01d7fbd1694ce37f111b69e3e418f0542a7ab1bae4cec570c8c3d8d08986","ssdeep":"1536:917BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:7jHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"23141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","first_seen":"2026-06-12T19:29:57.266361Z","last_seen":"2026-07-02T13:50:16.799032Z","times_seen":156,"resource_available":true,"data":null}},"time_used":3162,"timings":{"blocked":2195,"dns":0,"connect":0,"send":0,"wait":372,"receive":595,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/noData/cms_moren.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.746Z","timestamp":1782908597746,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/noData/cms_moren.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-4d14\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1497\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da24e5a9c75\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19732,"size_decoded":20462,"mime_type":"image/png","magic":"PNG image data, 215 x 214, 8-bit/color RGBA, non-interlaced","md5":"f3c825751a70d4aad8da2ce57f76acf6","sha1":"732da443668abb03a79a70df2d0ea8d801158655","sha256":"c395f4c1941459ef620f6df95fabd39f9ac98e03f6a389886bf224157557ce41","sha512":"a3b3fa2a216c10d331fea4771b916825d0605b94e21ac242d152d7c5e4b984cf3baad7a3fd071dde3432162037514d756cce1a0f699baf3dc98eaf75483c91b0","ssdeep":"384:64pTwcIHFqFpIlD8SqhwFLW/na2PvyQXSOKvOi58KUezsTT5ZOon:67XlROe8WvOAPHQv","tlshash":"a592d0d8abcb6705bb132b43b941a3558e0dfd6a130b9bb131782805ee16151e8d7e3f","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:49:21.872739Z","times_seen":1799,"resource_available":false,"data":null}},"time_used":6730,"timings":{"blocked":6099,"dns":0,"connect":0,"send":0,"wait":618,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/28690defdc07444db5c2d184fb7ab24e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.394Z","timestamp":1782908601394,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/28690defdc07444db5c2d184fb7ab24e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 23897\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 73212\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"28690defdc07444db5c2d184fb7ab24e\"; filename*=utf-8''28690defdc07444db5c2d184fb7ab24e\r\nContent-Md5: b4saHNljyY/3+Zz+RrmPAw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FnAUou1ZA74FwIhqtmFy1YEi0v1q\"\r\nLast-Modified: Fri, 29 May 2026 03:41:11 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: AB50wljYn\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: ZIcAAAD-6KBX570Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":23897,"size_decoded":24653,"mime_type":"image/png","magic":"PNG image data, 130 x 140, 8-bit/color RGBA, non-interlaced","md5":"6f8b1a1cd963c98ff7f99cfe46b98f03","sha1":"7014a2ed5903be05c0886ab66172d58122d2fd6a","sha256":"552ae0824cc623975ca001fa578423000c9659f0ab737a8c87ca83c182f094ae","sha512":"ebd9652f3f50523fecd89cee6253f2459e7a604fb2cdf9fc05876b59788ad55f4984ba41483f30be30209661f3a73cfa90432d9b048189d0bdc58d062bfa0659","ssdeep":"384:EZbmXt/aDFOwB7/CZbMO7cDHkOyzbk25o2udm8wfGo+iOHHZx4601ID2cc416uDK:EZbm9/aowo6EPw25oddmZOZO6iID2v44","tlshash":"46b2d0ec246196cae91a4e0c3b4e30fbdfb6924dd31d1dbce16eb87165a43b0d60844c","first_seen":"2026-06-30T17:45:02.129741Z","last_seen":"2026-07-01T12:25:27.384256Z","times_seen":41,"resource_available":false,"data":null}},"time_used":2716,"timings":{"blocked":2379,"dns":0,"connect":0,"send":0,"wait":291,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d089744e7fce42ce9d61f7e90c33fa82?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.401Z","timestamp":1782908601401,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d089744e7fce42ce9d61f7e90c33fa82?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nContent-Length: 160280\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 51789\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"d089744e7fce42ce9d61f7e90c33fa82\"; filename*=utf-8''d089744e7fce42ce9d61f7e90c33fa82\r\nContent-Md5: HttqgGmJUmYb/2dUkaM4cw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FmX57YZtAm2KZysSqa0IvylJE-PF\"\r\nLast-Modified: Sun, 24 May 2026 20:40:44 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: 5vRanS1S5\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: ctIAAAD4ecvT-r0Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160280,"size_decoded":161037,"mime_type":"image/png","magic":"PNG image data, 509 x 509, 8-bit/color RGBA, non-interlaced","md5":"1edb6a80698952661bff675491a33873","sha1":"65f9ed866d026d8a672b12a9ad08bf294913e3c5","sha256":"ca2641273fe68c51ff86befa21a3d4f0f0612f48fce36bf5f1da974a999fa05c","sha512":"3fe55d50d9c9076f3f62c45ad873f5b2ccf4aacf1a77ae0ce220ec1123d90cdcf69bb1d58a7c8d14d37244b7c359aaa323eab862042cf702b0722d3575474560","ssdeep":"3072:SdqiVk5H4wkQdgOORqhF0/G2AvKJQV9a+YjFioR8Zw9X//czdOWBMO8:kqiVkimOR6jnkqDYjF/R829X/I4X","tlshash":"99f3120e4b4d5c76b82bc1c5a62ec357000919ce6317b5186f51deafe0adf6a82932f7","first_seen":"2025-10-09T23:09:00.84443Z","last_seen":"2026-07-01T22:21:02.867459Z","times_seen":41,"resource_available":false,"data":null}},"time_used":3126,"timings":{"blocked":2603,"dns":0,"connect":0,"send":0,"wait":261,"receive":262,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/download/download_nav.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:24.483Z","timestamp":1782908604483,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/download/download_nav.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-2c05a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nAge: 1495\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da250d96767\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180314,"size_decoded":181090,"mime_type":"image/png","magic":"PNG image data, 820 x 600, 8-bit colormap, non-interlaced","md5":"87eaffe415a7eb41b7b4b8a868bb3b32","sha1":"575618003efbf8dc8ea781379aeff463cd0cc498","sha256":"4264138e0c015e52e3efa14e34ce9c52490316935b4667756ea631b96eca64dd","sha512":"2b06fbacffed6de2fb1d4a6db2cbd0d9c5c790f9b5a10a6dceac64ff69d300f20628c465a720102da9bd857c80be886ab0a37848929741d2bdef6eddbe0de8bf","ssdeep":"3072:iWlCRQlVF5aSW/mUdJSu3405ovKFzkRKcZjF9Km/mKg/hPFsQBhXRU0K:iWM2I405oCRncZHL/mKWBhXRU0K","tlshash":"0f0412cc23773ffbf8a0865a83fbc1599c3bfd0824e56722ea1662b5186053145a59cb","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:49:21.892231Z","times_seen":1594,"resource_available":false,"data":null}},"time_used":1325,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":671,"receive":654,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:26.286Z","timestamp":1782908606286,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nx-request-source: https://18114.xyz\r\nXign: pYY04CznQ21NkVGZgJwbjJUl+wVc3md/NwkeNkcGsldwkxkBEH/ZoFOMf0QXjylWbhqydxqCSX8NY5WYISEqIw0o46KA+sn8gMtn9Bug7tknJflCBJxndzfFO2yf+ipmFzmTzNBJbdNzWBhYptUHrqFWUESDjO1afBvpCLur7k8=\r\ntimestamp: 1782908606282\r\nsign: q45766p50d36393n\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:26 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908606=nd9OCJcH8/j3gVTBw2Tu9HBCrF+FQb7dQX9jTPCs4+g182MnFTKwizyKV+Yy4RAo5Dz2xSKPHS4eew+KPCLIsWVADI3ktcwCFWR6yXc3CefMoF8EOp8P3VD/H05ZtdK7ZGKjiGiErSPLYm8ISdBg7pom4oao8b35+nXpD4MiRQ2ZSLU2ccVeTKUsKuf3sMJH\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da257e05587\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12972,"size_decoded":3363,"mime_type":"application/json","magic":"JSON text data","md5":"00189562fc362956b372eae5f4feb994","sha1":"f7d7897c4b12c59897431f85e4c258c4d6c21058","sha256":"278679736e2601d65a79409306103e2a09df7735505d1a9b91aa2440e4f172fe","sha512":"c5f00014c77d201e5a7bf954a5976c67307bff8d8c08842c31f8bc66b63bcc5021503068e3cea0fb63947e2b3f038f3fd66a786fb7f432de41ffed9a214e2bce","ssdeep":"384:e7TJHpWEmzO2mhzAZMr4aQ1qarNJxbkst3byGNnHMSNdD5J7vW1huDJf3fzBZOiK:evJHpWEmzO2mhz4Mr4aQ15rNJxbkst3i","tlshash":"dc42db9681dd18e92b9c61d55d0e3f4d88beb95b0adef5d5ee0e8f0860b43f78204d22","first_seen":"2026-07-01T12:23:11.66273Z","last_seen":"2026-07-01T12:25:27.323941Z","times_seen":7,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/83749.1781011881923.02b71cf6.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.568Z","timestamp":1782908597568,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/83749.1781011881923.02b71cf6.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-16665\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da235f04f8c\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91749,"size_decoded":29137,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64016), with no line terminators","md5":"c1d2645de169d30e7a814fdbd1c1a47d","sha1":"41959bb5171f196d813c4b3c27bb3135d993ff43","sha256":"a400126839acc7fff4ce08e50633afc5560f3eb3e8aae7ec697fff30423bd26a","sha512":"21e02eeba3e71baf0938766c7abf83b68a4f54b149ea679f43c221c429729dacd395ed0e54233ff22be739636dcaf0104cd58083c50df9b6c521fcb2c3e27419","ssdeep":"1536:lcK/KnqHB3vmxuHXvKe+Gruc7iSxTcgOX8JwTl0sI5pQiVFFsdt+H+Xk:rB3vywXSex7HYgOXawTl0sgQi2tkwk","tlshash":"3693e7c4b5f4f5f8279ec5a2973644b8b02527c5b1c8ace0d2e96e147f19b62b0718bc","first_seen":"2026-06-12T19:29:57.252198Z","last_seen":"2026-07-02T13:50:16.625901Z","times_seen":136,"resource_available":true,"data":null}},"time_used":710,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":368,"receive":342,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_web_3.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.742Z","timestamp":1782908597742,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_3.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-9faf\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1495\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b819f1da24a0f4fa8\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40879,"size_decoded":41250,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"c26161f438986f6e2d677c34d653285e","sha1":"faf6c47a013a9944bb8cac197688908422992039","sha256":"58d11e173550b3420b35c4e4be3eeb76b59ac790d9fb59b535ffe55d3b470fa9","sha512":"97649de556447ef6aa6cdd7d0bec46837cfb328335daa3b862cbaa5e23ca5a8f2af296703c9e961cbad02bb797ebf1f99ced2d1d245fbbb3a428e39d26428c76","ssdeep":"768:ub+4OMIuYE3McXMuDR64Q7sRFKJdsCA1Hunj5tyKxGGTVtkDGlT2oTO:uS4OMXYODNDR6XsRFisCAk39t6oi","tlshash":"db03f108254f2d4466ec90bbc7a1e0f7ee1d103dddb7e30c35a685163e46ca559fa0e6","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.74685Z","times_seen":1791,"resource_available":false,"data":null}},"time_used":5871,"timings":{"blocked":5005,"dns":0,"connect":0,"send":0,"wait":810,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.142Z","timestamp":1782908599142,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: LwWgFeaopvOqbD5SIbSB1s/7KXkozcsMG0E7p8ReCiRll3G02yjn0FyI590vmxYmVG4j2yyMQvzYT0qfk2Kq/8V5t4Y7T3SV30feGw/pYdoQWnOjk2XBer6NBM5HpVdMbPhqeAiMc0Df/ogqaDpoENqWQ9yz2sYASwieIhHY2bk=\r\ntimestamp: 1782908599136\r\nsign: 562h456a6u4c6h22\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:33:19 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: 2174d87cd89f417c916bc7e9bd4eee40\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c519f1da23bf776b8\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6698,"size_decoded":7731,"mime_type":"application/json","magic":"data","md5":"90fa38e986b9ae7346c4d62f4b08adfe","sha1":"c0cb86ff10eff336c8e756c7ced69879692b6e91","sha256":"07cafb98f2747a58a543b0fff2dcc6513a86fe11d632b92cb0f1273c05597d59","sha512":"50fa89d985bcc20946d6ea386e3fe43658021b8f39cc38116cd8909da533b4d90084a8f89e083930481d6167d3062c2b16202835fa0ccb4d4f6696da005caf5f","ssdeep":"192:Vgj3/Gi/7YtEtezNE53FsineFc9cId4AaWFV85jkZLk/ql6zs2cB+XcBJu0uwbCz:i/dn8zcFH0yaWFV85jk1+v42cB+XcrlI","tlshash":"c1229f080215e3c0ded94cf5755f2df06a5463a0c5b47efceb58d67b1a8831c229d95a","first_seen":"2026-07-01T12:22:34.295213Z","last_seen":"2026-07-01T12:25:14.941996Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1889,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1889,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.163Z","timestamp":1782908599163,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: e1DOywDoamHqR6kK41B4T+hM/UNgoozrzKrEo1ejnFXL0nVaAMoRMArwRoTzMDWTUq0bMds/16tKzDpK1fsMnG2y7ywR9ByilSygiZgHh9XQs2TOiP3x6uWenozzNRxCQPNF3OqHLGb/NFVHXoVg99fiADOsfgW9kfPyrk1pxDs=\r\ntimestamp: 1782908599137\r\nsign: 86v1f6m4vf1a1u6e\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:33:21 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: e32e21d42f634acc985b88134a200471\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da243475574\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6698,"size_decoded":7731,"mime_type":"application/json","magic":"data","md5":"90fa38e986b9ae7346c4d62f4b08adfe","sha1":"c0cb86ff10eff336c8e756c7ced69879692b6e91","sha256":"07cafb98f2747a58a543b0fff2dcc6513a86fe11d632b92cb0f1273c05597d59","sha512":"50fa89d985bcc20946d6ea386e3fe43658021b8f39cc38116cd8909da533b4d90084a8f89e083930481d6167d3062c2b16202835fa0ccb4d4f6696da005caf5f","ssdeep":"192:Vgj3/Gi/7YtEtezNE53FsineFc9cId4AaWFV85jkZLk/ql6zs2cB+XcBJu0uwbCz:i/dn8zcFH0yaWFV85jk1+v42cB+XcrlI","tlshash":"c1229f080215e3c0ded94cf5755f2df06a5463a0c5b47efceb58d67b1a8831c229d95a","first_seen":"2026-07-01T12:22:34.295213Z","last_seen":"2026-07-01T12:25:14.941996Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2219,"timings":{"blocked":1847,"dns":0,"connect":0,"send":0,"wait":359,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/assets/logo/favicon.ico","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.029Z","timestamp":1782908597029,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 585615\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Apr 2026 05:40:09 GMT\r\nETag: \"69ccafb9-8ef8f\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da23533759b\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":586282,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-07-02T13:50:16.78571Z","times_seen":606,"resource_available":false,"data":null}},"time_used":2033,"timings":{"blocked":380,"dns":0,"connect":0,"send":0,"wait":288,"receive":1365,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/assets/logo/favicon.ico","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.031Z","timestamp":1782908597031,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 585615\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Apr 2026 05:40:09 GMT\r\nETag: \"69ccafb9-8ef8f\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2353374a2\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":586282,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-07-02T13:50:16.78571Z","times_seen":606,"resource_available":false,"data":null}},"time_used":2126,"timings":{"blocked":379,"dns":0,"connect":0,"send":0,"wait":648,"receive":1099,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.154Z","timestamp":1782908599154,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://18114.xyz\r\nXign: HgQp/XRL0NjsZdRRYDe/MfRCrP9IOUBGA07WB0FxYKhFlD84wjdaDPj3MEsZo1LozoLo82GxGClvnqhmbxV4L4o6vq2LhvZ+ADc2MOPSo4INhVPL8HExklbNrApWPaJTYMYFLCNk3Sch+aK2kVuISJE7YmcpdNliSLrT313Az6E=\r\ntimestamp: 1782908599136\r\nsign: r6de501a264f3d5g\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: AHDMtbyjDKrH8krkZF8taEefHpNFb6Bk\r\nlang: zh-CN\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Wed, 01 Jul 2026 12:33:21 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nX-Request-ID: 33a37d16b707467f838875e500187eee\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2431f74ad\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4994,"size_decoded":6027,"mime_type":"application/json","magic":"data","md5":"0ac4bfb154c7b6db1be706a22d55194e","sha1":"2d4ab7640a044a8ff6c9940de519c627e70d8543","sha256":"e6a1f38b6e4b24c2d007b870157ef72feae7b41fb5727e0fc601369f29cc2409","sha512":"22770075f4fbbbe24c5664f0e808f6d15b7ebed360e7a241778273bcc42d85301e3b81caa9298e4419f9d32984fa0c777074017a263a29187d125f894943a00f","ssdeep":"192:VeAetHzMp+bySs25rEOWBGi4K2z6+UUXO/UpScKMolbS:xqHzyuN6LMzz7IUp5KRhS","tlshash":"08f1ae2022a2f780c959d3fd2a3016985049c619f6cbbb38c22b91bf4567c79479dd60","first_seen":"2026-07-01T12:22:34.520794Z","last_seen":"2026-07-01T12:25:14.960362Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2286,"timings":{"blocked":1815,"dns":0,"connect":0,"send":0,"wait":444,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.366Z","timestamp":1782908600366,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.368Z","timestamp":1782908600368,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.380Z","timestamp":1782908600380,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/008ff84c00824b33aacc198871ec7f54?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.385Z","timestamp":1782908601385,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/008ff84c00824b33aacc198871ec7f54?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 285\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1570\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"008ff84c00824b33aacc198871ec7f54\"; filename*=utf-8''008ff84c00824b33aacc198871ec7f54\r\nContent-Md5: OO7E9luOovw8t4Dyfk/WvA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fs_hs8E5v-7cvkfsP13lQ41wNqwm\"\r\nLast-Modified: Tue, 19 May 2026 13:57:34 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: gOBPuaSnG\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: QrQAAABY9jGAKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":285,"size_decoded":1038,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 4-bit colormap, non-interlaced","md5":"38eec4f65b8ea2fc3cb780f27e4fd6bc","sha1":"cfe1b3c139bfeedcbe47ec3f5de5438d7036ac26","sha256":"c3b3471055c704bf25fafe7f575f11414532ebb7e0b7593b9e2ca9da069a370e","sha512":"3072ea1cb6746085fec09c02bc4d07f43554f9b09fc52e1407daae861f08401870bc9be8822c69e90c3a7673c09dd62e286d769b66ae1c0ab8071add4801bd83","ssdeep":"","tlshash":"2cd0ebd39dd38d2c76d224b182400028aa1f809b208ae2916f30f8020c4471abf58240","first_seen":"2025-02-24T02:30:01.366279Z","last_seen":"2026-07-01T12:25:27.303564Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2148,"timings":{"blocked":1896,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/vs.21f89f73.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.412Z","timestamp":1782908601412,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/vs.21f89f73.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:10 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281706-51a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908602=4mc5hMhbJ+ukibimFRa5ZZ9FQA1QqOJd8kY3+5YH7LbJ9hVYcEjNfpDbYG1j6gS22EvJDBd/EYovux9FksPrDzhNfhyg+o5Q0cedJM55xDS4iPVDs2rUmWLAR96qx37oU1TARZJ4VWhxOic6X8AZ1uYGZQkm9XsHBXP0F9vf+jlTEzeCcgiqHaDX5g+J/Zxt\r\nAge: 1491\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da2486a5579\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1306,"size_decoded":2035,"mime_type":"image/png","magic":"PNG image data, 70 x 28, 8-bit colormap, non-interlaced","md5":"41cff06a80e61ee3fcd32f7c29a6493e","sha1":"bb70bb0a3a0fde7a132788777aee629392c756e9","sha256":"3240fcea2e4168dc863b8aea602750e6a1fe11a557c18ac6a381781ef487746b","sha512":"fce7ff9f62b51c4f8994f0a8ec4a56f21570d0cd163471d99b357eb0a9a735c800b389c4a8a611ba441b208cea7eb483140042f5d11ef110b591c1c1898bbb8d","ssdeep":"","tlshash":"e921eaffe15b2c75ccb59bb3bc6c12656809582970866b137125e7588c539217f0c461","first_seen":"2025-08-29T11:05:53.184813Z","last_seen":"2026-07-02T13:50:16.725517Z","times_seen":1699,"resource_available":false,"data":null}},"time_used":1193,"timings":{"blocked":904,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/45540.1781011881923.25dfba7d.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.393Z","timestamp":1782908593393,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/45540.1781011881923.25dfba7d.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-37ff6\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da22d5f9c58\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":229366,"size_decoded":65835,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7983a109fba451279f84fe7b75724983","sha1":"9487dc955240c6083cf3497e806dff89bec2061f","sha256":"80bb5c781336a9095ee3e8ae99d724f58a409c7f3c159bf0f320a9c948afe030","sha512":"ddf49f5cfb4721100ef951228391607209e248a8733d48229ff5196fd8a32fc3e759d90c1040dd591b1c0bd97ab83a1c8baaffa70fa96bbe2d556af2379478b0","ssdeep":"6144:1YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:1YD4wFsYiSAKNH3TY5","tlshash":"e724f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","first_seen":"2026-06-12T19:29:57.328205Z","last_seen":"2026-07-02T13:50:16.653931Z","times_seen":158,"resource_available":true,"data":null}},"time_used":2901,"timings":{"blocked":2004,"dns":0,"connect":0,"send":0,"wait":429,"receive":468,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor.json?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.671Z","timestamp":1782908597671,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: application/json\r\nContent-Length: 646\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nETag: \"68dbcacf-286\"\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6c219f1da236445e5e\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":1261,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-07-02T13:50:16.718783Z","times_seen":1944,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/kc523-1/sponsor/sponsor_nav_web_2.png?1781011825626","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.682Z","timestamp":1782908597682,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_2.png?1781011825626 HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 30 Sep 2025 12:19:27 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dbcacf-1922\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908603=VCWuB2+Nk7jMGu+wF3THs0B4jqARJgWa+4+ZZXmiHNM959OaXUnV99phm/dx6Uwvz/pGH3pNjGcIB+x8LMA8Q5WQO8DCDp0I/ONs5tMd7JzsRxx1R1bBFcV3C4cZzqW80HhNBypWhFiAgy44Zw8ga+8aDxUQ/v9yfRGnPl108QozlshCsJ430ihPQ/GTL/RJ\r\nAge: 1498\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da24d1d75c1\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6434,"size_decoded":7127,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"e31cb9f70abcc458288bb53868031352","sha1":"965f7cb9aaf0d166c21b8681b0671d17e019c74e","sha256":"33295ad776e1fde54dace5b0343c9aab9a2d70cfa8848e5cbd09065c340e294f","sha512":"acd328b1f4cb6e1c7267696487f637ea5ae4b724f7ab32516632a3eb2c8b4e374fa472ab77120230258fb49a23f54ba3988b155004b46e69519fe3ef57ee79c9","ssdeep":"192:RYc0QiGWn0WG2WmjNJMjOluoj/xrASMJmoJESULHT:RYc0QiGlHmjOo1j/xPMAG2Lz","tlshash":"c9d18ea6ea2a4a52cf8d0d633efc5b0671508e582f390826809a1d1d57767fa24a13e7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:49:21.775458Z","times_seen":1732,"resource_available":false,"data":null}},"time_used":6141,"timings":{"blocked":5849,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/bj3.a7dbd558.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.697Z","timestamp":1782908597697,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/bj3.a7dbd558.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-16cb\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nAge: 1493\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b919f1da23bd76749\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5835,"size_decoded":6415,"mime_type":"image/png","magic":"PNG image data, 1003 x 171, 8-bit/color RGBA, non-interlaced","md5":"b79234bcd23ce7e063481b3605bcdd45","sha1":"eace4c48cc352cfb10fb6fcffed50748f18aa78d","sha256":"2dbca2ee9a515b178cb6a5ce670a5dafa30941ad8c753fa3e94642f8dacca13d","sha512":"40fa685181391f1ca805440f53683045d1fbd5c0f36cf471f53641c6f289481f42fefc4d1f2b2fdfe8a20d7488ef0537f10352492e46af76770b49fe8876def7","ssdeep":"96:brOIaX7VK+RUSrZ3rnZ1L++y+hsVoK4CBVVikox3n0muoE7Nqh7zwGto:K7VK+RBZ3l1i+y+3peikr3oEJqh7MCo","tlshash":"91c18f03f313ed339b875f190abe4dc3498b2f9a4725a7d6285b5aa89654819c062e82","first_seen":"2025-08-29T11:05:53.328141Z","last_seen":"2026-07-02T13:50:16.672294Z","times_seen":1750,"resource_available":false,"data":null}},"time_used":1709,"timings":{"blocked":1408,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.378Z","timestamp":1782908600378,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e1b92fd262c74583bfe4548f3a20ca12?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.376Z","timestamp":1782908601376,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e1b92fd262c74583bfe4548f3a20ca12?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 91255\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1810\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"e1b92fd262c74583bfe4548f3a20ca12\"; filename*=utf-8''e1b92fd262c74583bfe4548f3a20ca12\r\nContent-Md5: 2S3ve/m2JQyKNYgpWLVv3g==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fhnr3clq7PoVBs1YdIPdHFpPybNS\"\r\nLast-Modified: Fri, 12 Jun 2026 20:14:19 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: 0VOG3hZz5\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: KqEAAACkATpIKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91255,"size_decoded":92010,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"d92def7bf9b6250c8a35882958b56fde","sha1":"19ebddc96aecfa1506cd587483dd1c5a4fc9b352","sha256":"398397f8723619406698f107fb3b02980e12b345ffa2a601629751de1659734d","sha512":"bdb75844b67979c30c4e42180935a9413a664bdcefac8f54813d264065646d192f3f0b4f30ceba4368b148827023d03595e2aa47d433803bcaf51beff2992a46","ssdeep":"1536:jOktbnJS3OkANAo4KCXMgWE/BbneiHDV63qvLvKGGCULG8Rb4XpmigUWiNysg/jm:KkqOkUmWE/BzNj5L7G0894XpLWiNUh8","tlshash":"1f9312a660d4cf1ed1f1ed6221a2dc347c498ae50b1f49bf949db81439243e2f38f696","first_seen":"2025-01-03T06:47:24.518406Z","last_seen":"2026-07-01T12:25:27.368558Z","times_seen":10,"resource_available":false,"data":null}},"time_used":2068,"timings":{"blocked":1551,"dns":0,"connect":0,"send":0,"wait":285,"receive":232,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/sports.60212fd6.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.692Z","timestamp":1782908597692,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/sports.60212fd6.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-1c734\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nAge: 1493\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da23b7974a6\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116532,"size_decoded":117110,"mime_type":"image/png","magic":"PNG image data, 666 x 541, 8-bit colormap, non-interlaced","md5":"fc82aa907334f929011fc2a6ec906f55","sha1":"f76bd75b9d1235807c70c7d763a1865d7c3f8d4e","sha256":"2ae1d61176960d7ddfddcb30a69d22b9da893687370d8cd26f4917d129a1bf3b","sha512":"12ef7a828d7d4228596b0db0ad77b200e8ffcfe2457d12821a4e9778b62668ebeef075c2bc79076e36291e3015afbfe276a2ca230ead018b38e2d3fd803dd31f","ssdeep":"3072:/ZEgiWqpGRwEyiwX0wgOZzbKoSxNiSvrUeO4h:/ZLf/R2iVwgAKoSPiSvVOy","tlshash":"76b3021c79775a2083c6bcb40b583aeae09b3dc19d169808d68b7791993df43c970bed","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.670975Z","times_seen":1843,"resource_available":false,"data":null}},"time_used":3271,"timings":{"blocked":1320,"dns":0,"connect":0,"send":0,"wait":774,"receive":1177,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/84b8892c7a6f4b89a4a8927a4fff0a79?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.380Z","timestamp":1782908601380,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/84b8892c7a6f4b89a4a8927a4fff0a79?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 85161\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 1720\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"84b8892c7a6f4b89a4a8927a4fff0a79\"; filename*=utf-8''84b8892c7a6f4b89a4a8927a4fff0a79\r\nContent-Md5: dezFI4Pa8aNdFerNEO78Lw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fqy57bAfqHNDda9ZuWqLIMGNN8TD\"\r\nLast-Modified: Tue, 19 May 2026 13:57:34 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: cVcVXNcTT\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: r64AAABLr1BdKL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":85161,"size_decoded":85916,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced","md5":"75ecc52383daf1a35d15eacd10eefc2f","sha1":"acb9edb01fa8734375af59b96a8b20c18d37c4c3","sha256":"a74b613cca269a1c5e3d58a9d9a32918d0816036db27830978a8cf2451c2df8d","sha512":"3f71d514a82497491e50e80270b26aa2063e7d42f1680b26fc7dd04bba6cd298079aa4a2b5d38576d47099b26d751b302f9caf950b5cbad53ed533821483df5e","ssdeep":"1536:LKpDK8ZRdR535/1zL17T7m02zEOw/ZRcYL08xoHfqIAhg/+gT:aTHdRX9P17HfOw/a8xGyI6E+w","tlshash":"058312930d738153187a6a4e8eb1b9233090527f482edcdc5a255adc3e73d894bfe968","first_seen":"2025-08-07T07:19:37.820204Z","last_seen":"2026-07-01T12:25:27.35957Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2313,"timings":{"blocked":1682,"dns":0,"connect":0,"send":0,"wait":309,"receive":322,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a7602b33f951474db03531d8810a3572?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.393Z","timestamp":1782908601393,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a7602b33f951474db03531d8810a3572?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 36694\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 73218\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"a7602b33f951474db03531d8810a3572\"; filename*=utf-8''a7602b33f951474db03531d8810a3572\r\nContent-Md5: XkTBlf1s7eBp9jmCegVv6Q==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FpCZMtdc-zARrhcNbqIBal3a3MRC\"\r\nLast-Modified: Fri, 29 May 2026 03:41:11 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: MuXVvlJxy\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: 7pMAAAAVvG5W570Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36694,"size_decoded":37450,"mime_type":"image/png","magic":"PNG image data, 220 x 291, 8-bit/color RGBA, non-interlaced","md5":"5e44c195fd6cede069f639827a056fe9","sha1":"909932d75cfb3011ae170d6ea2016a5ddadcc442","sha256":"6170994ecf14fb278bcab74f999de51aaf198220173cda5a76d670caaf4fdff7","sha512":"5ec18504f9bc44e2dfa6f5a646865b23404cfe87dd13814d6087e1d7e120e7f1b4cbce10077cb35f51d535084d6fe9906e0abdc6f83c31384451cc5b2e6f7b44","ssdeep":"768:WfsVPJUqDQ6wbe9wd3F18k1B0Y3gTX7rJoyPqhifCilLydjsdlHvf6f:WfsVqkQlxiqULzPqDilLy2dlHvf6f","tlshash":"63f2f1e73e534f10cd0389e10756c6e212b8d2c4f35a73125986ed5d2a618c5ab3eedb","first_seen":"2026-06-30T17:45:52.062344Z","last_seen":"2026-07-01T12:25:27.333916Z","times_seen":43,"resource_available":false,"data":null}},"time_used":2607,"timings":{"blocked":2323,"dns":0,"connect":0,"send":0,"wait":261,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/index-a3dad144.1781011881923.1093b11d.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.398Z","timestamp":1782908593398,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/index-a3dad144.1781011881923.1093b11d.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-570e8\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da22ee6749a\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":356584,"size_decoded":117591,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64562), with no line terminators","md5":"0fc0f4a0379e369b442d93ffb72561fd","sha1":"497d95fced30bab2efe9ad3a561c35cd40ad5e9c","sha256":"da926a537d946d3158d41a8531082a740aec7a6a4e3b98599d35546182f20806","sha512":"ef5664991d7fb472281b2696b3b25a322bf51f9bcbccf2043f77fdb67ca9a84d90b893029e93bedea935724bbc4b58a77154b35ac40b15f8e691b539cc3102e3","ssdeep":"6144:LrbhFOufhu/LHEY/T8CPis7lVV4YlRlNsmq9D7:3zBw/LHEY/TBas7lVVhsp9X","tlshash":"ed742b90f76ce1bd875e55ff7a329094902c1b41b0c89e58d29e2944fe6b385eeb04bc","first_seen":"2026-06-12T19:29:57.253128Z","last_seen":"2026-07-02T13:50:16.656978Z","times_seen":148,"resource_available":true,"data":null}},"time_used":3171,"timings":{"blocked":2396,"dns":0,"connect":0,"send":0,"wait":341,"receive":434,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/service.68be110a.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.701Z","timestamp":1782908597701,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/service.68be110a.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/index-399e2569.1781011881923.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-2991\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da244619c69\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10641,"size_decoded":11371,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"993784a38ddc1156572bfc3308055ead","sha1":"becff431867226bf323b5a6535fa383992f107eb","sha256":"abca3af980888b08c6cbd57366b3ac94344d66ea048484c4f9867e300ee8703a","sha512":"48790c6340f273a58295fc6607306353ab69d5a818569fe36ef1bffc8fff084b23d37b401e10502b830c67a5efedca56c1c9d778d6198e4069018d055f1869f0","ssdeep":"192:NdsarkpjwOOmfStcnaHtzB3l2eKD9RdfXtRqi3ln+ojjjKMGlnyL5H7nx+:nJQpjgOz9Dd0orKMGlnA5Hbs","tlshash":"8822c0c41e1be1b6d2ffa916b28543a04b3421fda1a24c342d828c04ccad56ac91f9e7","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-07-02T13:50:16.650496Z","times_seen":1758,"resource_available":false,"data":null}},"time_used":3902,"timings":{"blocked":3564,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.676Z","timestamp":1782908599676,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/webp\r\nContent-Length: 35520\r\nConnection: keep-alive\r\nEtag: \"cd3987864cb3f095323f43e0248e2180\"\r\nLast-Modified: Wed, 10 Dec 2025 10:48:07 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=um%2Bn5A2p6Lzgt5PdFgzcTAHpGK98AsWSIcg%2FoEqOItoJwFR4Ngy6ole2jvtLK8T7guM4dkgSQZe2%2F%2B3NOPk4P9DOGFvcc%2FY0BLEa7sQ2cbEuecJrRM6jKN%2B5F63zhS1MWKnuLX%2BQJ1UYtVqT75EWjdU%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 5062\r\nCf-Cache-Status: HIT\r\nCF-RAY: a145619d1ca0f866-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da23e0d75ae\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35520,"size_decoded":36682,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cd3987864cb3f095323f43e0248e2180","sha1":"57b2593c8fb12efd02723c4297cc32c426e77017","sha256":"f86c999282c8cc66a7a94042d0d117be0e025906c4bd5647298e312a2c309ca9","sha512":"ba70094c63b1d4360f2ade43b4a26c9b412fe366e805223c019a6b1418e656067f54a94daf0eed2e9fac0fce3623ef9c0dac9cf092d6503388d9400146a25f25","ssdeep":"768:S4wSvosDYmjc1AHEBOLMSkdFqvZa6Hfj/9q3uTOdbXjzZBniHc9QjK:SytDYAkByMZPqvg6Hfj/9FTSXjfiH0Qe","tlshash":"bcf2f20a3c565b1f01ff3414b7028a68004b264c603face2cd99b8ce5dbf94d859e556","first_seen":"2026-04-24T23:10:16.816486Z","last_seen":"2026-07-02T13:50:16.662554Z","times_seen":438,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":346,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:19.681Z","timestamp":1782908599681,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:24 GMT\r\nContent-Type: image/webp\r\nContent-Length: 33078\r\nConnection: keep-alive\r\nEtag: \"0a0135f97e5634a3589065dc1f4203a2\"\r\nLast-Modified: Wed, 10 Dec 2025 10:48:35 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OYUIY%2BnCKclLE22tiInbLZJm80UTpGmKzKlNjzv4GiOl2qlGM3FNEXtm6hSuKqri11%2FyY1ZxoL0axGFTFX95pcN6tFggx9rN4BrGBcqg6lunhdSa5nZWoE2w7eLibIaJsrUGY4Vh8SH9259PHrrm5Ko%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 5064\r\nCf-Cache-Status: HIT\r\nCF-RAY: a14561b7c8649fe0-HKG\r\nalt-svc: h3=\":443\"; ma=86400\r\nCache-Control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908604=I+3rjN1f7w6aLRSA9NslKyGQLulbhSPerqeOCIuymLixjN157QOXMQ/tRp6hP4srirnRQ4SE6OusQm4im/5y7jyV3pDhXb3v9aqdCxtLZpsYDfoOTrUTJKOMW77N9whh1a3eJyGCHtwYiigsI6uKX+hOm8H4fVx6ItnDwk5CeppTgxFgcf64YNe3lMWe3XmG\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da24e8b74be\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33078,"size_decoded":34230,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x294, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0a0135f97e5634a3589065dc1f4203a2","sha1":"0606b7a4f7dd769e8f68c0b444764bfdabd584dd","sha256":"b615b66587167edb3c9283e97940d3fc3f1f1bc910e6d3c98c55015a6bb3fd94","sha512":"bacaeaae43764c19a7148549deea3aad9d04df47cc2f25ce0db95d356b2c6fb46884ed4e9b16f6ef3e3467392fd71343509495dd68eef11cccc779dcc1b35ae4","ssdeep":"768:rWixhnCoTUtb7DBUFrJLDUJmEBsReZrbHf4K:rWivRTUt3DI1cJmEBs8ZrbHt","tlshash":"aae202d5b06953b1fe1439d3fe5cae680b2810b7edc74ce59e1bc95e819c2805ae1918","first_seen":"2026-04-24T23:10:16.804529Z","last_seen":"2026-07-02T13:49:02.346731Z","times_seen":427,"resource_available":false,"data":null}},"time_used":4998,"timings":{"blocked":4217,"dns":0,"connect":0,"send":0,"wait":767,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.362Z","timestamp":1782908600362,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.386Z","timestamp":1782908600386,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9b6127cde712407a901845ea7d0850e8?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.355Z","timestamp":1782908601355,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9b6127cde712407a901845ea7d0850e8?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 21848\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 6434\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"9b6127cde712407a901845ea7d0850e8\"; filename*=utf-8''9b6127cde712407a901845ea7d0850e8\r\nContent-Md5: Q+BVkceveggiHrrjGELrLA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FgURBFhz8tAwb0hknBWFgMJtJipz\"\r\nLast-Modified: Tue, 30 Jun 2026 15:01:26 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: Sp7lZscgZ\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: XWYAAAATGmYTJL4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21848,"size_decoded":22603,"mime_type":"image/png","magic":"PNG image data, 99 x 99, 8-bit/color RGBA, non-interlaced","md5":"43e05591c7af7a08221ebae31842eb2c","sha1":"0511045873f2d0306f48649c158580c26d262a73","sha256":"6abb1b0ce6d3283c5a8a4665d9b4082c5cc7c5b4943daa1b8b83b55871cdeacf","sha512":"7739d1e9385b80aab64929b8650361c82fc7114dd73c83463ea67ea4d08335f625dbd3fd117585c99bb4ed4b85a4a12bb76eee9390d8044c7a9cc46d609e793b","ssdeep":"384:wcMS3mDKhCs0/S7zoS4bX4fL+coIVyYgFdp72bg4bjZtqRfbfHfy3FT48rp2Xq+c:wcMmmutK+GT4z+vIjgvobrBtmpwp2aT","tlshash":"72a2d0292e17bddc953a75684af8b0e8d377c05f90b4a182d2c0a7b270dc55782e15f8","first_seen":"2026-05-31T05:23:36.139831Z","last_seen":"2026-07-01T12:25:27.353223Z","times_seen":15,"resource_available":false,"data":null}},"time_used":1139,"timings":{"blocked":742,"dns":0,"connect":0,"send":0,"wait":344,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/138e388333374ecabdc40d89df292ecd?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.363Z","timestamp":1782908601363,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/138e388333374ecabdc40d89df292ecd?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/config/initGeetest4.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.372Z","timestamp":1782908593372,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:13 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-3a7f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908593=QGdno2nkbhil2sQzcsIm7nkvCJY74Qjk9SEFrSfsUOERzYD9aF4Kk5XrPIhf2YHS9qEyJggi4cgFow9bTTckkJjXVy/Xtl63+UEpGPiPRChEnyC8jaFvn4/s2hRriLlw4ec6CxftDwGvq8wCEHZosHQiWwI+PMWlO+YD6FD1ro5sTBovrXDfKbRBegY0bMmm\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2256d7484\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14975,"size_decoded":5043,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-07-02T16:15:47.021047Z","times_seen":1024,"resource_available":true,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.389Z","timestamp":1782908600389,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e00258f16f3e48bfadc9a67c1b3bbff5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.343Z","timestamp":1782908601343,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e00258f16f3e48bfadc9a67c1b3bbff5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 2300\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 58998\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"e00258f16f3e48bfadc9a67c1b3bbff5\"; filename*=utf-8''e00258f16f3e48bfadc9a67c1b3bbff5\r\nContent-Md5: +6hYnCTL3Vscv1dku5OLSQ==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fg-mWruJbPqQfR-cUXahlbLAj6hQ\"\r\nLast-Modified: Sat, 27 Jun 2026 09:22:40 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: U6BuiZI2n\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: gFQAAABUUchE9L0Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2300,"size_decoded":3055,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"fba8589c24cbdd5b1cbf5764bb938b49","sha1":"0fa65abb896cfa907d1f9c5176a195b2c08fa850","sha256":"b5b65389cef02f5db50d888ccb1f4a448c4586563309ea0de5f279b77ae4e4c7","sha512":"6a7f17a3503b5890599c3d22d823173a349bb27bdaaee7231679799bab31b766cd56590e31366a4e34a55ca2128d1ad09bc4b1d65807ce82efe77e8cb97a33d0","ssdeep":"","tlshash":"7541e326bc2948546271dd6cc23782fcaea2c1949ccd147b7abdd4e0e1d5ba89f42303","first_seen":"2026-06-05T08:53:37.797688Z","last_seen":"2026-07-01T22:21:02.800388Z","times_seen":66,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":-1,"dns":0,"connect":255,"send":0,"wait":256,"receive":0,"ssl":263},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0460e5e972b143a6a81cf09bc553ded1?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.347Z","timestamp":1782908601347,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0460e5e972b143a6a81cf09bc553ded1?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 32407\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 44577\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"0460e5e972b143a6a81cf09bc553ded1\"; filename*=utf-8''0460e5e972b143a6a81cf09bc553ded1\r\nContent-Md5: M7qa7K4i2kjoUhd4vfwN9w==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FobsDRhKnhEDpnnQhpM5Ce6j0S-w\"\r\nLast-Modified: Thu, 25 Jun 2026 21:21:33 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: 6IRjumYDd\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: aq0AAAC2rlRiAb4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32407,"size_decoded":33163,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"33ba9aecae22da48e8521778bdfc0df7","sha1":"86ec0d184a9e1103a679d086933909eea3d12fb0","sha256":"e6c7cafc8896086b127bbb7233423347a3d3c081e21cd9d0ffb8d9460428cc13","sha512":"638fddc430536bb1c08401a02c2055ade2bdcc2d8845a6648523e7603369de0705101f25d7ea8c15c79aec5d7ac9a50d1cb0036837d6b5e43bbb0c1b18d9975e","ssdeep":"768:d1zzmADX4eujvG+RbB5V8LHwStg+16SrjpSW6xWiX22:dVzKj7bWHNtgKprj81WiG2","tlshash":"dfe2f16fdce05484e0d8a039f25d665660f05004beafbf2402e4e209baaf671b4dd9c9","first_seen":"2026-06-05T08:53:37.812512Z","last_seen":"2026-07-01T23:37:09.474861Z","times_seen":37,"resource_available":false,"data":null}},"time_used":1118,"timings":{"blocked":-1,"dns":0,"connect":254,"send":0,"wait":508,"receive":95,"ssl":260},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/afbecd446a274ada9ac9c4df2963c37b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.348Z","timestamp":1782908601348,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/afbecd446a274ada9ac9c4df2963c37b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 15319\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 44577\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"afbecd446a274ada9ac9c4df2963c37b\"; filename*=utf-8''afbecd446a274ada9ac9c4df2963c37b\r\nContent-Md5: 5qs4RDD/bY4EgCJDX208Jw==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"Fuy72eJG60i3gFt26mSGKmFoPXpK\"\r\nLast-Modified: Fri, 26 Jun 2026 03:21:31 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg121;QNM3\r\nX-M-Reqid: ONPt36Ls9\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: NZ4AAABJu1RiAb4Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15319,"size_decoded":16075,"mime_type":"image/png","magic":"PNG image data, 250 x 167, 8-bit/color RGBA, non-interlaced","md5":"e6ab384430ff6d8e048022435f6d3c27","sha1":"ecbbd9e246eb48b7805b76ea64862a61683d7a4a","sha256":"b531a878ceff49e02995561bebb7c2c49acd9f3a783be06e9d0a4f3a93bbac04","sha512":"8b84b89e62422852091b8868b110983e2d15c926961764503c65d8dc5e1a135716a6da4d74835d2812bdf1fb4199f348fe9a978d31e7c4e76fe0fb4f7749989a","ssdeep":"384:jAZT2onQOy1GAez/fQcIix90XNCpiIeGVuHm9A:jAZT26YMbfQcxxuNM4Hma","tlshash":"4462c180f70a63bd71be13b51b85f3dd5b5ea6c801638d342086976270f752de3ad908","first_seen":"2026-06-06T20:30:41.867858Z","last_seen":"2026-07-01T22:21:02.902267Z","times_seen":41,"resource_available":false,"data":null}},"time_used":1012,"timings":{"blocked":-1,"dns":0,"connect":252,"send":0,"wait":501,"receive":0,"ssl":259},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/90bc5c8b5164cce042a69346a2c9fc7c.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.3.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.397Z","timestamp":1782908601397,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 May 2026 05:13:55 GMT","end":"Fri, 14 Aug 2026 06:13:50 GMT"},"fingerprint":{"sha1":"7B:E3:E8:7B:91:D6:3E:9F:F0:F7:3A:7C:C5:7A:54:CE:9B:6E:14:ED","sha256":"68:DB:B9:F9:00:0A:BE:FD:15:45:47:19:18:DD:59:D1:DD:43:B2:42:8E:7C:EB:50:14:F6:0C:3B:FC:5D:CD:67"}}},"request":{"raw":"GET /202/1/90bc5c8b5164cce042a69346a2c9fc7c.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 01 Jul 2026 12:23:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 2877\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"69c26c27036056556d5e3227595c7faf\"\r\nlast-modified: Fri, 24 Apr 2026 00:00:21 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18BDECC297FA85FB\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 92\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c0y9xTdkVQmBk65dbk1yD2jMUg1%2FhcwYA%2BpgcJ5ARjkfi0nl08PYhmzhiM9xwM%2FnsBYjifCjYLXEG3RyGCLyaIgfo9uQV%2FOnpbnc6Rsi8EPH8642PIK3Fyl3wJ9lI1lRwbVBZw%3D%3D\"}]}\r\ncf-ray: a14561bc9d3d1525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2877,"size_decoded":3825,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"69c26c27036056556d5e3227595c7faf","sha1":"06867bcbcd3757a69c8e4f46cba1e626404b1724","sha256":"2b81644d047448d7dcf7a4a3604ba7ad9029e6cc427b9750c07016188143d4d3","sha512":"72b2b7c97bee7ed55b89f4e66c95adcfe41616c4cc7e1b538bfb85f86c06f662b617a6600182ca59889eadaa7a9dee867189f6aeecdadfb315dd551d08a8580e","ssdeep":"","tlshash":"00516d8f14bc1775584d2e3f8cf6626a80a2e13597225d49e6a94cffa4629c364f80ce","first_seen":"2025-09-27T21:37:30.355765Z","last_seen":"2026-07-01T19:09:59.594562Z","times_seen":59,"resource_available":false,"data":null}},"time_used":3481,"timings":{"blocked":321,"dns":0,"connect":1,"send":0,"wait":6,"receive":0,"ssl":3153},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/css/chunk-common.1781011881923.90261a1c.css","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.377Z","timestamp":1782908593377,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /css/chunk-common.1781011881923.90261a1c.css HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:14 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-34c8\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908594=KWihkK54rCZL679Sz9tmy9MABdejSjUb9fWmH/K9x12QVu+NEhUsH2G4fT2DhqHScaJrOGbsHCTNE8lziyQYsh8YYexjNuPVE1bs8KtZsxuRmdziDnLyk0FfiiNFMQSh3/3ZzrNAJFstMZb6pi92EfXkkKVa6y991sZ6IXEq0Z7cdzYe42VsLKSnWqfs4M5a\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da229349c51\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13512,"size_decoded":4720,"mime_type":"text/css","magic":"ASCII text, with very long lines (13512), with no line terminators","md5":"18db28ed82e6a8aa84b4ca311e8effc9","sha1":"19d1c3f13ce483b564653631f2bd6a340017a84b","sha256":"8d0fd3816e0960390ac6c9757e98a97c96597871468e74a8dcb81f170ad98303","sha512":"dbee6bb335fe964df137f44bbd9752844d5baeeec889ffb5c21c9979a8ce51018f81dadd4a66b2016a30874962c6e4fd2243325fa60958d45d06f34bdee72b87","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gYER7/i//LN4hHSQZA2VxM2XwKjv0:M8oTGER7/i//LihHBrxP0","tlshash":"c952a631d634b53ce57be226f9d09adc6024d417e2730baeea643b3ac5ca4d215332c8","first_seen":"2026-06-12T19:29:57.231975Z","last_seen":"2026-07-02T13:50:16.792826Z","times_seen":160,"resource_available":false,"data":null}},"time_used":1638,"timings":{"blocked":-1,"dns":0,"connect":288,"send":0,"wait":675,"receive":0,"ssl":674},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/60024.1781011881923.e9a203dc.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.442Z","timestamp":1782908597442,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/60024.1781011881923.e9a203dc.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:17 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-11f9\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908597=ZdMUZ1k0h3P7BImNuC0XuNzcE02G3yNmddc73ooGZ+wDF2gg8I3brNEWyyizAwMoil5pMdm47kHxX3mo6t0mc75vdSOkFMnNjyHqix7bmtUVGkmXe9TdQfYTKjF/uiNBVXu6oIZJ37t98qBieK0b4+/pChOluFMV+BbY9lq6SX4PmmC0F+X1maRp+Mp3HGV/\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5b719f1da2356544d7\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4601,"size_decoded":2490,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4601), with no line terminators","md5":"ac04ba4305a374571b2d241fe1f50dc2","sha1":"e559b9a0a338e35fb6605942f7d14e96c031ae71","sha256":"788282499d13bd0bb6207ed41a15a3d0b2058ca97003d1e1a872e81401f02aa7","sha512":"6edc613a3f8585bf6cfb8c034199265c1c1daf368d0d3a6e2c41bf441a334a7f93139c0b0fb4147b98264567be9b135fab3cbe923e8fe040ec553e9fec04c8ae","ssdeep":"96:UR4NFRSZqe65bD7RM/Rsxkw9usN6tKex9sX2NaenPdqUDDEz:UR4NFRSZqesbD6Rgks0RxeX2NbnPdqUE","tlshash":"3491cbd876d2f071426f9678862f285fe27bead074ccb415d1c1e690aef062d8933d68","first_seen":"2026-06-12T19:29:57.341024Z","last_seen":"2026-07-02T13:50:16.78167Z","times_seen":137,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":373,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/license.ea57c78d.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.703Z","timestamp":1782908597703,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/license.ea57c78d.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-7b8\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1495\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da2459a9c6b\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":2700,"mime_type":"image/png","magic":"PNG image data, 161 x 52, 4-bit colormap, non-interlaced","md5":"60a2c7c150b01809fbb7b97932684b5b","sha1":"67fc9647c452a17b519c6a51dc8c38daa23755f9","sha256":"c5ce31558a1f979ae78c7779d2f312b196750375541e9c147b73d6e44d47c276","sha512":"2328442fa1c74e47c6eff4adab55920c7e7738e7ae51bd2b222fb696bbcf8201a14805089a33baa80c28a40db47061048d817c384bd72735b2e0c0116ff63c6f","ssdeep":"","tlshash":"b3412a6266729beced1a8c47592c7df1d8338ca1a200e1c150ed761f1bf8e1060e7a94","first_seen":"2025-08-29T11:05:53.23289Z","last_seen":"2026-07-02T13:50:16.786701Z","times_seen":1701,"resource_available":false,"data":null}},"time_used":4195,"timings":{"blocked":3903,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202505/_webp_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.377Z","timestamp":1782908600377,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202505/_webp_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/7b32f12c70884e16a239ee8933295412?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.372Z","timestamp":1782908601372,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /img/fb/team/7b32f12c70884e16a239ee8933295412?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/js/83876.1781011881923.7ce40e6b.js","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:13.396Z","timestamp":1782908593396,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /js/83876.1781011881923.7ce40e6b.js HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-4007d\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908595=VYqS7u7lQ0J6vY3CU7Th8T/pw3pFqlx8ntvuI2Oh21Sw53mtqjMf66c8tX6VijURccEBNw01n+5hHC8SDhRwT67Z1ef+RAQ6WDYbeb6zygQzDDKVDrk5DO9a5mYQ6nvRMm6wJ4+j7sw2l0ZCvyYL98mdUq/YdA7L7n3R6ufmbQkSNVX/HQuSRBev0GgNdvH0\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da22e47758e\r\nX-Cache-Status: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":262269,"size_decoded":77907,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"abf84df30621edc23a82d05ff0b8a83a","sha1":"e727ad94ce5d5f5b8fabec0e0b5a966fb6e6594f","sha256":"c3b02d056ac034939c3ff75a10a2da23f5f05f96a36ca1e5cea2157ce0fe12be","sha512":"db2a2a00f51cc6f75cfcbb6d988df74403fae93255982a054710e5f87a2d8407f4f8f02fef8ef1a0e5edb289736296b2d11a3b77cad6c6d9089bb831cda45be5","ssdeep":"6144:0/rOTU2/xB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:0iUjytgPJPT3p2YpHrrL","tlshash":"2f442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f265f990be7555c927fbfc","first_seen":"2026-06-12T19:29:57.272405Z","last_seen":"2026-07-02T13:50:16.716723Z","times_seen":154,"resource_available":true,"data":null}},"time_used":2840,"timings":{"blocked":2237,"dns":0,"connect":0,"send":0,"wait":326,"receive":277,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/left.34013cd8.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.694Z","timestamp":1782908597694,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/left.34013cd8.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/png\r\nContent-Length: 237\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nETag: \"6a281707-ed\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nAge: 1493\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da23ba875ab\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":903,"mime_type":"image/png","magic":"PNG image data, 14 x 44, 8-bit colormap, non-interlaced","md5":"5ecca260da6fc5e2843405c20ac69817","sha1":"3918cfad7493b6860ded9e259ba90bc6a853f1b1","sha256":"078a4aac39c49a33cbabf23cda7579fa7b76e875e6b6d24d16cfcbf9f8b250df","sha512":"b76a870a79a87a450e5d30a218d75093b57415c563e64a8ffd6839a31b36379dbc08398698b9c1368ecda671d65045d5cfebe3363b98d746d89dcaad15bcd8ce","ssdeep":"","tlshash":"6dd0a99be2076faed1c70bb3732e0ca18a8124e892944b088042c622ca663a1dd82042","first_seen":"2025-08-29T11:05:53.221032Z","last_seen":"2026-07-02T13:50:16.715431Z","times_seen":1760,"resource_available":false,"data":null}},"time_used":1652,"timings":{"blocked":1365,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/bj2.a8fabbac.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.695Z","timestamp":1782908597695,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/bj2.a8fabbac.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:19 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-5809c\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908599=T3YknBzMJfJoN3ILu6zaGYt9SWgeRN38yVCsJlIIDp6iv+jKPhCEUxsM3+gP8j1mt7n0vQ++liS1yZhSXvuthqjdcZm/jQVoFk+dncfgbYe3KUSWE5YlXmr7sS3d5dVLb5Yhh+qMPj4aWQzAbhBnGmTkmfZCkTBi54X0a3U9yXSu+2IjEwFIrTRVB2Uxk/zy\r\nAge: 1493\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da23bd79c61\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360604,"size_decoded":360170,"mime_type":"image/png","magic":"PNG image data, 1920 x 641, 8-bit/color RGBA, non-interlaced","md5":"e0fe8ffeed1841f74df53c3b0c1f2db0","sha1":"77bf6dfe664cdc936776654af151f49368479ec3","sha256":"db4d87e8a403e388c54dd5d114b738c82e1d2dbe65b95630fd5782179f0d7d54","sha512":"825bf73262c2b613b6a8a8397f869db6b2cd4118e554689d228503e7a04c4e674d49c5649e4ac8e2423a7b526c0f6621c259566d0e9bb6ebfa0712a7352968fa","ssdeep":"6144:iAHwIFRCiRIygxWS9v34xfZzuwbIYGzl8BPp0eIiOk3Fg7la6RUIs4pU2:rwy0IgxDEfQwbjw8dpmiOiFgpLHFU2","tlshash":"2874238d711d48cc9c9b45003dd82d9e1c55aa2f7aab20b58264fed24d17ddeec0ea3b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.642957Z","times_seen":1689,"resource_available":false,"data":null}},"time_used":3269,"timings":{"blocked":1409,"dns":0,"connect":0,"send":0,"wait":311,"receive":1549,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/bj.ada43481.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.699Z","timestamp":1782908597699,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/bj.ada43481.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/home.1781011881923.38488e2a.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-6b4d0\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bc19f1da243b975b6\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439504,"size_decoded":440360,"mime_type":"image/png","magic":"PNG image data, 1920 x 927, 8-bit colormap, non-interlaced","md5":"2c55f8fcc8edb773be5014d8deb72c4e","sha1":"e7e55505bf22de833ec6b82a229e70bdba93b58f","sha256":"21c44535cffd825752bf9a535001b4b605147e3434cf2906fc2c8fcdcd992c1a","sha512":"bab93e8eb191df623bd7e238ae8d5cf7feae73e2a768d7b591d4dd8b7aafc199fce7c34066a272fc9137959a78a6bcd9fb388f39d4a0938f5674aaee815a3cf7","ssdeep":"12288:K+TyFzCVXhEu0hvb3kkjOO9FNkh4k6yvwUKA4AuJiT9h+:tTyFGjENkkyOWh87UK/JiT9h+","tlshash":"739423b1df0b89c858a39043dc74f99263e8d0a6bdc40ab80bf14b9176709dbbbf5116","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-07-02T13:50:16.745438Z","times_seen":1676,"resource_available":false,"data":null}},"time_used":4732,"timings":{"blocked":3422,"dns":0,"connect":0,"send":0,"wait":305,"receive":1005,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/EGAME.d289cd48.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.261Z","timestamp":1782908600261,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/EGAME.d289cd48.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-e89a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1492\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da244bc5578\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59546,"size_decoded":60286,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"eb8991eb9e0db175522c914343f0a10a","sha1":"ce2d41b154df64421d46bceaeb9878da455592dd","sha256":"b837b4e9fc693e5c65eb049c56547caefe1cf73ea31ae59f95ae46d052fd36b2","sha512":"7d2a886e3ac412f6ea1b1ba290064373e1d07a0751bdd7f546af3116ad057d1f17bbe4847179cdf87297a967c0290280ec0c51ab9bfdeb1da0b881e366eb19a8","ssdeep":"1536:hvA9R/SReJczzaRBd6s3DhCDnQcvyFVWGDnmhKYNa67:hIPVczevUIhCDnQc21C7Na67","tlshash":"dd430276882a8fcd499304944bf9afe164eaf19097b3cf91f24c5fe0423d184d881b6b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.805438Z","times_seen":1675,"resource_available":false,"data":null}},"time_used":2066,"timings":{"blocked":1125,"dns":0,"connect":0,"send":0,"wait":321,"receive":620,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.379Z","timestamp":1782908600379,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T17:08:00.371314Z","times_seen":16917523,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/appdown.6e7c9177.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.702Z","timestamp":1782908597702,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/appdown.6e7c9177.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/index-399e2569.1781011881923.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:21 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-277f\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908601=NZWlGnxDiZfKzDWJ6kNGzBGhmY+osrsbhMounbK0GCWInHsx5UYJ2uIoiB6AEBbKlm6DZV9Rzn7+NRdLedDPSnk/B7TRPM4U10ZNzgIb3gzZwUwrhXrOPm2dXxIaEshx1T/OGD8Tcpgj+mzbYRnnJ58StT1fM9E48MC8kDCQR+bYh7E/Ls8hpL5Pdn8N8BH3\r\nAge: 1496\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5c119f1da2454b74b1\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10111,"size_decoded":10841,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"716d097b193628397635cfac41b561fa","sha1":"545d1876219bed15fe850a499a08322de6a26866","sha256":"50276d87fae9c1e30a32c32b4e90dcc2e227cabb4e3bb1d60ecb22fb50c5f2ff","sha512":"47ea5928e921bec4ce4d9c807ee921f6115a6dd27af6fa7325e6d988058d22cf36c03693ebc56665203809cfd6d008cd410380e688e90b36d7eeec18ce6aa92f","ssdeep":"192:cALsiDRih/bWKl4Hq2BHZE6+3paMeCsuTvB6hi6tswYmd:lBEv2Hq2BHS1ZaMJtB+tsud","tlshash":"4622d047a584327b826ec79c8fe98c112470ad1ce6f04d5ac44e711128e8df3503baf2","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-07-02T13:50:16.673619Z","times_seen":1754,"resource_available":false,"data":null}},"time_used":4509,"timings":{"blocked":3823,"dns":0,"connect":0,"send":0,"wait":686,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/fonts/DINPro.9ee75b04.ttf","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:17.732Z","timestamp":1782908597732,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /fonts/DINPro.9ee75b04.ttf HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://18114.xyz/css/46431.1781011881923.bc5df1d1.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:18 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 119892\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:10 GMT\r\nETag: \"6a281706-1d454\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nL-Safe: 1782908598=GAanE3MTyvCft+u1Zs9dTOsHtr+YihbqhaSSj4y9i25rK99YQLzDUcMXhl9WdQHASD1Mrun/QRRw4Vb8z0tsbulHlefjU2SfAuB5tLPKuVF71VGh3OdVXRAwqvmTFU2e9DgB2Gob2yjW36RrlbtBbrqzS5bAVpI8FKqfanmQm5Zk6XuVI9SMMOte5dYkfO/p\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c6d219f1da238209c5d\r\nX-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119892,"size_decoded":120571,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 30 names, Macintosh, 2005 Albert-Jan Pool published by FSI FontShop International GmbHDIN Pro RegularRegularAlbert-Ja","md5":"028cefac160ed3b006f47106fbc68d1c","sha1":"efcecac09684435facd7397e4f6163a5069802c2","sha256":"fb841a09a82787982ad1774bdeb45e8e06ff4909161a9ce33fd42f8822c5ddc3","sha512":"3a5a284d0c4da6593b857ba785a4ba7d5f2e2b73d22a2ef25435b9558063d2486228d76a3cd5d3a59b5abe4c0da696a75373111b3569a94a9dea1516cf16091f","ssdeep":"3072:YhtN/CZnt1tbtKtHtFNgz1QZt0tbt2ktwtNstAtqNaEctWpy8TLtsIb66AUeo:YhtNGnt1tbtKtHt7t0tbtxtwtNstAtqV","tlshash":"5ac308c153e8fa4ad83996388511c7434226ff2de65d4f36ffd94d8c688e8e9064e6e0","first_seen":"2023-05-08T18:58:40Z","last_seen":"2026-07-02T16:58:34.563954Z","times_seen":4293,"resource_available":false,"data":null}},"time_used":1374,"timings":{"blocked":411,"dns":0,"connect":0,"send":0,"wait":313,"receive":650,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"18114.xyz/img/ESPORT.4f4b51d4.png","fqdn":"18114.xyz","domain":"18114.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.130","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:20.259Z","timestamp":1782908600259,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"18156.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 06:21:05 GMT","end":"Sat, 26 Sep 2026 06:21:04 GMT"},"fingerprint":{"sha1":"30:5C:A2:F1:36:A6:91:D9:3C:71:7C:3B:80:49:3A:BB:C5:0B:53:A1","sha256":"FB:A2:2A:8D:A3:A6:51:23:3E:DC:EB:06:38:96:4E:AA:32:71:9B:E1:FD:3F:D1:7A:49:E7:81:BB:9A:92:C1:8D"}}},"request":{"raw":"GET /img/ESPORT.4f4b51d4.png HTTP/1.1\r\nHost: 18114.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 01 Jul 2026 12:23:20 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Jun 2026 13:37:11 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a281707-101b0\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nL-Safe: 1782908600=syPON+2Kz5+pRykBs4QtaE3NO1FRKks/0eGizB7WB32Nr07KwPVzJ7CMnD8avbVlnlwbqhKm+rPUp/B3oGXCDokK5efJr6SBT/hoCjDgyiNSx/NWCgTrn1JK2VXFeQ2d7IBy7u4ZEVcnVu0949VAH67PTEPPBpqJ7YUy/mSmLNgKKPCcQeowpq9SRGT324V1\r\nAge: 1491\r\nL-VIA: l1=4iaGgjza0Vwox8nX\r\nL-VERSION: 1782631176\r\nL-Request-Id: c5bd19f1da240565573\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65968,"size_decoded":66689,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"29610094acb703084f79c42c17547a7c","sha1":"3c824ba387e36bcce1a5f1d0d14b513fb278db9d","sha256":"8c3dc9ee49224eff4a37ec488ff0a413f3150ec7a62640a466a802750a573146","sha512":"db986acc62bb0d35583a1c298b468e1fa7869269c738eadc82b944b1a8f9b2c0723087db8a065d60495938e834337e72e3c438089d1d02ff90f4983e0d6461fb","ssdeep":"1536:ObUUUNbT8bJcHe4DyC8KLT/KKeRfm4AH7XAlzS7M2Z:rbgNcHwE/eshbE/2Z","tlshash":"b25302e1df60cb022efe65ca89acf12ae204a0a61476453f7a231d6f3744016af973c4","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-07-02T13:50:16.823629Z","times_seen":1678,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a7a0ea64a2dd4408a5011d7fc4a9bb08?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://18114.xyz/","date":"2026-07-01T12:23:21.392Z","timestamp":1782908601392,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a7a0ea64a2dd4408a5011d7fc4a9bb08?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://18114.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 01 Jul 2026 12:23:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 65107\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 33346\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"a7a0ea64a2dd4408a5011d7fc4a9bb08\"; filename*=utf-8''a7a0ea64a2dd4408a5011d7fc4a9bb08\r\nContent-Md5: P5EPI9ZlbaIvDF4Lf78htg==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"FngKTVFXa80Q_5JQMtwig3yiWX8P\"\r\nLast-Modified: Mon, 22 Jun 2026 19:05:56 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:wldsg119;QNM3\r\nX-M-Reqid: agnTKpXXT\r\nX-Qiniu-Zone: as0\r\nX-Qnm-Cache: Hit\r\nX-Reqid: p4IAAACF38GZC74Y\r\nX-Svr: IO\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65107,"size_decoded":65863,"mime_type":"image/png","magic":"PNG image data, 1112 x 1112, 8-bit/color RGBA, non-interlaced","md5":"3f910f23d6656da22f0c5e0b7fbf21b6","sha1":"780a4d51576bcd10ff925032dc22837ca2597f0f","sha256":"69eb28e946660f1be80b5b19dca6c654bda846301855b4ebb7856b6edd1f7675","sha512":"3b9dbdddcbafefb296c513ecdd22ef174670a75256199e17ab74b09c32b18c774e8827d2afead5d1c918748fcecc407074444c3e028d04c2824d906aa123f8ff","ssdeep":"1536:wXXS6I/6eXw78HnpvcCn4Nf+ePJPk9BXXpF+XwU92XWlzA9VtTF:upI/6R78HpJaPRkNpoXn6jF","tlshash":"0053d073d96db962ef76223206bee3101fde12653fe09268af2fd0119d391ad07681c0","first_seen":"2025-07-07T01:35:39.781065Z","last_seen":"2026-07-01T12:25:27.298583Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2666,"timings":{"blocked":2310,"dns":0,"connect":0,"send":0,"wait":272,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
