{"report_id":"1c3dab26-dfbc-4ecf-bf00-95a256aea396","version":6,"status":"done","tags":[],"date":"2026-04-08T12:27:12Z","url":{"schema":"http","addr":"manage.arc.moe","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":0,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"final":{"url":{"schema":"https","addr":"manage.arc.moe/login","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"title":"ARC TestNet","dom":{"size":4429,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1338)","md5":"18b8725486951dda0d5106b2f2e040de","sha1":"1793687ca6cb0ccb9409fc5bf3d9970bb4f0332f","sha256":"104f8fab0c54162eeff56297af812355b7439576570b5a9e159cdda131f4ee6d","sha512":"61d4195c2a1c6b7e043f83ac6aa0c0298393bc80ffe9b62e9782dc896701b8e03582da98a4c22becb2eaacc9cf6b1f182577d156dfce52b4010646d22e8251a4","ssdeep":"96:nYRFqYQEoQ82zQObbdaSDcHjo1QSbg+Ea+Ef4trLrU:goEoQpxbbESDUo1XJMU","tlshash":"1d9196727454543b316348de32e1b31d69dad90fc64b58487eec66e4cfe0de38836259","dom_hash":"domhash86bf995bebf398346964d634d3b9d6d1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"manage.arc.moe","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":0,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-13T12:27:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-08T12:26:50Z","timestamp":1775651210,"ip_dst":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"ip_src":{"addr":"Client IP","port":37172,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2026-04-08T12:26:50.661334+0000\",\"flow_id\":1372902562347857,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":37172,\"dest_ip\":\"103.127.240.180\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"manage.arc.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":916,\"bytes_toclient\":305,\"start\":\"2026-04-08T12:26:50.146257+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-08T12:26:50Z","timestamp":1775651210,"ip_dst":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"ip_src":{"addr":"Client IP","port":37184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO .moe Domain in TLS SNI","source":"{\"timestamp\":\"2026-04-08T12:26:50.907059+0000\",\"flow_id\":1281353186939015,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":37184,\"dest_ip\":\"103.127.240.180\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2827579,\"rev\":7,\"signature\":\"ETPRO INFO .moe Domain in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_08_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"manage.arc.moe\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":916,\"bytes_toclient\":305,\"start\":\"2026-04-08T12:26:50.397447+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"manage.arc.moe","ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"domain_registered":"2024-04-04","domain_rank":0,"first_seen":"2026-04-08T12:27:14.776007Z","last_seen":"2026-04-08T12:27:14.776007Z","alert_count":10,"request_count":10,"received_data":2652903,"sent_data":11289,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"manage.arc.moe/app/app-8f80-b9a2-4888-ace4-c28cfa48dfed.js?id=7f5c529f9e462b3e57b1e4356737d3b6","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f5c529f9e462b3e57b1e4356737d3b6","sha1":"647bd051e3ee1cd317eae5be833841737d67d14d","sha256":"c7d4ca0925cf10be06a497f3ecd9919fcc135033a1d0ed2751005518409fc9cb","sha512":"d6098f92c8cf33b12fe94d495fc0e1d66036edafd82f7c612f8b1dc3e731c91ac9a31c651eed14121dc63209c38e327adaa2cd64308a6d523f1320bab358bb26","ssdeep":"96:dqklRyVQo3etwuIKBFLEBPNhQqtYkjmoQ82zQ4pTCWDCpqIS/NPdZ:QkKiVtFaPNhQqHyoQptpWeCptS/BdZ","tlshash":"540212746408a875a1d740953866af88b93e3a0e7177f408f33ec9545cf1e4ba026dfb","size":8288,"data":"","first_seen":"2026-04-08T12:27:19.315017Z","last_seen":"2026-04-08T12:47:44.775674Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/login","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d36671e5b623938bd196f87cd738eff","sha1":"a38277ebaad67e2b25a397610a1a59373a13ae12","sha256":"ffb58e9f39d490ed75567ca88786f0f7c470c7863f6250c3b0c8d63beea7c945","sha512":"b7e380f2651773956df395422090361efc298ba41188d1f06ab4691df4d0e244c850a29d7468f139c23e90638b4328a62c1ccb98ecc1f2e7a24ad9fafc14c2fd","ssdeep":"","tlshash":"f57000023008e082802c20b8ac008e0c20080aca0000202000000200aa8000a2a2b228","size":24,"data":"","first_seen":"2024-08-19T21:19:07.620377Z","last_seen":"2026-04-08T12:47:44.788305Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/login","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"Function","is_inline":false,"md5":"941db3fc93843110f9e9212d51f41a48","sha1":"cf1db9a6fd6dc8890d0c9db9cbac7c4561eae3ea","sha256":"f919de5fe437c7f3acbdb7ebff93478fbccca1ccddbadd77a9115e6da4096465","sha512":"7e9c71e78f69f6d007f86bda8042abaf3ec3175809a85ff979385c2a6c3a1ba7d5bba61ec39ea42b1493a97e793bb4455a08729c0294fc056a311957fac4ea7b","ssdeep":"","tlshash":"3751451ce091183306c381fa78575d4571fc402bed82dc25bded9e5c17fea2aa5722b5","size":2778,"data":"","first_seen":"2026-04-08T12:27:19.318185Z","last_seen":"2026-04-08T12:27:19.318185Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/vendor-89-586b-43af-b980-e98611281365.js?id=3a48f791dfe1c42a62664c3d066f00fc","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a48f791dfe1c42a62664c3d066f00fc","sha1":"ae1e6bb13ea3d7c98ae3b015da3799d4ed79f8a7","sha256":"634ebf7c964942dfd4061f056f594703fffbd3f7df422d84253279d10cb7a7b3","sha512":"ac9a369c6adf902914849cecbf38fb89f8d0763829de37f41c12a40d293c43b050cfb0c1c7e57d839600ddaf96f21d05d73e5633bf81baabfa9cc3844209c431","ssdeep":"49152:G6hENJzmjGHG3EkQ2l16HWoAw5w83yvVOFZ+KLvIphml8R/7mnpv/8poihD:bx7ooqYl","tlshash":"26b52ac53195743243e751e6507f010ab33a1929b80e846cf67ce8ea7c7ad4a627bf78","size":2339269,"data":"","first_seen":"2026-04-08T12:27:19.319475Z","last_seen":"2026-04-08T12:47:44.78931Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/assets/G01.a6146d8acfcf3a57.js","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"dcd4323233476f33770363d3752f353d","sha1":"77a6ef3c221c12cf3af21a33f710508f0eb52b73","sha256":"a319edf7f73d6d4dddebbe756c17ab6636c7ac3c16916a1260ad6d9217b4cdde","sha512":"e9933840f3da4678cf5a216db004392a510e1768e4866924145646cfb751a708af6f25da93ddb3b16bce835d7e65376f55d3f5191c3ba5ee4a7d80022b6e5a2f","ssdeep":"384:qLYCzjEHzj/DiGBcWj7H/Q8N6/3W/w5l72ojHgVApsmzfPidKk+cbfOrh8qeeqB:eYCzwTj/5BhH/Q8N6/3W45l72ojHgVA6","tlshash":"a1a2d766b064a82778e7590758370a8df6a7e64cf029411cf3b8fc8c777fa8a4524f58","size":21629,"data":"","first_seen":"2026-04-08T12:27:19.312893Z","last_seen":"2026-04-08T12:47:44.777901Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/runtime/manifest.js?id=8ab2e584e1eef414a1bd9569a482213f","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"8ab2e584e1eef414a1bd9569a482213f","sha1":"3ca16b08d11491fc1c9aedf2dc560a6a59853545","sha256":"05b626f08b0c3d367b0d3c7dfab1e220eabd0d8822674e24e484f9aeefe7ca39","sha512":"454ff1eb239ae0291687f8f719b8b23d1627107fc9ef3f620d142dbd2a2d3c827b582fda262d9ab370fa9752eec42fd49f58d76428b48d7fb7087c67f79ede49","ssdeep":"192:JDhw0FYF7lfdPmjCX7tdE3Mq3DNt09sfC2JQ/BuUjnZeyYATRI+7:JDh1FYFNdDLtdEDsVSQZjjnZeURP","tlshash":"47022b8da31dfef53e2005c05d6519a87905b0323c8619e0fad7daf28478db93665bb3","size":8848,"data":"","first_seen":"2026-04-08T12:27:19.306689Z","last_seen":"2026-04-08T12:47:44.770734Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"manage.arc.moe/","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T12:26:50.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://manage.arc.moe/login\r\ncache-control: no-store, private\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InlMaEJvU044VmNGaGVlUUhkWlQza1E9PSIsInZhbHVlIjoiVnJxamQwR01OZ3pkcmhFcU5VWHdmRUFieUQzUGI5Yk42MGxJOVNjZnMzODIzTU5SaW5nVkhVOHphTXFPMzNrUjNTRVhBSEhGNXpwUytYZ2JKV2FIMEh5MlFZWThUT2RYdkIzdFh6ZXpRUWtRVW9CS21EM0tHMnkwTW9SaWU0dngiLCJtYWMiOiJlYWE4YWY1ZmFkNmQ0Y2UyNDY0ODQyNTY1NGMyNjMyMWU3ZjdmNzllOTllZjQxNzIxM2Y1ZDc3OGRlODRiNjEwIiwidGFnIjoiIn0%3D; expires=Wed, 08 Apr 2026 14:26:51 GMT; Max-Age=7200; path=/; secure; samesite=lax\nvirtfusion_session=eyJpdiI6ImdEdWlpMm9rOVc1NmpOc0t0L085NWc9PSIsInZhbHVlIjoiY1U3NkFHWUtDMkRzSlppL2Y2MERvd2R6NWVzSVBaclVPOW00a1lPVjBhNXk2UHcrTHUxdGlOYVZNVTdzVHFQUTgwZ2xxcmZub0lDWTlnUDBHS3kzRkpEdDE3a3hySjYwZzBYRmEzNUZvbnRMbVQ5c0x5WmR1cUtqVDlmeDFnUEsiLCJtYWMiOiIzYjkyOGRmOWRlMjA2NzRmYzJkNDU0MDg4MDg5YjcyYmIyNjkxNzI5NzFiNzNlYzFlMTU1OGVhOThmOTVkNjUyIiwidGFnIjoiIn0%3D; expires=Wed, 08 Apr 2026 14:26:51 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: DENY, SAMEORIGIN\r\nx-content-type-options: nosniff, nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5361,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-08T20:38:18.537334Z","times_seen":13514611,"resource_available":true,"data":null}},"time_used":1942,"timings":{"blocked":817,"dns":10,"connect":256,"send":0,"wait":308,"receive":0,"ssl":548},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/runtime/manifest.js?id=8ab2e584e1eef414a1bd9569a482213f","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:51.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/runtime/manifest.js?id=8ab2e584e1eef414a1bd9569a482213f HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-2290\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8848,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8848), with no line terminators","md5":"8ab2e584e1eef414a1bd9569a482213f","sha1":"3ca16b08d11491fc1c9aedf2dc560a6a59853545","sha256":"05b626f08b0c3d367b0d3c7dfab1e220eabd0d8822674e24e484f9aeefe7ca39","sha512":"454ff1eb239ae0291687f8f719b8b23d1627107fc9ef3f620d142dbd2a2d3c827b582fda262d9ab370fa9752eec42fd49f58d76428b48d7fb7087c67f79ede49","ssdeep":"192:JDhw0FYF7lfdPmjCX7tdE3Mq3DNt09sfC2JQ/BuUjnZeyYATRI+7:JDh1FYFNdDLtdEDsVSQZjjnZeURP","tlshash":"47022b8da31dfef53e2005c05d6519a87905b0323c8619e0fad7daf28478db93665bb3","first_seen":"2026-04-08T12:27:19.306689Z","last_seen":"2026-04-08T12:47:44.770734Z","times_seen":2,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/vendor-89-586b-43af-b980-e98611281365.js?id=3a48f791dfe1c42a62664c3d066f00fc","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:51.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/vendor-89-586b-43af-b980-e98611281365.js?id=3a48f791dfe1c42a62664c3d066f00fc HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-23b1c5\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2339269,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (37823)","md5":"93d845ae564c3165b81a31f15cc469d4","sha1":"fe99e9c24009cc947e696d6ebd69a7595159e1ff","sha256":"2f7ea83cdb1fc0a148984f0d102934d3470c9e48130f231e849131c3efa37480","sha512":"ac852580ef603c2b61aa4698f0dafd893b0e6b07ea6e68e4401cccd6ad4c87bf335ba495fc3216356367996748a682bfd16eaac1c20838095bff0e0ffd49756c","ssdeep":"24576:nG6hENJzm6MGHG3EkQf+l1mztHWoAVpja:G6hENJzmjGHG3EkQ2l16HWoAG","tlshash":"50253cca7115743247db51f664bf060ab336285db80a806cb93cdcea2d79d59223bf78","first_seen":"2026-04-08T12:27:19.308015Z","last_seen":"2026-04-08T12:47:44.773234Z","times_seen":2,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/app-5c98-bc89-40de-99b8-3e33d2525edd.css?id=15e0f9dcac5096f2918e4c8992291cc5","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:51.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/app-5c98-bc89-40de-99b8-3e33d2525edd.css?id=15e0f9dcac5096f2918e4c8992291cc5 HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-538a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21386,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14501)","md5":"15e0f9dcac5096f2918e4c8992291cc5","sha1":"cb629fb000a42bcbfbefecac2a44c01cf913b93d","sha256":"7151131cd863a49950e80eac08b742e5da11f563e4ee905672d325b0bdc1a07a","sha512":"8732e6ddabbbac7f9c0a6f26e1b73d611ba92962063d16a7fb1e55154e3246cac0094f62f92033e67fdf68cb6ca86e00215c858d9bf844e6fc0023bde0c0cccc","ssdeep":"192:8aFecM+vPYOdOdy82sX28BTdOdSN8MiHgUHac/iQNQ/zu1PnfGtxmwqmREgycWRO:qWIOsXTIAl+fHac/TNQ/aYl4cWROl","tlshash":"09a2d8b9ef40b839bc1b95a21a2c7eec602fb928dd111b7df0d17a1092c72e75530d1a","first_seen":"2026-04-08T12:27:19.309199Z","last_seen":"2026-04-08T12:47:44.786957Z","times_seen":2,"resource_available":false,"data":null}},"time_used":974,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":974,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/bstrap-e7-2000-4ba7-b7b3-e18486b39e7b.css?id=a4bc4c7a27c0c88026ecd933394e3051","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:51.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/bstrap-e7-2000-4ba7-b7b3-e18486b39e7b.css?id=a4bc4c7a27c0c88026ecd933394e3051 HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-3963a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":235066,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (64461)","md5":"a4bc4c7a27c0c88026ecd933394e3051","sha1":"d8a24f7cf615ddc44bd37299de7350a72c2ab502","sha256":"af208440859c7a832ff18d4532f97bf5610b82f6d823bb9d2f37d25d4c304435","sha512":"f7d95b20c04343cddfa874e8c4b576948280973ec30aa6f74e026fb7b987332bc3b69253ded3d13d00d50a8b8f516155f6519000762f5004d66db1f565137272","ssdeep":"1536:n39no39tfYDvJv23pTwKDoJRsYBwloAnVJ+picM9xp:39no39tfhDoJP/AnVJ+picM9xp","tlshash":"1b3471d6f690343daca781499580fefd892f6989db115da6f003776807cabd30963acc","first_seen":"2026-04-08T12:27:19.310314Z","last_seen":"2026-04-08T12:47:44.785344Z","times_seen":2,"resource_available":false,"data":null}},"time_used":974,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":974,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/favicon-16x16.png","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:53.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 669\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\netag: \"69d3c6f9-29d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":669,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"a3044151e2a2a3faba82806d855c88e3","sha1":"6567ea576fe4f5175bb0442ec2d8349cee5d94a6","sha256":"f4c411e33d15f75f91d390620b362a722825444273a096a0e2a9d7b8a2a7342f","sha512":"ed966661c5232a67c8765de120aaa9d29619235abb8bd95f257ed089b141df1d09e3587435e4deabd13af8af0a802538f4b847e69808458d624dda4d4a527d28","ssdeep":"","tlshash":"640102c3e56244fbc40f1e7311171706943d582a07c30538b638e31d5ca0ac82574f90","first_seen":"2024-08-19T21:19:07.607785Z","last_seen":"2026-04-08T12:47:44.781144Z","times_seen":17,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/assets/G01.a6146d8acfcf3a57.js","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:53.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/assets/G01.a6146d8acfcf3a57.js HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:53 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-547d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21629,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21629), with no line terminators","md5":"dcd4323233476f33770363d3752f353d","sha1":"77a6ef3c221c12cf3af21a33f710508f0eb52b73","sha256":"a319edf7f73d6d4dddebbe756c17ab6636c7ac3c16916a1260ad6d9217b4cdde","sha512":"e9933840f3da4678cf5a216db004392a510e1768e4866924145646cfb751a708af6f25da93ddb3b16bce835d7e65376f55d3f5191c3ba5ee4a7d80022b6e5a2f","ssdeep":"384:qLYCzjEHzj/DiGBcWj7H/Q8N6/3W/w5l72ojHgVApsmzfPidKk+cbfOrh8qeeqB:eYCzwTj/5BhH/Q8N6/3W45l72ojHgVA6","tlshash":"a1a2d766b064a82778e7590758370a8df6a7e64cf029411cf3b8fc8c777fa8a4524f58","first_seen":"2026-04-08T12:27:19.312893Z","last_seen":"2026-04-08T12:47:44.777901Z","times_seen":2,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/login","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T12:26:51.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /login HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6InlMaEJvU044VmNGaGVlUUhkWlQza1E9PSIsInZhbHVlIjoiVnJxamQwR01OZ3pkcmhFcU5VWHdmRUFieUQzUGI5Yk42MGxJOVNjZnMzODIzTU5SaW5nVkhVOHphTXFPMzNrUjNTRVhBSEhGNXpwUytYZ2JKV2FIMEh5MlFZWThUT2RYdkIzdFh6ZXpRUWtRVW9CS21EM0tHMnkwTW9SaWU0dngiLCJtYWMiOiJlYWE4YWY1ZmFkNmQ0Y2UyNDY0ODQyNTY1NGMyNjMyMWU3ZjdmNzllOTllZjQxNzIxM2Y1ZDc3OGRlODRiNjEwIiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6ImdEdWlpMm9rOVc1NmpOc0t0L085NWc9PSIsInZhbHVlIjoiY1U3NkFHWUtDMkRzSlppL2Y2MERvd2R6NWVzSVBaclVPOW00a1lPVjBhNXk2UHcrTHUxdGlOYVZNVTdzVHFQUTgwZ2xxcmZub0lDWTlnUDBHS3kzRkpEdDE3a3hySjYwZzBYRmEzNUZvbnRMbVQ5c0x5WmR1cUtqVDlmeDFnUEsiLCJtYWMiOiIzYjkyOGRmOWRlMjA2NzRmYzJkNDU0MDg4MDg5YjcyYmIyNjkxNzI5NzFiNzNlYzFlMTU1OGVhOThmOTVkNjUyIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, private\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; expires=Wed, 08 Apr 2026 14:26:51 GMT; Max-Age=7200; path=/; secure; samesite=lax\nvirtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D; expires=Wed, 08 Apr 2026 14:26:51 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: DENY, SAMEORIGIN\r\nx-content-type-options: nosniff, nosniff\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5361,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3323)","md5":"4a8feb5a53d5bcdfe7540f061b172191","sha1":"bf1b3852c02b6798aae21a22638e11fbbd20be92","sha256":"7ebf73c763d7ce2665e6f422c448199d2661cca2d1c343ace2f96c0403083f7f","sha512":"6cf4639f7cc2bf5091341076f977def3bc1fe03932911b9babb0150bd74a700327d9e380811eb306009fbc6e43db6b4c05d4704c7b1e286c956ff7787ae8ef4e","ssdeep":"96:mCFqYzbbdaSDcHjo1QS2EBYpQMjU0wE4fu8EY1YdG3dCjgXz6XCzZLwpeHjiCXpM:hrbbESDUo1XpYAHVDjDNSO/7U","tlshash":"ffb1643de0f28835243c31aaf591b705a49bc30783d657f778ad00a69fa4a6a4d231dd","first_seen":"2026-04-08T12:27:19.314042Z","last_seen":"2026-04-08T12:27:19.314042Z","times_seen":1,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/app/app-8f80-b9a2-4888-ace4-c28cfa48dfed.js?id=7f5c529f9e462b3e57b1e4356737d3b6","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:51.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /app/app-8f80-b9a2-4888-ace4-c28cfa48dfed.js?id=7f5c529f9e462b3e57b1e4356737d3b6 HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:51 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d3c6f9-2060\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8288,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8288), with no line terminators","md5":"7f5c529f9e462b3e57b1e4356737d3b6","sha1":"647bd051e3ee1cd317eae5be833841737d67d14d","sha256":"c7d4ca0925cf10be06a497f3ecd9919fcc135033a1d0ed2751005518409fc9cb","sha512":"d6098f92c8cf33b12fe94d495fc0e1d66036edafd82f7c612f8b1dc3e731c91ac9a31c651eed14121dc63209c38e327adaa2cd64308a6d523f1320bab358bb26","ssdeep":"96:dqklRyVQo3etwuIKBFLEBPNhQqtYkjmoQ82zQ4pTCWDCpqIS/NPdZ:QkKiVtFaPNhQqHyoQptpWeCptS/BdZ","tlshash":"540212746408a875a1d740953866af88b93e3a0e7177f408f33ec9545cf1e4ba026dfb","first_seen":"2026-04-08T12:27:19.315017Z","last_seen":"2026-04-08T12:47:44.775674Z","times_seen":2,"resource_available":true,"data":null}},"time_used":974,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":974,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manage.arc.moe/apple-touch-icon.png","fqdn":"manage.arc.moe","domain":"arc.moe","tld":"moe"},"ip":{"addr":"103.127.240.180","port":443,"asn":0,"as":"","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manage.arc.moe/login","date":"2026-04-08T12:26:53.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manage.arc.moe","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 16:41:38 GMT","end":"Tue, 30 Jun 2026 16:41:37 GMT"},"fingerprint":{"sha1":"F4:09:D0:12:1A:77:0A:FA:AD:B4:18:DB:DD:FA:CC:A7:72:48:D7:A6","sha256":"F3:CF:2F:4C:AB:11:63:9F:60:35:DF:B3:99:7A:F0:C9:4B:50:11:ED:52:F2:F2:D5:A3:79:9E:4E:07:38:F7:28"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: manage.arc.moe\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manage.arc.moe/login\r\nCookie: XSRF-TOKEN=eyJpdiI6IkdoTHMxSWYrN3RGNXJWVGs4TW10bnc9PSIsInZhbHVlIjoiMFVuT1prZ3VzWHlld1ZkZXA4ZWpFT3ZmbjJGSnBLWDlPSE9MSDlyR3BYdWx2NHVzbk5TNG5ISWxiUVJsb2ZYVHdJeFhUb1dTRDdVS28zZitGakVMZFIzUC9MUkxEbWo2Y3I1TEN2OTlnTXZHYWU3cHN4ZCtVNE9hb0VEVmRNdFYiLCJtYWMiOiI2NTI1NzNkMjI5ZjIxNjdmZWU2Yjk4MmU2ZmY3Mjk2ODEzNjE2MDdlNDQ0NGRiZDQwOTI1ZTY4ZGYwYjc3NmQ4IiwidGFnIjoiIn0%3D; virtfusion_session=eyJpdiI6InJlVmlIN1dJOUhjTFM0MmIvVHNKZGc9PSIsInZhbHVlIjoia3dEa1pnMGdmdmwxRDYyNXdWQXJiay9zTVNkRVhXc3JIc2k1Nk9wcjg4b3M1Zk44SDU0TzdnOWgvc2FldExrZXhvMThRanlkVUtKUHdtcWJ6SmVGMW9OWHVjT01SYnlaWlg0OFp4M3NlZjVBWm5qczJSOGNScW9lbFRGRE5xRHIiLCJtYWMiOiJlZWI1Y2E4YzE4YzVhZmY2ZWQ0ZmNjODI0ZWIxM2ZjMDk5M2Q1YjM0ZjZjOWMxNTM4MDdjOTE0M2FmNjgwZjdkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 08 Apr 2026 12:26:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 1414\r\nlast-modified: Mon, 06 Apr 2026 14:45:13 GMT\r\netag: \"69d3c6f9-586\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\npragma: public\r\ncache-control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1414,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit colormap, non-interlaced","md5":"0d372839ac3aebeb85ab71e9e901d6f9","sha1":"22bf3b3564f4c045fda5e455560b08027a029426","sha256":"743a2298f8eeb83c3055fe4d70589c885ddff616c0436a5babeb12a261b2c7ef","sha512":"05268595f5900d89a86b981212ad0c9f2789e9f5549b30fc885359c1f066ec1aecdf98a2633f9f969d545f4176252b837f7fb85fe1429d136e22cadfb0012716","ssdeep":"","tlshash":"9b21b9cafd3cac70d81d0b5280723bd6ae78802617c185fe7059e4955c71d546892f93","first_seen":"2024-08-19T21:19:07.606772Z","last_seen":"2026-04-08T12:47:44.779893Z","times_seen":17,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"manage.arc.moe","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}