{"report_id":"1d2202c7-42c5-4c44-b1ce-77be4ccc4037","version":6,"status":"done","tags":[],"date":"2026-04-11T18:33:24Z","url":{"schema":"http","addr":"m0189.top/","fqdn":"m0189.top","domain":"m0189.top","tld":"top"},"ip":{"addr":"206.119.82.165","port":0,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"title":"welcome to 欢迎光临","dom":{"size":43,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"d1ba9189c22d8e6e667d05677ffb7e27","sha1":"8ec08fdf85be2b610631ad1b6e03efbd67366151","sha256":"f8dac000ac22aa5f27170a9c0b03e3f8503ed983328a2492d6e06fee67cb8b1b","sha512":"a9986e5f0dd743eb67083fbc7b37fc4be7bc97d3a38d4daae41a6801c16eec5bf88ca2c71ca4fed5b479457b11120415e679a941c408f2bba912cc820ffd906d","ssdeep":"","tlshash":"c19004fdf15140055c3435c00cc333450d14435c30034d0035c03474c404115cd175c4","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"m0189.top/","fqdn":"m0189.top","domain":"m0189.top","tld":"top"},"ip":{"addr":"206.119.82.165","port":0,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-16T18:33:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-11T18:33:07Z","timestamp":1775932387,"ip_dst":{"addr":"Client IP","port":48358,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"45.87.41.222","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-04-11T18:33:07.608278+0000\",\"flow_id\":329155889794737,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"45.87.41.222\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48358,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=mgm7537346.hdyrw822fm.vip\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"53:98:12:34:47:F5:6C:CB:AF:A9:3E:02:E0:B6:72:E9\",\"fingerprint\":\"10:aa:4d:d0:26:f2:bb:8c:24:59:5c:06:50:f3:7a:83:0d:fd:8e:6b\",\"sni\":\"mgm7537346.hdyrw822fm.vip\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-02-19T00:00:00\",\"notafter\":\"2026-05-20T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"1d92b1ca39d82e415ee788b0324f6e25\",\"string\":\"771,49199,0-65281-11-5-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":1383,\"bytes_toclient\":6631,\"start\":\"2026-04-11T18:33:07.528049+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"m0189.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgmxbedecp.hddnfpftzj.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"mgm7537346.hdyrw822fm.vip","ip":{"addr":"45.87.41.222","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:43.035691Z","last_seen":"2026-04-05T23:49:56.764982Z","alert_count":0,"request_count":1,"received_data":474,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"3338188mgm.osfp4nmyl.win","ip":{"addr":"172.65.218.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:43.038638Z","last_seen":"2026-04-05T23:49:57.976841Z","alert_count":0,"request_count":1,"received_data":477,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"146.103.73.104","ip":{"addr":"146.103.73.104","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":421,"sent_data":472,"comment":"","tags":null,"fingerprints":null},{"fqdn":"static.geetest.com","ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-03-05","domain_rank":196356,"first_seen":"2015-01-16T07:12:35Z","last_seen":"2026-04-10T22:15:10.578532Z","alert_count":0,"request_count":1,"received_data":236527,"sent_data":534,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"mgm8355623.osm1k9woy.win","ip":{"addr":"138.113.208.88","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:44.184452Z","last_seen":"2026-04-05T23:49:58.030819Z","alert_count":0,"request_count":1,"received_data":423,"sent_data":482,"comment":"","tags":null,"fingerprints":null},{"fqdn":"146.103.73.85","ip":{"addr":"146.103.73.85","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":428,"sent_data":471,"comment":"","tags":null,"fingerprints":null},{"fqdn":"riskct.geetest.com","ip":{"addr":"43.159.108.100","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2012-03-05","domain_rank":740652,"first_seen":"2023-03-11T11:38:55Z","last_seen":"2026-04-10T09:54:20.590643Z","alert_count":0,"request_count":3,"received_data":2792,"sent_data":1911,"comment":"","tags":null,"fingerprints":[{"name":"TornadoServer:6.1","description":"","website":"https://tornadoweb.org","common_platform_enumeration":"","icon":"TornadoServer.png","categories":["Web servers"]}]},{"fqdn":"7495078mgm.hdhfrm7v6u.win","ip":{"addr":"172.65.218.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:44.780368Z","last_seen":"2026-04-05T23:49:56.898837Z","alert_count":0,"request_count":1,"received_data":477,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"mgmxbedecp.hddnfpftzj.win","ip":{"addr":"182.16.49.68","port":443,"asn":45753,"as":"Netsec Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:45.734682Z","last_seen":"2026-04-05T23:49:57.606355Z","alert_count":1,"request_count":1,"received_data":449,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mgm5328330.osmpqbjtb.top","ip":{"addr":"138.113.211.7","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:45.738976Z","last_seen":"2026-04-06T08:00:13.271562Z","alert_count":0,"request_count":1,"received_data":433,"sent_data":482,"comment":"","tags":null,"fingerprints":null},{"fqdn":"695rdgnfw5f.18912244.com","ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-21T16:55:03.104379Z","last_seen":"2025-12-21T16:55:03.104379Z","alert_count":97,"request_count":97,"received_data":10057083,"sent_data":73827,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"mgm1940797.appfrvpmgw.win","ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:45.733218Z","last_seen":"2026-04-05T23:49:58.159454Z","alert_count":15,"request_count":15,"received_data":14759,"sent_data":16425,"comment":"","tags":null,"fingerprints":null},{"fqdn":"m0189.top","ip":{"addr":"206.119.82.56","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":286,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"146.103.73.193","ip":{"addr":"146.103.73.193","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":2327,"sent_data":2684,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mgmnhajzfh.appuhy8rmm.vip","ip":{"addr":"45.125.14.216","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-07","domain_rank":0,"first_seen":"2025-08-25T03:10:45.735989Z","last_seen":"2026-04-05T23:49:57.401506Z","alert_count":0,"request_count":1,"received_data":449,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2324a4d6c7ab652e0e2ce14ad61e0811","sha1":"d6a7b5dff20b1cce68e31128184bd169fdaa6180","sha256":"b29cb4ebac6a13619de531f856cc87fc3231b85c8d643332566c3c53a9c65bf9","sha512":"88495952b07d65772435e25f0d5d4722919095632de88d5ff92e1ade3e32391d70bfd6cc4e801d48b5e21c7bf611af2865b87d7462af980f2fb167e8b78ebe95","ssdeep":"","tlshash":"2cc08cc5a0c72e901602a81461ef25f49064402bf0481b128de4d8992e220f8d233e98","size":151,"data":"","first_seen":"2025-11-11T06:39:37.595569Z","last_seen":"2026-04-11T19:41:53.726235Z","times_seen":4047,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"cc9f53b532e651b43997ba6aafc5f860","sha1":"3cadba39d8dc10cde90cd9507161bfc94dd485a9","sha256":"cb468ca3b1cdbe69500b029d349f6b119243b5f5d0deb6a103f07f5bb98b3672","sha512":"a58ec032f1d784f10d0c38e5f516eece07d751f71d79b9ef47cd27a2b27780bb53db2422001087c729597870e5c8fc5d07096ead01717989ea013af9b53bc928","ssdeep":"","tlshash":"e0d02ed8e0f72c0012052230e0af2ae84029046aa088510a5e98b8a978a30b0e33ff84","size":256,"data":"","first_seen":"2025-03-19T08:06:25.434024Z","last_seen":"2026-04-11T21:10:04.160293Z","times_seen":7621,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce78caa23bec309b8cee622186853bfc","sha1":"b357819ac4cd7541a23f8bd288488d111a49f093","sha256":"440ad477c82b0fd419f8ab4cc0f4e86aa9173e62c670c35582d995e4a9392f0b","sha512":"810228a7de832c8915264c2564c718c556cd02adc84d78ebbcc14440b3c2be6857326142c8f421f5badd75412dc972b145b859ffb9ec9f52dde27ffb50593921","ssdeep":"96:N2RaIrGAMfUUIA0Uf6DBAYA0Newn+L0DwKTxw6wNfwS+fRwgkSL+EfLAfcbWo20P:URawGnfUk0Uf6DB9Newn+YDwKTxw6wxI","tlshash":"6691880de819a8b274d62cf8e5a16934010d376f4b10ceaed27e67a39bc673cd24c935","size":4231,"data":"","first_seen":"2026-04-11T07:57:01.981153Z","last_seen":"2026-04-11T18:34:05.982059Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/Fragment.yuY--IQM.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"bf7bcfa5123c7a1cb4f34c5d483fd0fe","sha1":"d101505d0059621eafa2f4f9227cb48110bb8758","sha256":"0d4990b0cdfd0dffda97c81771d8ce6c0afaf1ce4495cdf009dae503cd8c1522","sha512":"17f8b564ce6f8ce8ae4ac3ca8e3043946050da2f2488812fea68e65ef6b9160b2dfc6778002afeb99979f068360c3162e3871a5b43de24255995ae2ddab54609","ssdeep":"768:/sDh412MulWAYNlN+SgHZet4Gl2F4FHZliWXs+hmXg7DQk5PzMIXMsD9ibWuLRbM:UFFSwjG4UHcgw6uLRbpEbMules5","tlshash":"59533a4cb47995f9bf789af878620434312d5f190401c8f9f0be9f962699f40f2a9b39","size":66539,"data":"","first_seen":"2026-04-11T07:57:01.988584Z","last_seen":"2026-04-11T18:34:05.969584Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"11a378f21b54b4438a697932ddaec96b","sha1":"c2169536c89b745692611d86f7cfe82a61d96bb9","sha256":"c4ee1097204a4ad25b34d2287d31e56d6fa888d491cd78c20aceb8fe94ac2d85","sha512":"7843609a044d76a6c91f1e934972fac5825b925d3c39f8c7ed90a214fd47741348bb41d33550f17e6c20d99aa3d66abdae72a5ae5a3c82c78fb641a8fb409c21","ssdeep":"96:Ja0EppWoqOWmWj/UYLbs6WbOXOaE+qsqdFjszNw+IoVM7R:epypLbCOXOSH4w+uVM","tlshash":"a1b1b78a714571e502ef6129646fb217b279797a694ce800a213e4e23c7cdcb43b3f5b","size":5168,"data":"","first_seen":"2025-07-29T08:43:47.856388Z","last_seen":"2026-04-11T19:41:53.715873Z","times_seen":11250,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0261cee93de49934489dae656c037cef","sha1":"3132b65c4242d591cd5fd39567f613a1b12631d1","sha256":"3093a35ee8270eed32af7f694ea4812b9569fca9950126d039bf0a94d4f695bd","sha512":"7c512d203fbc2564e0f98c2ec1bbed5a5499a98bc86871f2be82926f624c23077b5bc3822884b7ec5e7c76e70a814d82b62c596f2c271ba7bd7d35f28a4a3da2","ssdeep":"","tlshash":"92c08cc8a0c32e002612a82451bf38e49024442b708c2b438ce4d8983e220b08233e98","size":148,"data":"","first_seen":"2025-03-19T08:06:25.376297Z","last_seen":"2026-04-11T20:47:49.84077Z","times_seen":8663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4b8d17cc20eb76a31e1bcea160ac4e40","sha1":"a9e47a201598391272585215ba290187445cb862","sha256":"322d504e23f562d2eaa53e7482857a943cce669a5263a7cd564b315783282984","sha512":"6d0d33a2b60d197fb9a568375179dd10591610a2a16437813ab07fbc9d55acce3e9da00e80c446ac183d89cce33e20862b4068fd6d67d8be6817a6d05473a84d","ssdeep":"","tlshash":"77c08cc8a0d26d001603652010af25e490284026b08c2b028ce4d8482e220f08233e98","size":139,"data":"","first_seen":"2023-04-15T04:17:29Z","last_seen":"2026-04-11T21:10:04.150524Z","times_seen":7916,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8a1ae11faa96c02a7a750f5c708dad49","sha1":"fa7b23c96bc43506e4df2b9ca69f45ba4536cca4","sha256":"bf8ab173efaee8aef0557d6a81e3e9b9ed33f855022a360e48345ff33cf0b84a","sha512":"3ea42903c178495d76e0a41bbeb594820c3d5aec714b223db71c0177e7c5e224fc14cbd9c1569337fdf1bb012740a17d16b0946a2c24e952fb57de14b802cc84","ssdeep":"","tlshash":"adc08cc8a0c36d002602645490af24e49028802670481b028ca4d89c2e230b08233ea8","size":139,"data":"","first_seen":"2024-10-04T11:15:51.685449Z","last_seen":"2026-04-11T21:10:04.225218Z","times_seen":7787,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b46faf479e2e111cdb162d35878e77bf","sha1":"ffef651b69cdfe426fae550c6707533e7368bec3","sha256":"e5effcab653558fcb63b06132879e3846b1c5c426478f311db9a8d75ef4b6c9b","sha512":"904504c707f33d71bacf09318d500fddf87a4a059feda7f95aa8524a84cdb826ef7160bb6c3c9c53302d7a4b2d1c723f955f8c52e3581113484f3eca26e66736","ssdeep":"","tlshash":"39c080cab0c76e44990a756054afb6d454259026b5c87f53dee4ec9d3f130b08237edc","size":178,"data":"","first_seen":"2025-12-10T18:51:57.760539Z","last_seen":"2026-04-11T19:36:43.925081Z","times_seen":3616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c38f2fb8ac0749bd6bf93794626029ff","sha1":"5d2eb90c4488d53d33a8c3ba03ce7108e2ff0e89","sha256":"8c87d7b744fa20bb8fff8ecbe995a4a50e1adce8f92063d36aa10df64a163384","sha512":"c5f882f6858b98160aa3469bcf24013d9520a96c37e23faab3c0390daa74a375137719d51ecb8313a6f5a0ed79ba24bb9919a6c9cd26a67a3846170fa79471c4","ssdeep":"","tlshash":"e7c080c560c72e445a16641021ef35e490245016b448af439de4d8993f620f18133fd8","size":163,"data":"","first_seen":"2026-01-29T11:11:44.0557Z","last_seen":"2026-04-11T19:36:43.92932Z","times_seen":2286,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"cd4668ff4b1f83b390c8ae456d7c3269","sha1":"2774cfe6641e5736a52ac60382719f6e69032a3d","sha256":"cc8c29898cc4f3a63a7897962095fed144532ac6f8e41658eaf98d9e88f61e7a","sha512":"16e88e8d82e2ded335d1e4ef5a8358f079fb21ebf7e4442f08f7c6f749722427360edb10e4a7ff30d4ca170b1526725d493311ef2e162f4ffe3bc5777b1f7bc4","ssdeep":"","tlshash":"c1c08cc4b0e23d005602691110af28e8e024442770482b02cc94d8493e220b08333ed9","size":142,"data":"","first_seen":"2025-03-19T08:06:25.363848Z","last_seen":"2026-04-11T21:10:04.22697Z","times_seen":7744,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.BKUOS2W0.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"42cc1b31bdec308bb0dd10035d899094","sha1":"8e9a0ca1e06f85bbc559326457006fc3e1050aa1","sha256":"4e87052dc311a5b72358ec7980f4c98f97d99850c1ee8800da61318ecf540f30","sha512":"f4cb33e7fd67c6f9100f59983756deb4c01281470ffa291825614caba00657864a066f7b820b9856439588b28f718cd7f4dd2f8e3f7004f02b65194314ffa8d5","ssdeep":"","tlshash":"1e01fe67f142aafef62ca4a4c0106bf54a02019431f598e0e53eaeb300e0ccb2c1fc0b","size":717,"data":"","first_seen":"2026-04-11T07:57:01.976982Z","last_seen":"2026-04-11T18:34:05.950775Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.BSFsUolT.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"8d5bc70dbddc950a77a8dc48a8d161d6","sha1":"204c31cfbf9429b29cebe399b2e000ee0f7d2d62","sha256":"9b565d979fabc9a984dd12649b854814d2cebe3715aaa0ea6ff3ecb9b78a2e51","sha512":"4aa59e069accb5da8e9c1ea2127770dd4b237d904299ad9fd9a4d1e7062bd6a2e024d9e744d96b2174dcfd691642897c4dfcf6260abc0b0dee19a1c59791d6da","ssdeep":"96:xtIe9Y2xuktiNFMMOBAmt5XilCZ8AjlCeAqlCXAalC4+AxlCJsA+UGWgBZ7cv:xt19Y2ftiNFMMOPtMl0lXlGlRBlaQFBI","tlshash":"7d91a8caf02d33a1751c5c5eb42d376a0f1c7b20a02ae4f0ee8b5b75120499bf9d9d69","size":4222,"data":"","first_seen":"2026-04-11T07:57:02.027754Z","last_seen":"2026-04-11T18:34:05.957768Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"be4b918adc0e30e3458f1be463fa0599","sha1":"bc41f74db29bee81f5dd374795e7f6ff55cc24d2","sha256":"121c9e7d3828c8d4e02230f134ee990210fb9ed34c7997eb6c813027ffbb7023","sha512":"df41f5d5aedbebc009358aebbc34988c7a894f6b7c7c317fb1530e8df7ddde60eb38c3ee0643d1a01ff6b9db8b6ae27314efd2ac6fc1e1a9ecc115f89468bb02","ssdeep":"","tlshash":"27c08cc5a0c26d001a07686410bf25e490284026b08c1b128de4d8892e220b08233e98","size":145,"data":"","first_seen":"2025-03-19T08:06:25.402276Z","last_seen":"2026-04-11T21:10:04.18243Z","times_seen":4796,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"62082b8f6348c541efb31432fc0245cd","sha1":"68a9d03fad2eb32cb093da78d6ecb8a62bc79bca","sha256":"91af6b2f67b7f04bccd8e5cbc4450b4fb3bb1ebc7e77f60da85a03426beaef5b","sha512":"eee66ce2a155f67ab969d402ff5bb8e2004f4c8b02b89d6fb8a9ca95f3697d2fec7decbea3bdabb63195125f872c0922c1dbf1bc8e2b3ee32cc853aea66ecc79","ssdeep":"","tlshash":"5ec08cc8a0d22d101602651020af24e89034442670481b429da4d8482e230b08233f98","size":139,"data":"","first_seen":"2023-05-23T14:47:18Z","last_seen":"2026-04-11T19:41:53.727748Z","times_seen":3121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c6406f8fcfc3de8bdad610caa4610332","sha1":"124b265632d1d1e9334e06d32ccc9767a5fe4d8c","sha256":"832076057a60db5f9d35dd8965fd434274aa5e558d147b695e6399c599769a87","sha512":"64d90daae64295fd57d9d9af11a68801b231b73e761a0e71e702164f6b50b37eba98b5b3354b8822d76c67a55aecf7bea52e45e0a2ebd8777e1c6aa6eafc31f6","ssdeep":"","tlshash":"5bc080cae0c72d445d15545054af65d450254426b4487b43dee4dc5d7e530f48137da8","size":167,"data":"","first_seen":"2025-12-11T17:09:28.078772Z","last_seen":"2026-04-11T19:36:43.952045Z","times_seen":3604,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"978b73536640384f34acc3d458c3a97e","sha1":"0559c1da6846c88633a4b8fbfd00d9fc859841b7","sha256":"c3d18416b11c60216bd6fadd4394707a6cac337f8e18748726a1ab8ead4d32de","sha512":"5d87cfd3affb343ee7ce1a3908a1f448552293a46f0b13f0e422cd5ba876d8f44efa8551094c8400374e0d95e65b4ff3b221d9a59e0f98d1062d40a80f0499a3","ssdeep":"","tlshash":"fec022cab0862e0099055020046f62d480265026f08c3e03aee0d80c2b220b08233d9c","size":178,"data":"","first_seen":"2025-12-11T17:09:28.070811Z","last_seen":"2026-04-11T19:36:43.93393Z","times_seen":3599,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d414aaede053ae599e633640e2252241","sha1":"643fe9fb6db722eb9186ca235cf645e105a1ee82","sha256":"fd78b9ca816615e33b59e08a384e0e5d0200dd33dcfb23330d6bbd48c882032a","sha512":"d4e180efa135ef44c579a3186770bd3c9658c72dc6506179ca1bb54fe4bd43c0c22f2adc784c5a858ca142235ed4b404b4834c6eb74bc734b6dd1469bb59c803","ssdeep":"","tlshash":"c1c08cc4b0d63d001612651010af24e490288026744c1b16cc98d8483e220b0833bee8","size":139,"data":"","first_seen":"2023-04-15T04:17:29Z","last_seen":"2026-04-11T21:10:04.146532Z","times_seen":8671,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f2f6f0b0591190a021e69b5b45b5e31c","sha1":"07c6633c8820afb690d9e0451702a015b8972d81","sha256":"d4996bf41eec94e57f0a9f01122aa1fa0c06d8f16c0ff5051ee275f78e83155b","sha512":"95a8a368de4a0cc15497ff7564d38365988e28ce17dfad5b7e69d56e8b511125c1452781816738499334858c85aa5b71d48e59fd9e7cb1dcc1e6ca7087b2ef8b","ssdeep":"","tlshash":"75c08cc5f0d32d001602a81421af24e4a424802bb0482b029ce4d8582e220b48233eac","size":146,"data":"","first_seen":"2025-03-19T08:06:25.391679Z","last_seen":"2026-04-11T21:06:46.173177Z","times_seen":8769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a40c206628ce222e27fd4363627f5c2","sha1":"990c3a603ca0f5d5391cd26fa37917ce8b213bb3","sha256":"1ed5083fed15a34cd385e12d339837145c7b6ec7c0be72e41be532763f4a64dc","sha512":"cf5ea7cfd044b2ee49804013e7a2b6cff39296df9953782bf9b829e0d273bd192b2b27921ca61de32d7a6e7989658cecf520d2dc316e7634af603d00664d0d52","ssdeep":"192:qRlGne3lU3EU5xWzpObp+2mrz10R70fXXQ7MfXxdDrdgrJOwp4LWzlaiaYy3K5FT:qRqe3SUU/WAg28z10R70fXXQ7MfXxdmr","tlshash":"c832768caa97a5b13998acc8d476863392281d533fddc0d4e5ef1e1532072c3e6b6e47","size":11552,"data":"","first_seen":"2026-04-11T07:57:01.966915Z","last_seen":"2026-04-11T18:34:05.957188Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/locales/zh.tDAd91tj.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad1181a708ec4b764dd63e28792b36fd","sha1":"7000fdc370c69f3d18a16a80af6aea1b60d544ac","sha256":"8a4feca473050b01bee1b876d04fa63e0065a04cacc6abda777e920a6680c686","sha512":"07afd9bb0914c880373f05e371cc1dce2a8d766d7c3678d7eed71d28d4a74f82986a32dbc7085b889426cf3fa7ca109d82d8f4466404fb16b0d5b47dcbb5f95b","ssdeep":"12288:uWje8+/YuE1Sx1tuAl++fQgN8mloFKjI2edao/iC2s/:91W1zWh/","tlshash":"90a46ca7529e8acf8433d6d8659f834930aa14cfd1aa8b15cffc862c12cdc47746a747","size":474486,"data":"","first_seen":"2026-04-11T05:32:20.766103Z","last_seen":"2026-04-11T20:47:49.827613Z","times_seen":83,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/libs/browser-media-match@0.0.6/index.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ebc5c0381a7d5e83324d8f44fbe055a","sha1":"716c0c49b5eed05fc5752e658e280a37b2eca14a","sha256":"048412edb70558ba3a98abb4c3b99982679f8a941df859d41b2f18e0f56fde56","sha512":"8ccc49138cb761ce38fe430bb63386fb187d6d8b25ca56c4cfabc915fd81b5eb38356c4cf7d3f522aac5fff047327db27e99f5141bef65c3cbd72c9e32d462e4","ssdeep":"","tlshash":"6e611f69767ab5194616b0b0998fd009bde9ad3613cc4845822d88f4f8799f8473fdcc","size":3248,"data":"","first_seen":"2025-06-26T13:19:27.401603Z","last_seen":"2026-04-11T19:41:53.683379Z","times_seen":12709,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"436353625ac551e622ae9f6258a91607","sha1":"b8c6792ad17dda4b267d3b05b8bbcd9fdf9fa040","sha256":"06c95a2830720d6b99df524eab58874f0bfa9524717262f9b8ec33e3ec674461","sha512":"4c4efaf925dfc6fec16054c9b4bb147532e1e431687c0829dcfab327485601e3761657e8e070cf4244007ed798fc77f5fe4670d0d180629303c6babad0b1ff19","ssdeep":"","tlshash":"dbc012cab0ca2e01da05542154af65d450255426a4887a43eee4d8592b660b08237d98","size":175,"data":"","first_seen":"2025-12-11T17:09:28.063295Z","last_seen":"2026-04-11T19:36:43.954916Z","times_seen":3611,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"5db071309174f5abdf14f6bf8189bc44","sha1":"9e80565d402f5c2b31dfeaaf766d8039fa53d2ed","sha256":"8ba050db9ab29dfc068cc70598170fc3564266d8890ee974c24dae82cf376a25","sha512":"05db828acb4517ba15808bb01b1c08677b732430f4ceedf3b1977cdf076648aa88fbe66d3077d9e3e4f2f1466aa19bc657d6dcad31cf022a3795184cd3f29b81","ssdeep":"","tlshash":"e4c0c0cab0c32e0089051430187f21e44022181ab48c3f03dff0d8883f270f08233d9c","size":178,"data":"","first_seen":"2025-12-11T17:09:28.035299Z","last_seen":"2026-04-11T19:36:43.922766Z","times_seen":3602,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"03d9adeae4d7f0e068235f679b769969","sha1":"e732200ad0fd1968c771637cd0865f475966e928","sha256":"1b896dc159de3eba78c4a7f888d754344065317b33df2680c89a568c69ab1ec9","sha512":"942cbb6359780461b493de2dfda84118404fb5a2019910e28b238779c143d5cefff473441ec507350815b9e1597ae1ca4d65edffb1fb4c7628bd410da82b96f7","ssdeep":"","tlshash":"bdc022caa0926e00ca052420146fa5d480285026b0883f439ea0d8082b120b08233da8","size":178,"data":"","first_seen":"2025-12-11T17:09:28.065672Z","last_seen":"2026-04-11T19:36:43.953493Z","times_seen":3596,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c5024050f648191550ae673d294e8908","sha1":"1ca4fb44dd3417c89d5f6eb5ab57728d9e8150d4","sha256":"b0ea0c752bb0891856f4fd0e3f4abba8d8e66102e5bed1e792b414cb4fabc042","sha512":"ba47f52df8375ed80bc288a8ede9bb612a80a8d2c8de0086fa94f6e6cc16ff63d3bb34e51fa0fc55c3a479c2b9ab651c444f436f60744176616804916d84b18e","ssdeep":"","tlshash":"26c08cc8a1d72d20260aa56024af24eaa034446678495b038ce8dc8e2e730b48233eac","size":158,"data":"","first_seen":"2026-01-29T11:11:44.016545Z","last_seen":"2026-04-11T19:36:43.925553Z","times_seen":2251,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aebdfeffa41e70a98ff5e5ac3159456b","sha1":"acba5446e54df261c903a3f38411b913d0f0decc","sha256":"dfc7e01e47b424ed015c79955dbef975ab22fb9467fd7d756e59cc4864125aad","sha512":"05643efe3073659c84db9fd3ad6b53cf8b275763b9c03a662df0f9f3ea4c9eb685a221423ab651c6fafb567627ac19b5da799566cffc3a4ab0b0cf9421a8cb76","ssdeep":"","tlshash":"24c012d5a086ae549602ae1160af29e860244416709e6a03aea4d96d2b520b94237da8","size":176,"data":"","first_seen":"2025-12-11T17:09:28.041801Z","last_seen":"2026-04-11T19:36:43.942375Z","times_seen":3545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d3ead439c916b4e7ea04e84aba158e53","sha1":"7827ee3f7cf4807a2896ae39e07b29140131075d","sha256":"fcf32f5463aa9f2cd94de221779a2f4b2598e3cf258dd1ede8eaa17a2c0dea83","sha512":"eb68c043371d279a65fa6e4368cbec15a93fd27a3eea881c61201dc29e21acc51aa9a0bbe4fd3106169c7e27e094b3972e352ab2eddc5274299a3645c1c2650f","ssdeep":"","tlshash":"e3c08cc4b0d33d002616782424af2ae8a0248026b04c9b138da4d8482ea31b48233e98","size":151,"data":"","first_seen":"2025-03-19T08:06:25.438983Z","last_seen":"2026-04-11T19:33:23.218226Z","times_seen":7474,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"82c38733c82c926c0ff8f0bc0b819d7e","sha1":"79336d1b51d2a0855002be9a66de591d1b7ffacb","sha256":"c9bdd70ee2b8a34c480d0540568e5e60a39e2b788fc16cb604b375b5ba270877","sha512":"282619ba06e2670b1e67e49f9fc2d0ba1bcbe2fd119e12b8c01ac8c1fa68441bfef5837122db8bab59fefd10af1892e929a60651170625e8f39c2f288faaf34f","ssdeep":"6144:f/QrTzT/cWuKOOLUUllE1j1PMjAZPos+Rym1:Vxq","tlshash":"6e3489cbaa9c1f81f53b31e4c057b1dd9a4094dd1b70d9a87b7780abc36f4e08ac6562","size":235535,"data":"","first_seen":"2026-04-11T18:28:36.117468Z","last_seen":"2026-04-11T18:34:06.026809Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-stable.COsUG-6a.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"743ebc2da97f43ac23de68a2486617e4","sha1":"0bec950bd1692a9e15d860528417ec147bbce019","sha256":"06237eb8497d5d253bdccdc4e2bdf95c17a566b57d36de8113d269a4ac5e4da7","sha512":"ca93b37d91b9774385c8b42f41e89fe30c3716205d2cda129b275fe9d2e5a3839df92f7010f888702765d04933518bafc88b6c45ca78a693873a50b71d399d78","ssdeep":"12288:UzSHwFcVGMGi35FHE7rWGWAfTRu2b3Guocm:UkwF6GMGi35ZCrW0fTRua3Guu","tlshash":"9d9408d872e2b06243b729f0407f010bf33a6955384c9494f1a9d9da3d7a91992bbf3d","size":433918,"data":"","first_seen":"2026-04-04T14:10:15.131722Z","last_seen":"2026-04-11T18:34:05.977944Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"9a551479b949f19d93e6410d33261f01","sha1":"392c4964c5f617138a5764d5af13f64731d15748","sha256":"43549fa058da7868e27cae6af10722cdae741bdb02ddae77ecc9bc501edf8873","sha512":"b0ccdb5a1eefdf1aeebd83bea4d52f8cebfe47c07aa528d151088297f30c5bfaf687de8f5fd9c26a4cfc8dba8433be36b8a46cff841d1bf4f3442f5fe768cbbd","ssdeep":"49152:n/R14Bd9argK3YXiMeKvqpg2bqeNSSgEORLB6N0usUQpxdid5:zNDhf","tlshash":"4c759f8ab1be647077b81cdca07a156255187b02b402c8f4f2ff5f7633daa45a2e1739","size":1685923,"data":"","first_seen":"2026-04-11T07:57:02.073316Z","last_seen":"2026-04-11T18:34:06.022189Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6fd86fac5de2a3da25757d7a6be72f48","sha1":"cb213ebbb9c9988f1d9e6d38c17ceecff1585fa4","sha256":"62bc5652c2e07a32668da1446ea50fc8ff6e2c5f8f6c57aa1c0819b30a48a4b2","sha512":"8e1dbcaa4a1ca05c8cff9a2a4c14815a1dfb5c2e8c9271718c492a812afc7f5d57e4e26a6cb1020e3f098a5559ad75fb6ffb7d27673c7de902549baddd6d6d7c","ssdeep":"","tlshash":"19c08cc4a0d32d111612695014ef29f89028542ab08c2b038dd8dc493eab0f0c233e98","size":154,"data":"","first_seen":"2025-03-19T08:06:25.403225Z","last_seen":"2026-04-11T21:06:46.177165Z","times_seen":10262,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9a19b0418661cefde1bfdaa41893fdc7","sha1":"5918a996bdd06bd7267dcb70cb46fd38f380426a","sha256":"d6b36cdde0ccd154a1d0105e867048ea4e966c9d4dabd2b3224176895243b78d","sha512":"967de5f870cf63718b37e3260846f042ca344c84ddd63856c215b3181bfa76cb5e25e150c75d551d4994570b88e7ac479bd90f72bd7eec90e22659ce8f29d240","ssdeep":"","tlshash":"95c012c5f0862e005a156620546f65e890255026b448aa139e94d8593e120b45237d98","size":169,"data":"","first_seen":"2025-12-11T17:09:28.040415Z","last_seen":"2026-04-11T19:36:43.939366Z","times_seen":3585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"19573f8ed427edfb4ad7a6f6c7d3bd85","sha1":"8e568ba06a31977f96a7f51f765f8f9b714208cf","sha256":"03ca6ee9fa0ea8f4a85eacd72a705d27e7b37141c9b4601b39c84ae5930ca2f6","sha512":"bc5e5c9af95b5cd1c08d89b66649bf7fbd5fbc7a7bdd8b78d19e8120920e9801ed2f9e4603b62cf2ae6e5682df12bf750fa41f862e4f1fb61e800d04036722db","ssdeep":"","tlshash":"8cc080c560d32f411532a65454ef26e49074441ff04957628ddcd9452d925b05233d98","size":170,"data":"","first_seen":"2026-04-03T11:57:15.325857Z","last_seen":"2026-04-11T18:34:06.044193Z","times_seen":58,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aae1fa4c5a2f9e0c381f85c4027ba3cf","sha1":"c0be1532d79193f03078172ed27aab0304be6721","sha256":"44b4575107deee77d64bc95a7da6dc3906f6b010bc3865ee755789305a323dbc","sha512":"73b53aa635b72ce7ffeae9167aabcb8dc81adf17c4bd1ee09263c893bbbf1314687e7a16e6699375ce7abb37aca7029ad7462fbe73933bd6ac9dfe133e2c81f6","ssdeep":"","tlshash":"37c08cc4b0c62d005602691010bf24e49028802a74881b168ca8e8482e620b09337ea8","size":140,"data":"","first_seen":"2025-03-19T08:06:25.385789Z","last_seen":"2026-04-11T21:06:46.162804Z","times_seen":8736,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"baf06ee09a1dc7e8979049347edc05db","sha1":"527cbcad9df5ba5479c06732ebaba954b2bddec6","sha256":"9d9d8f6f570e9b4da03b9eeb057b43e2209766126caebe6f53f6da036934d7bb","sha512":"ab9a604d91e3d40d021873d5ec6b16f0645823995c91ab72cc54ec36d997583dc888d439b0e47bc8c31f93420f461c3ca44de0ccdab19d472eed1763a098fac2","ssdeep":"","tlshash":"87d02bd8a0e72c0012195331f0ef19dc5017443b648411198ee5f498786b070d33ff94","size":273,"data":"","first_seen":"2025-11-11T06:51:08.080474Z","last_seen":"2026-04-11T21:10:04.206028Z","times_seen":2119,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/levitate.BmLj5Yg6.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"c901d0b87d566a41f07a8a9718a05136","sha1":"b4cdbc0ec16e821b647e31e0504b68b7156f68b0","sha256":"f252a0774ac9686b77df76ffb391111afc48d7ec6556169c6f65b204c714fa33","sha512":"c7950c5a874a0a76939f08abbd052452857949ac2f0aa28f2a8c34964caa7376ca3dd930ade2c44a8e8d12f3ae175f53a09fa035683c2f9cc794652907a0e708","ssdeep":"","tlshash":"72e0c092385274f03bb20cf0c33da89b40600735390155e435de196176221743fafce3","size":364,"data":"","first_seen":"2026-04-04T14:10:15.08701Z","last_seen":"2026-04-11T18:34:05.966587Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FastEntryIndex.CDXIfMt4.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2b3e8b670db858a4f05cf675ed4aaba3","sha1":"075b7bbbedef53ba5eaf89cd617b7591ddfd1d19","sha256":"f5a6f350d467149bd873321938149338fbda0288c2fe38b42bcc2aca259a6112","sha512":"3c74b024e656ea646b2dc96cd11b4c175ba1b9a944f6973ce1bb9e527ed97e5a1bc157bfa107da85dd174403dcecda78014cccfef48e40ff1a3c71acde729425","ssdeep":"384:jvr4vAYVqSSYoLMTIr+JMFzkADRqjrrUrBPJD/9nXIYkrvyx9o2opEDzYUS1yO:jr4vAYUJYolr+JMFzkADRqjnUrX/J4Y+","tlshash":"3162da8cb0ba7077f7b9ac8ce0685552986c3fdad401f0f0f8af6ea11265db17294616","size":15629,"data":"","first_seen":"2026-04-11T17:01:17.514122Z","last_seen":"2026-04-11T18:33:40.271171Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bdf719e0a8e6ab018e56b9a1f0e2f3e4","sha1":"da2fac45ef7834ee4dff095eeccbdb42feea28fd","sha256":"902af1577b4df97cf0714b45ca8ea39e0a716cc8282b2f6ed3ed82b773c71cb0","sha512":"f8a1972c347c5bbcf1f40caa9b5715652add1e5a168e42861e0745ceb70c1310a12781d39c7cb70e76d829f2ea7be1f3cfe3e07ccb4b1dcd85acad2f57a56b94","ssdeep":"","tlshash":"f7c08cd4a0eb6d402602655055af24e4a0288026b84c5b52eca8dc5c3e235b08237ed8","size":148,"data":"","first_seen":"2025-03-19T08:06:25.366859Z","last_seen":"2026-04-11T19:13:42.683883Z","times_seen":5504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_SearchGameChunk.YQUi1zMU.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"77f4f34c3cc99aaa4d45f74662da2415","sha1":"ae8b868c47665f3de56940cd6ac222c6ecd50f6d","sha256":"847074a1f6855a09e92264a7ddd4d0b1f0cc25896c7de1bcdf69e83c1d24df26","sha512":"0270c944115b181623c35adfe72ecddcb7d8851ad6db4a606606d6a6c9c78409fa35e9a1126c885b2a8b0a76d0e334d7f2060bc75933bebb167c642d263a1449","ssdeep":"1536:gNmRvl+Qaz7eEskMl0LHcwBoRE3D/i3ShQkMAVvQ1Km:gNmRvqz75skMl0LzBoRuDi3ShQkMmvWv","tlshash":"33833a46729ab53477fa6cd570a41080a5385b426501c9fce0ff9e2632eeef8b799334","size":82179,"data":"","first_seen":"2026-04-11T07:57:02.015035Z","last_seen":"2026-04-11T18:34:06.007546Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"279d4ad261f3c51fb7f33c8789e5393b","sha1":"9bdff09d5aee6ee916faa18325667875fda9b74c","sha256":"42e16690246785aaefbb22d153a1d2da4a0e917b92fad68a505d5130c64a6c35","sha512":"40bdae0e337194d4664c7b40d15826e8111248b834450a19ecb197d06539cb2ac4bbcc69213cc49190cce61084094017b54490810bcbf938e7112af46065c180","ssdeep":"","tlshash":"bdc08cc8a0e23d001602651110af28e89024482770482b12dc94d8482e220b08337ed8","size":139,"data":"","first_seen":"2024-01-26T13:24:14Z","last_seen":"2026-04-11T21:10:04.155613Z","times_seen":10125,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2518afda2a2399b2a55b7fe95dde20e5","sha1":"61ff4d8d1bbe7210100e779b4c7916fc4c124e63","sha256":"d056d268a45e4d1bfacf1774dc026cff2d6a7d4eadb954ee2934d54cfe6028d2","sha512":"53bab5c2a0c087bf705dd1fa012ce9c5ba73bff7a4cd70f7e8252e4fa8ece2860c2ab35bde925c9372ab359abd1e6ceef7d09c658c4edf15e09839d67659edda","ssdeep":"","tlshash":"09c08cc4a0ca2d002602682050af38e890344026b04c1b028c94dc883e620b08233e98","size":142,"data":"","first_seen":"2024-07-10T23:19:33Z","last_seen":"2026-04-11T21:10:04.14855Z","times_seen":7736,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2d4eeff8a02871c4f7f4e2b2b1cc85e","sha1":"997aa454c75a4ddb90dfe4de8b39977af318895f","sha256":"ba93a638c7d2ba777040d71a52f57a6ad8d2d4aeb09c066cafadbc90032df665","sha512":"e5e217dc44edbc0a34684d28ce454818c389c7a9c5069e0b53d8aad5a13edd66771997cc22b23f5332914ab2d84c69d0af94a51cd168e35d6a44212be33610c1","ssdeep":"192:gD9YLf2ENYUThjXbe0gbps8TuGx1lX37IHVfYdxS+BiVLNnb1GCm0f4lsG+e0S0:gRY6EmUThTbe0gbJuGhX3EHZYdxSiiVB","tlshash":"e112d88a71b75af0be7c6cacd46744929b5d3b171410c0f9f0ef5e3023d8940a2ae965","size":9294,"data":"","first_seen":"2026-04-11T07:57:02.030027Z","last_seen":"2026-04-11T18:34:05.942832Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6aff707dcca03a270e27d906a526a450","sha1":"982ca0b7efdbc6b2adee5b5ddee058d015c54e33","sha256":"784ae6f4127794bc9f83763e99ea8ee3c109530689865a6cbcebd9bd82b9c4e8","sha512":"c3021531861014a945a5bc0c1c4a5e03805fb710fc2e435851bc452ab8cd49efdd84a28c0d7a9753d70f91aeb702f1ef8b57e748de94d71c7ba1e45bc150ca31","ssdeep":"","tlshash":"42c080c960c66d105d55545115ef24e49024541674486b43ddd5dc553f120b08137ddc","size":160,"data":"","first_seen":"2026-01-29T11:11:44.013708Z","last_seen":"2026-04-11T19:36:43.933014Z","times_seen":2327,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"41b353826d02c563ea405470e65c4fca","sha1":"86371ab7e55fcb66251798f0ce41834be249891b","sha256":"20cb91aa7bd681dc124f2a9cb220518385c9972538f09c21c7c02b10b30e189e","sha512":"f54fd04ea4f5615e9c66e716267cbcca19fa99c658d03401db3752d0150e33060a9767622925e0a86694232f82a4175590a34cde3d7799665f004a2f2ad327d0","ssdeep":"","tlshash":"7dc080c970c76d105b46545155ef64e450245416744d6f43dde4dc993f130f08237dac","size":166,"data":"","first_seen":"2026-01-29T11:11:44.015139Z","last_seen":"2026-04-11T19:36:43.943371Z","times_seen":2324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"d313558795d5a89ada9c73c4e7c6d37d","sha1":"c66fa2f3b1a23d8b43d20357d6e391dfc18f492a","sha256":"baafb89d4a9938d8004739b2da4475c3d102f907a283f4b2774f752f24fcbce9","sha512":"59da58616df3c9a81a0ba26355f8013f90a9ef32a3620dffeb4fe040f348f89aae6cca2178cb4b5226058d353507fa8959e7378a471739c7de147b7644fe03ac","ssdeep":"","tlshash":"cb80000c0820c88822202f80a000c203a2ce200b0a2022aca82b28e0a23c888e08fca0","size":38,"data":"","first_seen":"2023-04-17T00:16:30Z","last_seen":"2026-04-11T21:36:19.213329Z","times_seen":22046,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"771ab781e2b91941a7e8e8535c219f1f","sha1":"69f626e14ec5cd7f25b1554f1a534f7d77d8e7b3","sha256":"ebfbfc6898bf224f95fb9f14dce39713d3bdf5e2a2d6b752ab54a1639497553e","sha512":"d8c8de5d2197ed72a2026a9d5ca8bf23d657420239e46d0a351cd23bbbb580dabd12f9df9171aca9db009f05f0a863890b182e28fa40d65f4761a6ac3abac86d","ssdeep":"","tlshash":"aec0c0c070d23f004913bb10007ff0e450a0903b704c1712fdd0e8083e260f48237d98","size":184,"data":"","first_seen":"2025-03-19T08:06:25.439745Z","last_seen":"2026-04-11T21:06:46.181375Z","times_seen":10289,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"04cb8eb01138397161a514a4bb0269fd","sha1":"21f42ea17ccf9ebfdfce6771105f0a40c3d06338","sha256":"7e720c6c72f5dea17c789b3884d4f2d07a8770066e70add011c8dccd27435606","sha512":"1a6c824506d5e7145004e01e3969b96c455ea7561e248562c700b60d00270192b547c3e854078c0900ff5ab4f7ae5edb34bd4845ab5414b070b1e3fa68b36486","ssdeep":"","tlshash":"fcc08cc4a0c26f101602a46414af29e89024402670481b12dc98d8883e230f08237e9c","size":145,"data":"","first_seen":"2025-10-17T05:35:41.734451Z","last_seen":"2026-04-11T18:34:06.021514Z","times_seen":420,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"40e8d85bb29a1151fd2c608c56fbaf7c","sha1":"0b052dff733e85446847c345e28207ae6b0144e4","sha256":"1f5e85fbbe82bf5860f02ebe059bc93f7fd52928e58e6efdf8b0ad909f3dbc17","sha512":"1cd32f1e6f93d21d0aceec6906aef862fb13e590db3e39b557e62ea7027b905ea030424f0f82a037841c4b67e254dae116ef1a06f9688975cbbc1175315a56e1","ssdeep":"","tlshash":"55c08cc8a1c32d001606641011af24e490254026b0882b028ca4d8582e220b08237ed8","size":140,"data":"","first_seen":"2024-06-01T16:11:34Z","last_seen":"2026-04-11T19:34:10.275536Z","times_seen":6727,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6c14269fab0ea289acd7331135e8fe66","sha1":"dd1f4190dba70355f0e6011e0163723b18007aa0","sha256":"fe724fcd5ad4fb6a5a54c18cae534b1906dde93fcffe8b215d180a8c6958cb30","sha512":"71679763ff284ceaa2497d2f9752f864721f85fdb43aae96f5e72d52ad96f2336720553811e3d1289e59f173ec75ace57962372a91bd89fa9696af885da6abc4","ssdeep":"","tlshash":"11c08ccaa0ca3d506a02661455af28e89024582bb04c2b138de8ec4d2eb20f48237eec","size":162,"data":"","first_seen":"2025-11-19T12:15:54.14791Z","last_seen":"2026-04-11T21:10:04.219739Z","times_seen":1336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_SettingChunk.u0m4ptHM.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"61f661b258b486590100221d897995da","sha1":"48a5a77ebab408e19ed58cbd42fc9089ca82ed9c","sha256":"fc7cbacc8459bb59bdf0005a8fb5e7e71c05960fb6f6fcb80c11879c3b693e3e","sha512":"acef4fb27306e1562daf0b47005655870b00e469fcb76d4b270341fb9b4fdaf7802e22ec4db91607d2bfba35f608b6c3312ad80a4f89affb0d758b3134e29a82","ssdeep":"768:pCS4JkEdvPdXSYGa2xJ1vGcnQ71gBz0hv6vii7ZO5AgFcxwjAgFN5fJn9xbk/6T9:pCv015Byh/+7c+P/U","tlshash":"57436c48b8fc91fa677a5ae8a0aa4410662ca799c010e8f5d47f5b9017fdfd0b1e437c","size":60268,"data":"","first_seen":"2026-04-11T07:57:01.977819Z","last_seen":"2026-04-11T18:34:05.955506Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/enum.DZ4s6Hb8.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"7dc8363cfc6a05184e3235cd48d3fcbb","sha1":"575b30d834843216571fc7d69f95e524f36fd1b3","sha256":"222e1d08a78dc825ee32e45438686d6824fdafaedac1dd8f079899d582250a0e","sha512":"3f6b01ce008bb7f595c11a1b76d6c79c7802e283060aedc89691f355e2439abc57a32b04737c6465716ebb09d91900e4c595a2ce6d2423415fee832612d5af8f","ssdeep":"","tlshash":"5ee0ec830264ae9cb8444d5adbb8988162e12ce6cfab32de0bd91a6734c1bd44cd8015","size":299,"data":"","first_seen":"2025-12-23T10:54:41.061691Z","last_seen":"2026-04-11T19:41:53.637996Z","times_seen":4431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/libs/rc/gt@5/gt.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c44f03dfa4417f3607058fdcfb38d3f","sha1":"78ca488aa7969868b18a71b5237300cfdbd3624d","sha256":"d9eda11c33956bd40daa019eac8079379a050d36fd39725ba7a05c69e55ea54c","sha512":"54d699b3b7ce9e573e0860a770600ebf73a46e4eff0f8dff2bd05f4b37ed0b5acef8ed28707a0347242bd3f25131548c6e6658c3721ab80e46f6cdfbbc5b810e","ssdeep":"192:HgarGaz2uPAQNaTSuwCgrVQYO4x70euo+RXWMwmZaiQ8SeKiDea/Q8SgQvmss5wd:HgmezXTT3V+le6vE4VgrAwzvC9gNFtEh","tlshash":"1c42214d7cf5a0538643b078899fa114b538da53042c9e567c9ce3a4ef684388bbafdc","size":12798,"data":"","first_seen":"2025-03-19T08:12:33.778336Z","last_seen":"2026-04-11T21:10:03.979308Z","times_seen":3756,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e04f9a761cc73f53f604e332403e1d4f","sha1":"344802ef2d3827a970964c0f0e203004baa74e6f","sha256":"479d8498b6f9e041074a47a9ae553c10022b22f47b8c69e7ed1fd0c6d119efa0","sha512":"6b1f4562a9f4c47c5ac32be2831560cbc0c5063dfac2cb5f8293f4bc172fdc17274a4362f6f4cb861532afda5c6f93e34e5e5f1501b2c821e7a6ba8ada85a0ea","ssdeep":"","tlshash":"6ee0c602844474e028c6dc80c72ceaa1e2c806633362f476f2ee2f62a3043b58a08703","size":358,"data":"","first_seen":"2026-04-11T07:57:01.980459Z","last_seen":"2026-04-11T18:34:05.974264Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"67850a6271eb4d957f75a28520f6de35","sha1":"eaff7d4f77163f79d6cfd65d74247ac520c70a31","sha256":"1814ab034ce41c62ad4a4a096db4dffd6854c98879ddca897f4c89e28deedd7f","sha512":"c8b9e700b1657dc5dd8a32346381784012355eb2269b9bc1b4b0e0340aeaf6ff8c3ac5b8dfbf73c048fd19467f9f601ee23e63915b404ed62e8b2c2d627eb0ae","ssdeep":"","tlshash":"24c080c570cf2d205916546151af24e4d0346026b4485b13bd94d8553e620f08137edc","size":166,"data":"","first_seen":"2026-01-29T11:11:44.026708Z","last_seen":"2026-04-11T19:36:43.943872Z","times_seen":2319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3d9288c47b58817fe136983dfbc66fba","sha1":"5b6eb5720942e2df28ab18e9a12def95a68104b8","sha256":"d0d7504d990ea7fce269e967e29eb77234d228444bb774e759f342124e95d8e2","sha512":"4451103d5124b073e45c39af276eece261dffcc5fa8d3ec2388760f62d67046b9cac56392433e9819619e5faa9a82f2f66188bfbca964934f18ab31cfbcaa794","ssdeep":"","tlshash":"51c08cc4a4c36d102612a86511ef34e49034802b70482b028de4d86a2e260b08233ed8","size":148,"data":"","first_seen":"2025-06-24T14:55:07.746393Z","last_seen":"2026-04-11T19:41:53.729179Z","times_seen":6583,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f359d82d99380b20ad1b13444eeb87c8","sha1":"fbded6f33a4175ac34e6210bed3be34a96890e69","sha256":"e8d9b751686efc6663a4cceb7df72f967231d67a2a455177564fb7770c7b2391","sha512":"001b0d0b9bfbc0d5c3ea25d4f3a5810f85a95cda130def492c2c7f18c197595b8ef9c56dfe92ad63a30246f9e03ca1859ec044f1a7377befa8f6aca8af11beca","ssdeep":"","tlshash":"2ac08cc4a0c22d002a02642060af24e49024402670481b029d94d8893e220b08233e98","size":139,"data":"","first_seen":"2025-10-25T18:41:26.174009Z","last_seen":"2026-04-11T21:10:04.187604Z","times_seen":2496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromoteChunk.CuPvzCIr.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"5fca531fd66add409da2af989835c942","sha1":"4e4e8f2ebbf9a992f00b82f84558bfc91aec9cc5","sha256":"ad4d33ee44bedc1acb44d710480c88718fb94afacac6eeedeefc55d925ac9d2a","sha512":"670052699af06c08cfc99cfaa9ec62442cfcb70a7b1165dfcc83516cfe986ab453eb719ff2da1a5f83f5e03b9631e622ebf98b88e63b17f5a06abd20368b2ac3","ssdeep":"3072:ir7rF9koQOxOli8NV778+EesPix4r+X2lBfvOzBY/WHbkLtmVWsI3V2c1JpSnrCM:A7xMbGqC5LvOzBY/WHa751JpSrQiSM5","tlshash":"a984f71df47990b5fb39ae48a4b60851639e274b9025d0e871fe0f242bc6fb4b58633d","size":395059,"data":"","first_seen":"2026-04-11T07:57:01.979421Z","last_seen":"2026-04-11T18:34:05.949402Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"540e9ba11be2d25fe95bb3fda65d6d61","sha1":"0d25a747a4be9c1a59b3b52b96282e2a75a34727","sha256":"d06e21c53e52954af49ed14b66bb8020bba97b1ff4a5d01760652f7d727b2d15","sha512":"cf5b6c430001927f09893d4fe4456f75e7a58d3bc62a0a6f3220dd6cce6ff061e70f098d195b821c25ba2389c8c86094014827ce93194954acb2e557aaa942d7","ssdeep":"","tlshash":"a7c08cc4b0d22d105a06a51114af24e49028842a744c1b02ccd8d8883e260f48237ed8","size":145,"data":"","first_seen":"2025-03-19T08:06:25.384334Z","last_seen":"2026-04-11T21:10:04.159727Z","times_seen":7801,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8db20bd4c17d36c04263249fc1ccd30b","sha1":"ab2f99648db711b861492ea96dd82f453c78459f","sha256":"bc13717af8eeb96c4354406e8dafaa9e8a43073a096afeeb3fe6ff0d9a147c6c","sha512":"2084a198bd3b46498249d4b9c3ff4c0714a7cf3b1c37032fa6375eab1692093e7ac1e35602cc3d40604ff112fb21935a3910c5b726108df605c2146fee722506","ssdeep":"","tlshash":"ebc080c570c76d14590a759154ef75e45024942679886f539dd4ecd93f130b08137edc","size":172,"data":"","first_seen":"2026-01-29T11:11:44.053204Z","last_seen":"2026-04-11T19:36:43.92178Z","times_seen":2332,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_RechargeDialogsChunk.Dy0RJSoL.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"b56daca8e347820052e65ea358a46d1e","sha1":"5013dbe8f1abafbb4aa25a56ebcf6bd2e30d44b8","sha256":"ff727d83d02760ae6a97f16afdb9f5cedfec2dd24f2983c7c766d7ac56850b4b","sha512":"99d250d0e612fdc387d49b62b29e60245adf96cb19ece4ee20b1173b5e143a5deea82b0b1f6e89e0ca0a0a30cc7112976d5f6577ea911afab31cc9479a48205f","ssdeep":"768:BrATrIfALXqijgmcJZ7f6Ln607a0tMRLd0CDlYKrGXnV3nXSXmJRWg5F:BrnuLn40tMR7lY5lv","tlshash":"abd2d74c79b9a679b6a99d6d60b71d72210c3f169000d8f0e1ff8f0023d5ea5b9e9339","size":28461,"data":"","first_seen":"2026-04-11T07:57:01.998806Z","last_seen":"2026-04-11T18:34:05.97735Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.Bk07ZAVP.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"bdb655b9d1e64036df2c858383fdfeea","sha1":"2150e1942c83d3395d2b85ff1a9163fb6b470bfe","sha256":"5831de6bd4033f68ef158d3449d0d8a1a32bacb9b8a7285e84f7d8f67b10ba7a","sha512":"292697b5487a026a4fc8d24ab05a6a2241790a560a607a7c6f7ce7afafcf4ee37ce998c5995e969c22a901d7aeab7d470965a035a1a98d31a32148fadff3828a","ssdeep":"","tlshash":"a761a44df4ae6f3033d82e8d60781062b52e3990310ed8e5b9af1b785709ac7827772d","size":3257,"data":"","first_seen":"2026-04-11T07:57:01.971183Z","last_seen":"2026-04-11T18:34:05.984884Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/useSuggestion.DMDpOIX0.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"3a1a9a14cbbe25887d06e7525737db17","sha1":"fba26cbe4fa8a6765f109ccfe2b874c12a02e189","sha256":"20878cf72928d6142ed628214a7eb632a9f26d7fd42e1eb90f73a399eaf7cd58","sha512":"2d42b94e596b275ab9534f45ef7a2a452f117ae2c8c91f41e422fa95b763885999de8f9da0762242b6efac4b3e6973c1521bd567f84e0d6216e151fb86a3d62d","ssdeep":"","tlshash":"43318109b6b5e9ba49eb28d05473257641ad0f1eac62f060c1bf2e437c09ed580cf56c","size":1592,"data":"","first_seen":"2026-04-11T07:57:01.975653Z","last_seen":"2026-04-11T18:34:05.973114Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b9f6c0301dfac41efb64ae183d7f74c2","sha1":"3cf9c779f5a096b61b34199aff19580992ded242","sha256":"36d263dbd403b960f5987e08f4e1132659068e36c8fe4ad08b31227390f61541","sha512":"72c9e256a0d2ed1d15121fecbfa6e028235da5e1f97edd6b38b83978a31091097c8544b23070fcfd131b4073959d62c56562d4824ee49d203cc6e1983363a228","ssdeep":"","tlshash":"ccc080c5b0d62d106b05546110ef24e450654416748c5b429dd4ec543f221b4d137d9c","size":166,"data":"","first_seen":"2026-01-29T11:11:44.038494Z","last_seen":"2026-04-11T19:36:43.944368Z","times_seen":2311,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/CustomerServiceDomWidgetIndex.DJlYGdWp.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6907c5efc2ba5476e3b7d11e715a19cf","sha1":"90f1ace592846136d6a390bb77c130dece1c62bb","sha256":"5909da4f060ff64245dab392b2b3ca2436650b74b0d6fd139e1e9b324fe27b97","sha512":"373646a409382a51b63e3da18e33ebe98e36edfd2ced8e540a9e79bff111f03c58602c9674b8b325ddd5e1ddece1488a3fba52a56962caa7619ce4462bdf4c93","ssdeep":"192:RanNqcNNCRPTtAKEnHmQ5KyhJdbNl6Vy0YtI3R:+NqcNNCRPTtAKM5KyhrNwVy08IB","tlshash":"afd1ea64623350744eaadbdbb17ca3827575028db907c0b875fd4f66a984cc33236e7a","size":6274,"data":"","first_seen":"2026-04-11T07:57:02.015768Z","last_seen":"2026-04-11T18:34:05.964697Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9a5208d78b3902f0f66057152f7771a2","sha1":"a52262512f7d8ad7d9711c08a7465b0f7aef9119","sha256":"e673c3f4d1ce1ff4e651ac011acb411091a9f4ad56817cc29abbde3b5078a9c2","sha512":"7725b9acedc5adf4177aa04d57d367416c4dfaa59d6a558e0f7c781f237937b80748211f94d0127e013d5c1e1fec4444353015c333faaf423277f2aeb5410dd2","ssdeep":"","tlshash":"68c08cc4a0c32d401602a81425af25e4a028842bb4481b129ce4d8582e220f08233eac","size":144,"data":"","first_seen":"2025-03-19T08:06:25.399336Z","last_seen":"2026-04-11T21:06:46.169838Z","times_seen":8570,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_RechargeDialogsChunk.C8Tn1UZC.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"00ec96dd1fef7c0a93c61a7de512dcfd","sha1":"a72a4f1a3a43b568e21b143814c9f2c17bc8fbc5","sha256":"6ffc9b28809fb92f16a867887a041cc2cc845c202b32971706d9e07479c1978b","sha512":"aaa3fa35c66f456f3920a3fc2d23fd0f9a94c717132b4afaff6eb9b49b5d376c492a688bda9c0808b780eb22fee0def285b85ae8fa52bcbc9c17d549ad90d777","ssdeep":"3072:g0IyJvRN4t494rvvftxqHfeRWnFWyJ2FpSgusFRayOFldXsQRzC/1E9v:g0VpRN4S9EvftxqZnFWyJ2FpSgusFkqG","tlshash":"aff30988b47ab1787b79199860fa08e2421c3f97d000d4f1a0fe4e65379af74b2d577a","size":161900,"data":"","first_seen":"2026-04-11T07:57:01.952907Z","last_seen":"2026-04-11T18:34:05.982666Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/useUserProfileTips.XUHbf1w7.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"d3ad3281f465763873c2acb8cf2c5e92","sha1":"b3340992e00ffc6b16cafcb0569a8b834c8ba4e6","sha256":"6d52decf16cdc9354e4c5269c812b5c875ae0e3e855d8ffb404f2539c9308bdb","sha512":"add3c84e43b43dcee633fd1886016dd50c3a94c206a9b301806f69a0e367bdbf3b61a7fe02894cd4eeb1c7edccada5ac72a0766364dc40640bad7ddec7a766a3","ssdeep":"","tlshash":"7e01ef2a589b9da5354c0cdcf07465b2865854a27114d1b0e0ff250b771a3dbcfea62f","size":843,"data":"","first_seen":"2026-04-11T07:57:01.992646Z","last_seen":"2026-04-11T18:34:05.962329Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8efbf7a9d027e30d21699b21cdb00ecb","sha1":"d64ac1669b34ddc73a4ed164247f79948437cf3e","sha256":"2ed86a3c3651862164446b66facf35dfcc9bde127de3d574bfd823d45d0ff9b5","sha512":"528cf08a62311869c953e83d0c9a113eb469fb07e245e24a02854b0ad8a83efc41c55917f6fc478b1fa4808f7dafeb37e44c14f1870dd4057437f4940ea2a411","ssdeep":"","tlshash":"2e01b179b264529711a21cafe38736153432404a18e1c05291096d4434fce9f811bfc7","size":777,"data":"","first_seen":"2026-01-09T11:48:04.975626Z","last_seen":"2026-04-11T19:41:53.724733Z","times_seen":3929,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_EntryLoginRegisterChunk.DdEo6oU7.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"fee0df6d6478813691600dda821e108c","sha1":"c9cb24674177ba7ab214e0956ce5a98ac2d3498d","sha256":"a3b354f74e29f3e1c618fac87c30d0d20a606f44a5066a8dde50009aa64ee30c","sha512":"74a2c25fb3d3ed2f59a0869e92ed425242327a58aaf2686904a9f3267bcf74408a57ffbaf5645218508d816c93ff90b522510960593a77cf5ddf27ba29a70d81","ssdeep":"3072:JfHn8jZaav+2UFkZzQIQkoBVKs61rzcKwj9LY/CAq1rWY6iXOhKYoOyR:JfH8j8av+2UFkZzQIaV81rz62qNWY6iL","tlshash":"2af35c49b1bde6b5afb92ca87076082123185f555400d4e1f1feaf2037daf51f2a933a","size":173025,"data":"","first_seen":"2026-04-11T07:57:01.991142Z","last_seen":"2026-04-11T18:34:05.965416Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-swiper.C2cEjFFH.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"17ccb41346a1c4a1e8d88797cee77b92","sha1":"b6e962ceec5902ab497d54b1e17e85b3f6a35725","sha256":"d9a6a0674919bb7b10ed67bc00703435aa9c088b4d2db245e5475ced88d7fd12","sha512":"75f774000a45722efbde75ddc63dbc650db69b6d49cf668d8ce57ad1e996ec1b817ef487c09a1e89ae203ffd4e17faf2a950b787fd8534e476626975163c7f5a","ssdeep":"1536:rQTfptbBsn1gjg7fPBD54e27vTBZdPMoFtqByBlxvHA+CEIk6XiA6wKKvMPX/BEh:czHYfPBmxHBDqBpIRzPexSjw","tlshash":"3eb31a89a224757742fb1ada83758201b2b04854f809d4e4b0fd9d7f497e99803aeffd","size":111839,"data":"","first_seen":"2026-04-04T14:10:15.145505Z","last_seen":"2026-04-11T18:34:05.946707Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b37caca13d43c34dcf1bcc82cc983135","sha1":"8fd227d36547bc185c2886f0c3c9fc637c5b5f93","sha256":"d43984886bc8873c7e118740c8024a8981fc6150aa53a54478978ff5094207b4","sha512":"dd3c5721bd3bcbbd11b70fd6ef624bb7d7e53477cc3ebf7ca031da1a2cbebd88d5730098979fb0ac81b05a51fb8d8f8c547313132488c931c32b6be3cf37b89a","ssdeep":"","tlshash":"8ec08cc460c239001602642010af24e49024402670481b029c98d8442e220b08233e98","size":131,"data":"","first_seen":"2023-04-18T07:51:40Z","last_seen":"2026-04-11T20:47:49.81202Z","times_seen":17908,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a2e1f7a5d2a8f5ff5935e04cdc34d5e4","sha1":"073bec9aa181c4a0e48c9ff364ee65925fc97ea6","sha256":"6323855e28e5b7a701c5e99ba4efca37d91163efb82712d4517e33b8fcf0308b","sha512":"7666d02c1fee2a826726e5fdac0e6367c9d56feec2fbdd5bac578880dc63d37a102bf073ca3386b3895875cbef7cc12d44661064d644104da4c94a281195bdbf","ssdeep":"","tlshash":"26c08cc9a0d3ad00160a641010af34e490249027b04c5b02acd4e8882e620b08233e98","size":145,"data":"","first_seen":"2024-12-02T09:40:08.58089Z","last_seen":"2026-04-11T21:10:04.153701Z","times_seen":7774,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_EventDialogsChunk.COzB3PDB.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"f0fa0bb27496a6a2c98bead560893b15","sha1":"610fbfe1ebff956ee1bb0a7e13524e4e891ae782","sha256":"1ae841ffeb6790f6481836cfd7f17269830a15b5bf1569c28e06d6304f8b4701","sha512":"1facb6189a42a272c0e7707b5494893ec0d0d7c3725899f0804f8ebbf620f250b65b1667a004d595df63951a1ac835f6abe4e1fdaa46c257978344007189f247","ssdeep":"6144:gV78Spz0m5jQeV7Tbjw0WAGvhvxCJTmWozvrJfV4+sl4oE8EBjuHTXtL1zO:s847TwtAGPCFUCl1CuXx8","tlshash":"5e34ea45f06aa0a5b7bd685ce0a60991b56c3fc3c454d4e1b0ff4f342749f69b2a833a","size":242450,"data":"","first_seen":"2026-04-11T07:57:01.996464Z","last_seen":"2026-04-11T18:34:05.997269Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"efe875108f8fb2d6d03e5a47c0b4e147","sha1":"115d78db82646c3472b485ac8eb09bf56846b59e","sha256":"acd79e51d0600d895fd7593953897a65051ab45f45ad609a413d2707847e48df","sha512":"e2b4f28a793b0c372ec4c08768dcb415f886c5edab66ba126918f71d05e64b213b6632c08ca830f2ca82807592d5ee76e400272412feba9c962b5a128be50015","ssdeep":"","tlshash":"b47196671328743160eb189b726fb7807a7336585d1881e0114a9ca43568ecff2fa9ff","size":3796,"data":"","first_seen":"2025-09-06T13:08:12.58824Z","last_seen":"2026-04-11T19:41:53.732951Z","times_seen":8821,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"66f3832186e63f9e6dc840695647afd7","sha1":"c88b5b4a0ad23b5e63454693716ea7e6e9b37a4c","sha256":"11c1c2b458ec629dcc74c85cd672bb7708e34ffb7efbb68aeaeb6ac913255b71","sha512":"5424db2d753294f6a8a6c4034187ad5b9d12787552d9c5e70b8eac316ab99076b4c3710935cc347d80726007276d9b75887bd352641dae8529f2e95695256eb1","ssdeep":"","tlshash":"efc08cc4a0c36d001a06641010bf28e49034402674881b03ac94e8482e220b08233e98","size":139,"data":"","first_seen":"2024-07-02T13:45:50Z","last_seen":"2026-04-11T19:41:53.732143Z","times_seen":2519,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4af37faee12568e3b072c40b2a13fa80","sha1":"3c9aa9a477978d9a09d7d329b7923b998075de55","sha256":"dbfd7437a39833afebcdd980868a51f544ffd4e9222f0a78246b3ac53fe3224b","sha512":"61ac4c2f277eb44c373a915e5cf941177ffdc70199d214c51fb24935246252b0a012c3b2fef2673dd61f9044c63d346c71760c990820540b6ee7eb64179898d2","ssdeep":"","tlshash":"55c0c0c470c32d005905143124bf20f040201c1a784d2f038ee0dcc43f220f08133d9c","size":172,"data":"","first_seen":"2026-01-29T11:11:44.062682Z","last_seen":"2026-04-11T19:36:43.93345Z","times_seen":2325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b823ab246e470f988dc961bf5e3501e7","sha1":"9b188fe60d0ef80d5c0c33b5efbdc1b40b71b0c2","sha256":"9ba45cb1ffa622ea07799d8b11a97949df93d15e4d5b7e5a8c72ae25fab5e145","sha512":"89a586ddad477ffd93ef33edbef45e87cb69e9cf270c14ca5efaf71888404a673cbf23d5421b6951340a49df624c7bfad9c82eef4f67627699dcdeb16503967b","ssdeep":"","tlshash":"c1c08cc4b0d26d001607682014af26e8a0284026b08c5b138ce4d8482ea30b48233e98","size":145,"data":"","first_seen":"2025-03-19T08:06:25.385099Z","last_seen":"2026-04-11T21:10:04.159092Z","times_seen":7810,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromotionChunk.6MoBCaV2.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"b2de9074bbee863cff20842e60827ac8","sha1":"d582a0fdeba56dec98a9351eb6f3f6241e558720","sha256":"4437d7dd41a91a405cab3b5ec741ec28999fe38241ca459e65a8fabb5e5e0f3b","sha512":"a2a23b313d8032f2ffadb74d840e4b4d4c08673c25806777e45118f7369f06818936e1c0624ef6ef28241491c0403d771a3a456edd5f809067bd2bad5634f15d","ssdeep":"6144:gPOKujudsJGhEPEebDtGvwvAExMaXadEezmcP4Sk:VjudsJSvw7AdkcP4H","tlshash":"5a442b4df06ea1b5fb795c18e0aa056166682bc79010e4f4b0ff5f30238df64b2a9779","size":275900,"data":"","first_seen":"2026-04-11T07:57:02.013323Z","last_seen":"2026-04-11T18:34:05.98974Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b90b6f994c6d75c48ef03a4938272aa3","sha1":"9f8f7eab3d42e3dc24ba17092be25e53496f2bc1","sha256":"69babf170e523c2ba4a5aaf51b18866321e30d7eebbc7d10f17bbad9945dfaf3","sha512":"fb0ad8c3d40e8bee7715058f0fa1216aef8724cb0027e5afadcdf3947bbdc127e481a6fb718791a97e9fd564ccb9c9e0d058aed091fc6bb8ed3ee0dbfffe5258","ssdeep":"","tlshash":"09c0c0c970c62d006905506110af30e080345427f48c2f03ade0dc4c3f220f08133d9c","size":172,"data":"","first_seen":"2026-01-29T11:11:44.045624Z","last_seen":"2026-04-11T19:36:43.953Z","times_seen":2325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/vendorChunk.CNv9ECRO.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"80dac414520ed184763a4449d338efcc","sha1":"67786faf3b64ff2400e93c4b46d3c0427586cd50","sha256":"c964ebfa5bd3111469ce26c8ba3c68bb61e9a5581bc3efc040e0428e97d7a3c4","sha512":"e18371d2a214e1756ed516c66fd28e684541ce9f6da2f042d2a1399cd5b5849e6fa1abe890d8adf2ffa9a0797f54cd7a3603a243f5dc23a6b472f1459d1e53cd","ssdeep":"6144:wg/xbI5Pz6FfU+esssCmAzdMlDKQqaMBJphoO:jxKPuVImAzdMl+QqaMBx5","tlshash":"f3643ad932d6f0a143e7a5a4407f100bf23a6c15b84d9458f6a9d4e63cb889b427bf3d","size":308171,"data":"","first_seen":"2026-04-02T15:37:42.899597Z","last_seen":"2026-04-11T18:34:05.962914Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4d0438c0db88616920d440af1d866693","sha1":"3bd5cf3a4fd2cb43c08a24770c5d89c1ecc1f52c","sha256":"65236f62f4dfe64044108b210564f795135dbee9d6e05ea93c61c8c481f7842b","sha512":"c1dd5aa99875edbf628bb16cb2d0000225033b4fd8156f894d67bc658596f905099fe05c80c443d571ab8ae2b33dbc83a36327254bcb37e82a47b67b587d16f9","ssdeep":"","tlshash":"a1c080c970cb2d11db45545154ef24e450245427b44d7f43dde4dc553f620f08137d9c","size":169,"data":"","first_seen":"2026-01-29T11:11:44.065744Z","last_seen":"2026-04-11T19:36:43.951563Z","times_seen":2328,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"cec315a9b876a032b9d35c256601b44b","sha1":"c143848ef7c06e0162654673fdf15d95a41f7200","sha256":"f639e17aaefefcb59c74f945a583ebc63542f73bb694d45b659280595b634c5b","sha512":"48d883f76a9fab7cde194156bccb36b67f83dfa711c4d9a9db5d73135cbe7165608fea2d792766ca540ae8ffe6b0f3ee6a47203267191f193a32899d087dc8fa","ssdeep":"","tlshash":"5bc080c9f0c72e405716651025af76d890245016f45caf03dd94d85d3f260f14233edc","size":166,"data":"","first_seen":"2025-12-11T17:09:28.080749Z","last_seen":"2026-04-11T19:36:43.944826Z","times_seen":3572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f7f483f271889674fdc7600a915d35ff","sha1":"32023be2e50506e8376963674d4cf01e2c5a1499","sha256":"48816fb479e29f5b6f016567cc3de254efdedc8300a3d4d17187df144bd62e27","sha512":"043124f82f14259a6a7fbaea34b0cf1b3dfc881a623f8374baf6c0e7a7e34eb89aaa99289fd88f8b786e31e35be01e840ce506513acc523a6e5bfb1146bc64e3","ssdeep":"","tlshash":"9cc080c9a0c32d0495016621246ff6d45025502a708d6743ee94dc583f270b44237e9c","size":172,"data":"","first_seen":"2025-12-11T17:09:28.046556Z","last_seen":"2026-04-11T21:36:19.222943Z","times_seen":3542,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ad9be46612616a75881e6ebaea8f0f39","sha1":"67007b30619b7a81bddf99d0afbdb2c6018b4d6b","sha256":"3108659c4688415a9100aa4be897a83db582888c99f8520620bfe019cede2859","sha512":"3eeb09aa1b4aaa3e4c5afc9b481bc0c6a589809f75a8329e119cd65555f36ae39cf17d03392477ebff2b29852d8ed8a59c56b583f5bc8cdcbe1c6ffac4baa2cb","ssdeep":"","tlshash":"dcc08cc4a0c32d401602a81411af24e49025402b70482b028ce4d8582e220b08233e98","size":139,"data":"","first_seen":"2023-04-15T04:17:29Z","last_seen":"2026-04-11T21:10:04.157831Z","times_seen":8916,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-@cg/dplayer.CAws3bAx.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"88e8345b3344274c53ab31ac57c7a2db","sha1":"6b6d08175db98ba603ada2605eeb894fa29b99e3","sha256":"33d48f1ff63fe59ca9760155e5f2fe6c3b8e7ffb655501ead48a3d1ac993f4eb","sha512":"165d96c2a046145569fddfb3a9e36fd4e0daded1f8d2ae71120e53904011be0adc67d3e0054a98ce3ff564ed42f95e12840e290fcf98cfc80d9571287f210c7c","ssdeep":"3072:4nztGo0Vll3mzmG00AlkMVh3OtlHuIcPHWPd1zZx:4nztGo0VlQzmG00AlkMVh3OtlHuNHW/P","tlshash":"0344d65626a232240153a1f8c69f530937349313ea06cf5ef66eb5cc8f9d9886867f73","size":262579,"data":"","first_seen":"2026-04-11T17:01:17.488374Z","last_seen":"2026-04-11T18:33:40.237025Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/v1/static/v1.2.4/js/geeGuard.a624a606c405df21c58408882e276ff8.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5358270cc0c87bc7f76628606cc1a1f","sha1":"cb705c77b2ec68b0dad08e7dc8d9d0caf527ee68","sha256":"ce807b6386b096bba42c735e2121294ce23c316dc76e868bff1bfe64b4fcae53","sha512":"8f3531e1b9efd4f1d20e74ffd4169949044c241bd4ba0ecde9a96c1374d0999cbbabf3260772524b3e64697db8d65bea64d12cf135b94ca0c7f1f5af58c7e93c","ssdeep":"3072:D/QRZTobjaDx94pOBNnhH98FGSZvYK3N4asP:+zDxvBNnhH9cZ4asP","tlshash":"fe341cb4728d2d783532f92d7d3a1c0e64bc2cd4d9098360eb2fa1ec6e642d563b5627","size":235846,"data":"","first_seen":"2026-04-01T13:19:01.670436Z","last_seen":"2026-04-11T21:10:03.931153Z","times_seen":193,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"92b6a7e6e0ebe0c6938bf7ded579b7ce","sha1":"052127054035e1e8d5e452d69fa4aca12ca93a87","sha256":"0c94f3702e58f2369fe7038febd9d77e07fa6a926192619138d9c0e3452d6052","sha512":"83b7edc75d07bd6f4bd1fa3d20b0b0a035dc51fe599a1b8dc1905aa191d8c5d5a8c8dec5cb3294ed222b76ae6d5ba4566bbbf8297739efee1613cfaa94dfc485","ssdeep":"","tlshash":"52d0a7b4731071b11696cdffa68db2e49e163f7a1400d8729c8c60e478c455de4b00fa","size":252,"data":"","first_seen":"2025-05-16T07:59:57.657009Z","last_seen":"2026-04-11T21:36:19.253742Z","times_seen":17444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DZnDX_Dw.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"08914d12afcca3bd909129ec895d910b","sha1":"24f21fd89897c25afe33517234eea3ffd5819f3c","sha256":"69a0e7d0810e36373f0c5b0c8bf5ccd9c25e2f792d6d398d641d0047ec1116a4","sha512":"5a70bc893ca893af7e580eb75fe71e6b2ce753db4e362b66e466b65d6d099da93dfb638d8adc7a10d5e10a1e21a06b95815faa33491b2b2508d339db4c00acb3","ssdeep":"","tlshash":"2021da65b0ad31b5355b6fb9a05a9232420a61d63215d1f07e9b2eba020f781d50ef1f","size":1351,"data":"","first_seen":"2026-04-11T07:57:02.036619Z","last_seen":"2026-04-11T18:34:05.947403Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b37caca13d43c34dcf1bcc82cc983135","sha1":"8fd227d36547bc185c2886f0c3c9fc637c5b5f93","sha256":"d43984886bc8873c7e118740c8024a8981fc6150aa53a54478978ff5094207b4","sha512":"dd3c5721bd3bcbbd11b70fd6ef624bb7d7e53477cc3ebf7ca031da1a2cbebd88d5730098979fb0ac81b05a51fb8d8f8c547313132488c931c32b6be3cf37b89a","ssdeep":"","tlshash":"8ec08cc460c239001602642010af24e49024402670481b029c98d8442e220b08233e98","size":131,"data":"","first_seen":"2023-04-18T07:51:40Z","last_seen":"2026-04-11T20:47:49.81202Z","times_seen":17908,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3aad9ba1230a8f88d922d9aee18d27b6","sha1":"98b99377cdfba1e53fb7f6266052e3c950a3a08c","sha256":"2f09b5bb83d5a8c67ec1f0c1ecbfe67efbb0885f91f23b8736cfd4f7bbe7ab82","sha512":"96ac983554fee7d3bdb11e5c5f332ed7d41e2ff5fde2001e04b179f07c9f43283fc04bdad40955c1e19a37abaad7667261c66c8e0f2ec65fd083bdce87751af3","ssdeep":"","tlshash":"54d0a7e8a2f2be05055555c0447f70f07078902770185733dd80e94419654b88227e98","size":214,"data":"","first_seen":"2025-03-19T08:06:25.392443Z","last_seen":"2026-04-11T21:06:46.189806Z","times_seen":10241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"458f4c105d32f51739d741bdb5003a2c","sha1":"e21068fc81d0ab8a936a76cbe090e7a4f721a614","sha256":"82f783ae915772378f6f92fbc5cc4d204494f15d80d38656327f12be74ae3ecb","sha512":"90a8c382086bd3f7ccfd465a34152cd90bbb2546d721ca6feb95b3edeecf38c7c2b2542773ef9530dc4684c13a3e9f90c3b1874a306a440f4bbe44c867dade26","ssdeep":"","tlshash":"07c08cc4a0c32d001602a81411bf24e49024402b744c5b428de8d8582e220b08233e98","size":144,"data":"","first_seen":"2025-05-29T08:20:02.791974Z","last_seen":"2026-04-11T21:36:19.265193Z","times_seen":7789,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0ae62e05307db9ae07981005f3934012","sha1":"1a0a233cea41381d765f6f58e96632a134a975eb","sha256":"5c17e9226a0d039af1b53f6036bf5c6cf6e41f5731fc1c93b200e72860b059f7","sha512":"e1036da3b29ce7fdd23de4791f3f68341803719cb4a7d0e86a5e4d9d26d10c768eb0b988e5ff811a5b5aa788fc18a2e657f0c3078ca1e23e10fe42e6e9137ffb","ssdeep":"","tlshash":"06c08cc4a0c73d101612a91452af24e49028402b704d5b028ce4d8582e231b08233e98","size":145,"data":"","first_seen":"2023-12-20T17:15:29Z","last_seen":"2026-04-11T19:13:42.671553Z","times_seen":5695,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/store.C7Aw7dp4.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"83e562688456ff1ee53172fbad0338a1","sha1":"c7ae9ef53f1ae3dbe9e76dfce398a05094f9ef4a","sha256":"d9c8b836ab6e0ae7596ac7f5c6147d838ccd4d762e6946c2d18e0fe15c68d6c0","sha512":"7f143729069cea1104772ddf9eee738dc1d912f389adb400e847cf23765f5f3062d55890e408868a62eb1c3603f8cbc09ca8fd26dfe6694389fa9ee799b3fd19","ssdeep":"","tlshash":"be314589f0d63474b3b55c98f0746533131b2a727935d5e0e19f0a530752f01d5aaf49","size":1500,"data":"","first_seen":"2026-04-11T07:57:01.970364Z","last_seen":"2026-04-11T18:34:05.959477Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/SportDialogChunk.B6i88ztc.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"89a03ebcbd63cf1caff53bddff14583b","sha1":"b6f749386c14528fca07615c364f859c485010e7","sha256":"eb1e6bb93fa5edc98cad189db50124035e5449f936ea34d317496f8bdb380049","sha512":"66b16e0b632596a9b7e950cc10410c197e19f1878553236bad6b31528419e499437831a7f8a0238b79ae9f8bb553ddc2bdbf904269d60dfffa8c234fef5d4ef1","ssdeep":"3072:sWXth1hpyW79eOyqblMjsfiEHa/krIIFYykV2oXE9eU6Kue+uS0WiD2N+9b4zGoK:1Xr1hpys9eOyqblMjUIIFYykV2oXEEub","tlshash":"efc32a18bc117d7b632f9958763c0489615e2771b08bc8f1edfa9ff0b649b11a271e28","size":126678,"data":"","first_seen":"2026-04-11T17:01:17.532657Z","last_seen":"2026-04-11T18:33:40.264072Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e8935871470c7aea8f8fd92bf24007b6","sha1":"bb3028f4286ddcde52ef355676e7e6762c7d0729","sha256":"cb00a6f845f689b1bf597eda9864677babdf7248f510bb0e4c3c5d7078a73366","sha512":"5b35d0209438170d765d01b278a7e1b7a08d0e5d5f98f8947912e1ab4e5ef9d9c8756f50f09a195bd5241a1a011c4db87c764ac53f6fcd4811250f15130f9e10","ssdeep":"","tlshash":"cac080caf0d62e005b05543014ef25d45066401674cc7b43ded4ec583f231b4d237d9c","size":172,"data":"","first_seen":"2025-12-11T17:09:28.033761Z","last_seen":"2026-04-11T19:36:43.934962Z","times_seen":3590,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0dee0c134133f711a747d2605d405027","sha1":"737ce25a02831013dc7efca7c1eaba14d3ae3d44","sha256":"fae246e11e509385104c24661a72d952bf326aad134eaf09fdd5ea711d816bef","sha512":"81dec4f03ec845d30294f53a8c6c4dcda79890b958b4b779a757dbe2226867eb8a541cae173f3520d77818b5b130070f1911d5271f6cedc7c8b5060371388d07","ssdeep":"","tlshash":"7ac08cc5a0c26d0016026a2150bf34e490244026b44c2b438c94d8482e220b0a237eec","size":145,"data":"","first_seen":"2025-03-19T08:06:25.408614Z","last_seen":"2026-04-11T21:10:04.145916Z","times_seen":7683,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_WithdrawChunk.BVZncZop.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"39c26320b37a2783d25bf25c595f4571","sha1":"5d036e319ce17f3422261d85dbace9ccedb160f3","sha256":"8c8a697440a0f3e3c09a07c5886e8059a7c404df34860e9707853747069294ec","sha512":"630d4d67ae7f6b1049bb0a12c69569b16e82b49bb4fd5ffa43f8731eed5a24a12c15700eb8c88743013b36431e352091261586cd7c83d0a1a218e234f631b04a","ssdeep":"6144:gwYcTXmqMbxvDNNHthG+/c2/pizzEnENQ/wYTqZrbMjWRLUY:VXmqMbxvDNNDG+/c2/pcgnEeJTKnl","tlshash":"95844c867067e0f8baf9699c60b2059671283b8ad005c0fb70fe8e51379fa50f9e5735","size":373279,"data":"","first_seen":"2026-04-11T07:57:02.01974Z","last_seen":"2026-04-11T18:34:05.981448Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"494ab8c88e9a8cfd9aa511a663c925c6","sha1":"4816e303ad4a09ef00d54305b7b9e2e51c9bff4e","sha256":"9de249453f6780a3274d7fae16d04d230aa9a5b70b57c7d094bbd764ceb8cf4e","sha512":"3fb9b24dc9a904670f2618493304d5b9edf4fab17eca192479cabd99a0a86a4b4a80318baaafa817311bc1ce86d533e4ed044bd9915c4a3b2219db7f0fed6474","ssdeep":"","tlshash":"68e07d48ff28c7f316ce28a7516e770858d104d58c1b58024cebccc86935ed87291527","size":313,"data":"","first_seen":"2023-03-07T01:24:09Z","last_seen":"2026-04-11T21:06:46.174211Z","times_seen":14639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d454f15b37db78b83b5baecdf743f42","sha1":"11e110aa556c4b89523c4000301e178255e0011f","sha256":"dca38dbbce2b613d73df9c1739cac926d4c518c99c219d33d6f84e22718fc21d","sha512":"ead37b7d097d23e30b78a05c79477f8ebc1efc05fa1cd988468e174463de10d22743f8174a6bd840d59e2556a3faabb640a0164829b5e63fbe15873dff11e639","ssdeep":"","tlshash":"04b012d504040205bafa0105d717370cf0f701e50c48680040030414234434f461ead9","size":95,"data":"","first_seen":"2025-10-09T09:48:44.9381Z","last_seen":"2026-04-11T19:41:53.745139Z","times_seen":8490,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/utils.T26e7GE9.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"e59a59997ee9b1afd4deac4980a9eac9","sha1":"0c6146ffae9bd3938fe584f4e304da3e6e92bf81","sha256":"8d7c978385bb1cadd140e01b1917b856f32fa5a93778066aa090c75b4e93963f","sha512":"d5b495fd35464a59e2df3c015b497d067f08c20559f9f9c52f8cba7e3e7ac12f6eab3d8ce3de83049e5b6acf517219046086be39b0143de07eab0c2f5fab48b4","ssdeep":"","tlshash":"8d215d327a6aa63567a009ffa9303061d0700ae1342ce1d0310f0d5b3ddeb894be5ace","size":1308,"data":"","first_seen":"2026-04-11T07:57:02.021159Z","last_seen":"2026-04-11T18:34:05.987859Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b37caca13d43c34dcf1bcc82cc983135","sha1":"8fd227d36547bc185c2886f0c3c9fc637c5b5f93","sha256":"d43984886bc8873c7e118740c8024a8981fc6150aa53a54478978ff5094207b4","sha512":"dd3c5721bd3bcbbd11b70fd6ef624bb7d7e53477cc3ebf7ca031da1a2cbebd88d5730098979fb0ac81b05a51fb8d8f8c547313132488c931c32b6be3cf37b89a","ssdeep":"","tlshash":"8ec08cc460c239001602642010af24e49024402670481b029c98d8442e220b08233e98","size":131,"data":"","first_seen":"2023-04-18T07:51:40Z","last_seen":"2026-04-11T20:47:49.81202Z","times_seen":17908,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"cb6524fc7decf2fc2fdab290c0c0c2e6","sha1":"08969a04e60b17f1f12a5cd4ecb441569d234c9a","sha256":"7e3b65570f425161bfee3ade43ed88e1a43a0f5d629b75df80e5e77b408a2bf9","sha512":"b9c58c977594b5b6533d3b761faa7017d5bbe1c6e9401301dc90e9aef346a97f0061b75b4f71634aac8d353ed089605766826980823c6dbff343b38d8e83a52e","ssdeep":"","tlshash":"5bc08cc9f0da2d002606a91090ef34f8a038442ab44c1b468c98ec482e620f09237ed8","size":154,"data":"","first_seen":"2025-03-19T08:10:08.320663Z","last_seen":"2026-04-11T21:10:04.170188Z","times_seen":5223,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"d313558795d5a89ada9c73c4e7c6d37d","sha1":"c66fa2f3b1a23d8b43d20357d6e391dfc18f492a","sha256":"baafb89d4a9938d8004739b2da4475c3d102f907a283f4b2774f752f24fcbce9","sha512":"59da58616df3c9a81a0ba26355f8013f90a9ef32a3620dffeb4fe040f348f89aae6cca2178cb4b5226058d353507fa8959e7378a471739c7de147b7644fe03ac","ssdeep":"","tlshash":"cb80000c0820c88822202f80a000c203a2ce200b0a2022aca82b28e0a23c888e08fca0","size":38,"data":"","first_seen":"2023-04-17T00:16:30Z","last_seen":"2026-04-11T21:36:19.213329Z","times_seen":22046,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8067e1f6f0a7ba146cf1e7f222557c9b","sha1":"751a1fa190962b9e32f32b3325af32077181592e","sha256":"9708a6a9795b6a2580423efa30137a3a7ca277a61a4beb1dde3f3112e388e991","sha512":"fcdb72a527c2f4e9b6fa6e1cf6b47519e12695e36269db4b82cb75d862c17cba9a05b7cac10383709fe93878b2a6c3f0de1f25713287c716f3f2ca9cbe0dfdaa","ssdeep":"","tlshash":"cfc012caa0866e009a06546155af65d450255416a4887a43dea4d8592b170b08237da8","size":172,"data":"","first_seen":"2025-12-11T17:09:28.053694Z","last_seen":"2026-04-11T19:36:43.957897Z","times_seen":3598,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"15213edbb60fc2beb5c3f2ca99e3c564","sha1":"b69b98438baac0cb23bdc9dd830eb5e1ecd6756b","sha256":"8de108a487db012f8a0e412c982286ac44464a35c3314bc37069a7d858127754","sha512":"e15d3e9b71cad9317789693ae746198b55c6f252451ae6eeda8008c39a85ad4d0abcd57e1273b3cfc49bb1b9da705395211062e07968d46082861fb949604115","ssdeep":"","tlshash":"04c0c0c870d27e10db05242120bf74e080285426748d2f438de0dc443f120f0c133dac","size":172,"data":"","first_seen":"2026-01-29T11:11:44.043334Z","last_seen":"2026-04-11T19:36:43.918422Z","times_seen":2316,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ed7407adc4ca438d6b83d1f3077df358","sha1":"3fa54ae3bbf71dafa476ae758c8b3496b8ee0b62","sha256":"a741e4050a4ed0d52f480dbf68ed841305efd289ff635b7387937ad96aa09355","sha512":"eb2f97b25163baa2d1579593673a85c38688b66f77c62460e3090de340b0fe870975b7b53a73a59d83dc100537265816cb4164ee981321281762918d2450f4c2","ssdeep":"","tlshash":"98c080c5b0c73e005d15652050af64f490346036b448eb539ed4d8553f520f49137e98","size":166,"data":"","first_seen":"2026-01-29T11:11:44.02973Z","last_seen":"2026-04-11T19:36:43.935461Z","times_seen":2305,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2161393b9479e27bcd23f313876007a4","sha1":"f6a0a66456e9dfe3c309b2840848869481f97679","sha256":"1a16cb77c3f3aef401d38421e9afce0fb02caa1a02fd234f9e5998b60dbe0fde","sha512":"dec2dd02767b6376c7adc515bc9bf0425c58a8de236e6dcffc103aeb293f13f60eb81112768e63fe21d6e884860daa433613ad7df3c1e73c0ce590b90a1339a2","ssdeep":"96:+/e9ysxI2decrMLlyzqqk2UGdsnvjgV0+QLd2ef0MZNtPAkb+8D4NUw0pbGHyZr:ge9vx5decrMLALkhGyvjgV0+QLd2bMZd","tlshash":"6391a54aa6147bfd39e91cc4fa62946707830be726118290e56e1d0de6cca00cf1dfd5","size":4457,"data":"","first_seen":"2026-04-11T07:57:01.96405Z","last_seen":"2026-04-11T18:34:05.975443Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"riskct.geetest.com/g2/api/v1/pre_load?client_type=web\u0026appid=9ia4hndgblg9xihxcwgdjt9ztg8sjwaf\u0026callback=geetest_1775932390661","fqdn":"riskct.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"43.159.108.100","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a5daa8909a3bf4c22f7d580ac77fc2ff","sha1":"fa7d6b9078c23c61c94bce3ca6c04c4dc97d2df7","sha256":"03d579bcf37d5c18d840599424e65c8c526e528466793b7cb537afe0074caf3a","sha512":"478ae57a0a3aa0c35f46b59081146ce232f16b710a8aab4b6503a8e497777324add3db561a7869638915dd13cc62b0902dcb1f3e8d7ea66bf380eb1eeb4ef670","ssdeep":"","tlshash":"70e0e70c08446df20c29bd907c29457651d433b548313ce4deec1f30c947174f15a810","size":304,"data":"","first_seen":"2026-04-11T18:33:40.303051Z","last_seen":"2026-04-11T18:33:40.303051Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"48bb5618b78ed2a8bbf4692e5bab75e4","sha1":"3d2c06d68fe6a9fc5ecec24601b2fa9318e6e03d","sha256":"e99bbb24f78ec4fa1be0fce35cc1851d4b9081e13f408c683b17a28aad54e8e2","sha512":"93b0981c8a2994c2800d47c368704e8e9fcf0608850c70f4f3ff7102dcc1485cbbbe57cff384b18485a63e6eab415ec2a6b0b08677c9d5760b461f6436c0719b","ssdeep":"","tlshash":"d6c080c5b0c72d205616556155af66dcd0345026f45c6b13fe94d8593f220f08237edc","size":169,"data":"","first_seen":"2025-12-11T17:09:28.058758Z","last_seen":"2026-04-11T19:36:43.958412Z","times_seen":3597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fd8e9f4395e2d53671b51fdc27c31655","sha1":"1c1ecd0c0de26b0c093b37aa9877e1607d1c468f","sha256":"3ac9388f84f1eaea0bf970d73a78905f1d0dfb345b046b84c8b31c9b11abeb26","sha512":"751e84d116214ac817d5c636702e606e20930af58a6dfdc755e1b995cf0a824468835840f775a5c2f7a410b66f24f769e8025567bd14677f589f0a045c903cac","ssdeep":"","tlshash":"a9c08cc4a0d22d001602651110bf34e890288026748c1b02dca8e8483e220b8823bed8","size":145,"data":"","first_seen":"2025-10-01T01:05:52.2745Z","last_seen":"2026-04-11T18:34:06.023888Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f3b17e0e22df957a7b00e06e335a8f62","sha1":"65811e47dbf441e510d0fcf0c84eee90fc81c400","sha256":"3b518fb5aeacd3458b394466fca6cc6a121ccf84fa3c968139bdb4499dcc5774","sha512":"b0fc26fbc42c22f8cbd5de036afb4ca6deb711cc776e7ca096027acf255cc6d5881dd1249af67f5c183e8c3f64bec449b8b7bf285f7b15925a129906f1d7009f","ssdeep":"","tlshash":"36c08cc4b0d62e001617689464bf28e89024402a70485b22cc94e8492f220b48237ed8","size":145,"data":"","first_seen":"2024-10-25T09:05:57.937747Z","last_seen":"2026-04-11T21:10:04.163147Z","times_seen":7775,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FloatBarIndex.nFWC6Mt1.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6fb54bbd08b66d9cc1c2a127f2a871d6","sha1":"bc269ca7af0cac219fe6c33dfea2957a0997c9d9","sha256":"5cfa0f34d9aeca5cba1528c35c79174a6498d400579c2bf1832cec5eb67de829","sha512":"958e14bad8da0c2118b04d4ddb6c50cc135318f415d7777c5142daf04d72000fa9412639f5f505ed387611880fedcd6e69daef2ef7d669cefb8be92c3e17ba61","ssdeep":"","tlshash":"ef813b4f30d935b4f1e68559c0797c924a0c67925141c4e1e2ff1c382292dd8e05ffe5","size":3839,"data":"","first_seen":"2026-04-11T07:57:01.95708Z","last_seen":"2026-04-11T18:34:05.97486Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"723d75c93790b06652a566d63d8799c8","sha1":"82ea2eeab0eddb918ebcdc71851ea8a2150363bb","sha256":"b8a5f0992572bdce2ee309f40f56bf24cfd2dd45b9bca155b6446cb3584665fc","sha512":"af432578bc0ccd7f98e39e303ca394d9153f2698c3aa8e7829955ee1f8f62edf7ad94f0c2a0d3b237137385dbb8a2aac032b8e3c9525f6e35f011b8e67a79437","ssdeep":"","tlshash":"02c022d970d72c111626949910af22e480389c32a48e0b03aea8d80d2d624b2e223e98","size":193,"data":"","first_seen":"2025-04-22T22:10:02.321884Z","last_seen":"2026-04-11T21:10:04.192023Z","times_seen":7484,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T18:33:01.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /?id=422876378 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m0189.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: text/html\r\nx-oss-request-id: 69DA93DE100000343490ECD8\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 17:06:08 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17493868138726715098\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: YgCOCybv8Qkr5nto7Q7BBQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 255286bc54aa262c7501b848e63d77f2\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":256084,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"62008e0b26eff1092be67b68ed0ec105","sha1":"a48b8a892c9735ba605df495d0c46d5d812623a2","sha256":"912dc75fd420777be1c1f09456a9c5a5488f7c603430fb5fcb9945907753d0da","sha512":"e18ce635363e80710da014392e2df601c5211296be92c4be501092fc2439a07a1b216743a44592b3d2a4b7fe92b38d5b9dc55393d305a8619029d3c3abeddb0c","ssdeep":"6144:4/QrTzT/cWuKOOLUUllE1j1PMjAZPos+Rym/u0J:Ex0","tlshash":"3f44b9cbaa9c1f81f53b31e4d057b1cd9a4094dd1b70d9a87b7780abc36f4e08ac6562","first_seen":"2026-04-11T18:28:36.013524Z","last_seen":"2026-04-11T18:34:05.971299Z","times_seen":25,"resource_available":true,"data":null}},"time_used":1697,"timings":{"blocked":720,"dns":207,"connect":1,"send":0,"wait":256,"receive":0,"ssl":511},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/upload/img/1995443226830245889.png","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:03.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/upload/img/1995443226830245889.png HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 65391\r\nx-oss-request-id: 69DA93DF6AC5903234D06D05\r\nvary: Origin\r\netag: \"F7336C832183626692BF743F8C020B19\"\r\nlast-modified: Mon, 01 Dec 2025 10:41:53 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6512158309788991293\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: 9zNsgyGDYmaSv3Q/jAILGQ==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 6c8b06d1436b63b205a0aaf2f55dba1e\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":65391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"f7336c832183626692bf743f8c020b19","sha1":"18f959e7236825e28499b15ab9e31f26fa8c6d3f","sha256":"46e9b54f4d56fd0fe1a2580391ef87c3079b3d24705c559e6132ec521bd24a2f","sha512":"f86f31533f54fcb203bb5e24fe292181108e2ba47cb18df3437783ac80977817161687db997dd6f430b8e4df644db810f0ed7c99f919cb6de75681bfaae28f4f","ssdeep":"1536:hqSUV4v4mjf/gvq3RPS4L0/rJMJZudF3H3O+a3LzbDp9ylXaHL:cSLfYgSAgJMvusbb3V3","tlshash":"a753023e8b4eb326ca130ed350d788dda9fa0038b44208405e5c9be5ded4dac82e8f55","first_seen":"2025-12-02T05:51:31.715298Z","last_seen":"2026-04-11T18:34:05.944411Z","times_seen":288,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DZnDX_Dw.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:05.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/index.DZnDX_Dw.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E168A37439322C594E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3515234913531626399\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: CJFNEq/Mo72QkSnsiV2RCw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 2c8edf76f5bd26733a061e32567db2a9\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1351,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (1350)","md5":"08914d12afcca3bd909129ec895d910b","sha1":"24f21fd89897c25afe33517234eea3ffd5819f3c","sha256":"69a0e7d0810e36373f0c5b0c8bf5ccd9c25e2f792d6d398d641d0047ec1116a4","sha512":"5a70bc893ca893af7e580eb75fe71e6b2ce753db4e362b66e466b65d6d099da93dfb638d8adc7a10d5e10a1e21a06b95815faa33491b2b2508d339db4c00acb3","ssdeep":"","tlshash":"2021da65b0ad31b5355b6fb9a05a9232420a61d63215d1f07e9b2eba020f781d50ef1f","first_seen":"2026-04-11T07:57:02.036619Z","last_seen":"2026-04-11T18:34:05.947403Z","times_seen":28,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/version.json","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/version.json HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E460F7333933398190\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 18:25:06 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14477311986245001827\r\nx-oss-storage-class: Standard\r\ncache-control: no-cache\r\ncontent-md5: 917+sxe1zLXIoL7aZUXHJQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: bca10a5e76c6d89093e8a5eb65d17d40\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":5760,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f75efeb317b5ccb5c8a0beda6545c725","sha1":"93f2a2e933ad48a481c40a559ac6c88a20d1bb77","sha256":"a7f97de19dbbe8a917544f2727c5c8010e3cac9e25020a945f54a2b0e6864330","sha512":"51f70a4f5d8476ba04bebb42a8985f738cbe5d0178d0b2f8ac732fbbf696a76a58b01df388ad1d66e2f8628d460f8fb1590138a37dc8959df8b6404c2576ae03","ssdeep":"96:8N4X7/6ditJfeiJ5BS8fySCwsI+VMgtRXyglj16VgJVwbkCJ3A0s:8N4X7/OitJfeiJ5k8qSCwsI+ugtRXygD","tlshash":"bfc1a86695251cbf4fb2477a76842f93992f61f19cc364913f570a3292de1cc02a8d3e","first_seen":"2026-04-11T18:28:36.043631Z","last_seen":"2026-04-11T18:34:05.968382Z","times_seen":24,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_SettingChunk.ITO75Mol.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_SettingChunk.ITO75Mol.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E4BCB28E3037CFE781\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15535053416744398488\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: hDcOrAd4OT6CzeN0cR2qDQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 701925386953591cac6ac94ff23f1134\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":29892,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (29891)","md5":"84370eac0778393e82cde374711daa0d","sha1":"4178cf9a59295cd6f7cb9a12495f2540ce3911b2","sha256":"8018613d61578aa22e1052d92c3d820ea0e2924c4df55aa31a3024ae831857de","sha512":"fba36a6acacea857964018c09e5eca0c0f0a059bd096458735e07c92158a3758e1b5dc273efe5fefb2b641de49f63e6d6b3bcf45abe8337c45d2afb332dcd4d0","ssdeep":"384:t2jv+D3oB7wFb7nWqTn/1tCXouLZWthYq1ohsSw5A8fpMaLNb:tt3o5jWthQhslBMMd","tlshash":"2ad2836a1ab0363a6c3b8231d5d0fba472496104da25d2f2dc734c5f4bc7bf637246a6","first_seen":"2026-03-17T07:18:02.648725Z","last_seen":"2026-04-11T18:34:05.96898Z","times_seen":165,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromoteChunk.CuPvzCIr.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_PromoteChunk.CuPvzCIr.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E4CD9B343532D98245\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16742407820407782996\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: X8pTH9Zq3UCdoq+YmDXJQg==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 71eb0152ade6ee459c3ceaeaf1d4e8c8\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":395059,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5fca531fd66add409da2af989835c942","sha1":"4e4e8f2ebbf9a992f00b82f84558bfc91aec9cc5","sha256":"ad4d33ee44bedc1acb44d710480c88718fb94afacac6eeedeefc55d925ac9d2a","sha512":"670052699af06c08cfc99cfaa9ec62442cfcb70a7b1165dfcc83516cfe986ab453eb719ff2da1a5f83f5e03b9631e622ebf98b88e63b17f5a06abd20368b2ac3","ssdeep":"3072:ir7rF9koQOxOli8NV778+EesPix4r+X2lBfvOzBY/WHbkLtmVWsI3V2c1JpSnrCM:A7xMbGqC5LvOzBY/WHa751JpSrQiSM5","tlshash":"a984f71df47990b5fb39ae48a4b60851639e274b9025d0e871fe0f242bc6fb4b58633d","first_seen":"2026-04-11T07:57:01.979421Z","last_seen":"2026-04-11T18:34:05.949402Z","times_seen":27,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/ipCheck?siteCode=1937\u0026currency=CNY\u0026language=zh\u0026platformType=5","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"GET /hall/ipCheck?siteCode=1937\u0026currency=CNY\u0026language=zh\u0026platformType=5 HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: plain\r\nx-request-id: bb7710af-1f33-4103-844e-d7f8e895490b\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932388\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: \r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/json\r\nset-cookie: acw_tc=0a0ccaf917759323891938391e5d3dccbb5511e66deb7f1711f7c188307530;path=/;HttpOnly;Max-Age=1800\r\nvary: Accept-Encoding\r\nx-trace-id: c9fec3e275403bbc6ab7987364a2541a\r\nx-env-apisix: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-qzjzr|b68800f8f5e352467095778f44c5c479\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\ncontent-encoding: gzip\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e5_PS-AMS-01QkJ103_53875-28504\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":241,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"88a05f1a8c40b93c26498c6574a939c4","sha1":"5c36dabab37fe2948efda19f44a0177b428f9137","sha256":"8a3c75ef227c250146de9d3fd4b0a3f3a22c4ae97c2eaab7598237d1b6c89f73","sha512":"89cfbf4f5744effa9268e513896a9e1e5732fe89b9637047494184ce7e84e03ac8cbb0baf6f1309d3485fd65e385083fb3bd0c4981b02c90b48fac093a8ea1dd","ssdeep":"","tlshash":"47d09704004c8831ae50e309cc03af801f3c091bf0cb02c8a44e1f60c0662e8808069f","first_seen":"2026-04-11T18:33:40.218673Z","last_seen":"2026-04-11T18:33:40.218673Z","times_seen":1,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/active/tasks/newcomer_benefit_reward/default.json?v=1775923838","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/active/tasks/newcomer_benefit_reward/default.json?v=1775923838 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E52A8AB2373542FB6D\r\nvary: Accept-Encoding, Origin\r\netag: W/\"6BAF2CF7F34321B8F80D38B6C4439671\"\r\nlast-modified: Sat, 11 Apr 2026 16:10:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17298634719840358504\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: a68s9/NDIbj4DTi2xEOWcQ==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 4841ed5c837e38e92e76b6bcc2c135e4\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":192,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"6baf2cf7f34321b8f80d38b6c4439671","sha1":"7fc16801158d5c3263908dd7104da0362a62889c","sha256":"27e01d40e2750859f94593f96765d970399e44a19e73cdbe245f04de407f4377","sha512":"22a9211046205af34f07e2e442918eb5cebe5d33be63e33504b22abc4492a027d3ac89d873fb5dd02db5b900734d1aaffcab79ad745fb6aa4406ef0655d6b1a6","ssdeep":"","tlshash":"60c022222032a40d1b20a1de021a81828d63401ca76c525cba396ea1f42b362a60a844","first_seen":"2026-04-11T18:28:35.992925Z","last_seen":"2026-04-11T18:34:05.991686Z","times_seen":24,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_EntryLoginRegisterChunk.DzsVb_oY.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_EntryLoginRegisterChunk.DzsVb_oY.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E001B8FA3135ACCC86\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2465955596668066150\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: hIzx4IaSVpBodMXd0dFucQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 2be28428b30ee42f3cfe7ffdc20676ca\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":83329,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"848cf1e0869256906874c5ddd1d16e71","sha1":"6440911ae1a74fc6f1a3b079df2a46384ff1d65f","sha256":"4b63ea59fa08800ca3272b992ae4f95c2af68c3fb02ce39b4e6cec8053fe7fa6","sha512":"145eed6007f59a705d82bae7ba454b897af9fec0180f76d4de3897ce894d7655927e12962d8fae34c7e1e5f5faa555f63cf26dde42c1b155635bd6899638087f","ssdeep":"768:a71Slo0RzrAEDBfRmv1xx5TLxjSpT2X7JTD5Ui5PO+5wkn5DG9jsj8VUQOhy:a712o0xDBfRmv1HiTaUiik5DG9jsjS","tlshash":"5883da5b97307737bc1bda3a69c3b6e8a041f0908612c655fe732e194bcbfb21831695","first_seen":"2026-04-11T02:09:12.212229Z","last_seen":"2026-04-11T18:34:05.980241Z","times_seen":33,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":383,"dns":0,"connect":0,"send":0,"wait":413,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm8355623.osm1k9woy.win/ipacdn.txt","fqdn":"mgm8355623.osm1k9woy.win","domain":"osm1k9woy.win","tld":"win"},"ip":{"addr":"138.113.208.88","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm8355623.osm1k9woy.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 06:03:58 GMT","end":"Fri, 29 May 2026 06:03:57 GMT"},"fingerprint":{"sha1":"F5:C6:15:37:9A:66:D3:72:35:DB:E0:FD:1D:BE:60:AC:9F:36:A5:21","sha256":"3C:A6:11:49:CB:0D:DB:41:B7:28:9B:05:0E:01:30:9C:38:86:5B:32:44:F0:58:85:83:66:63:75:10:23:FD:F2"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgm8355623.osm1k9woy.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 jp184:15 (W), 0.0 PS-AMS-01QkJ103:18 (W)\r\nx-px: ht PS-AMS-01QkJ103AMS\r\nage: 9340249\r\nx-ws-request-id: 69da93e3_PS-AMS-01QkJ103_52884-2238\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":19,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/locales/zh.tDAd91tj.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/locales/zh.tDAd91tj.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E468A3743932C0634E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5605839081511711\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: akescox61fkbtdCIfcB+/g==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 1d858b555d503a76bd108cac08fb126e\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":475550,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (12155), with LF, NEL line terminators","md5":"5891dd140ef52bb6d60ddb86ddec7cf3","sha1":"2d15f79b372d09da2d73995e6205d2fff1fe2fe0","sha256":"00afcb784da5a81e49b84a878eb4b8cf990ea8952714e349c24cecb21b31dca9","sha512":"0a17eab763b498e70673d48e6d39f69131a53ce0f5ebf6dfc063db1c0cac6c5af0f65bfa57a8feb640d5d7ec120b399d61dabff506efb2d4a908065dcfb3de91","ssdeep":"12288:KPm+8+ZYu/U2fXaWAhHxH++fQgN8mlKVSjI2edao/iw2s/:x28Q/","tlshash":"3ab43a13c39bc3d986e79af43c2a938924b491cfd4de67098bee81e415ecd4a305e653","first_seen":"2026-04-11T18:33:40.233494Z","last_seen":"2026-04-11T18:33:40.233494Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_RechargeDialogsChunk.D2mQM0Sm.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_RechargeDialogsChunk.D2mQM0Sm.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E42A8AB2373512F56D\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14920197263873745622\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: sLkTakx2Aqw8jXz6U12O5Q==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: f5c54da17dd9c960b746a9f878010139\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7842,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7841)","md5":"b0b9136a4c7602ac3c8d7cfa535d8ee5","sha1":"0121fd3b0acd490e39d66ccc0bae9242b3ba3e1e","sha256":"798670bd5c760a1db5a3fcf0d6241a31a53e62c2c9fad75f162528df5a4b9d90","sha512":"36b9200b764708b5204486636a019e3970244d59ff2ed26cb79dc0832f3070a29f66334be2a632c96c1d053eda72ce9619b31888775819e5c1d957ef688e93cc","ssdeep":"192:TZTsHK/tISdcPojeQhps/ycyRh86ZN6iXMEKQieYyB0DTYAH:TZwHKBhRDBmTt","tlshash":"aef1320f5632bb3da52ed5215ac5bae821c43c58e4d24f92cf128c1e8ac77fd7e11256","first_seen":"2026-02-15T08:12:48.05866Z","last_seen":"2026-04-11T21:08:28.195069Z","times_seen":2410,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-@cg/dplayer.CAws3bAx.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/vendors/vendor-@cg/dplayer.CAws3bAx.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/FastEntryIndex.CDXIfMt4.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E560F7333933DB8890\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14835157604998420565\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: iOg0WzNEJ0xTqzGsV8ei2w==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 27d90cb6cb4304a0ca0083c330d74564\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":262579,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9352)","md5":"88e8345b3344274c53ab31ac57c7a2db","sha1":"6b6d08175db98ba603ada2605eeb894fa29b99e3","sha256":"33d48f1ff63fe59ca9760155e5f2fe6c3b8e7ffb655501ead48a3d1ac993f4eb","sha512":"165d96c2a046145569fddfb3a9e36fd4e0daded1f8d2ae71120e53904011be0adc67d3e0054a98ce3ff564ed42f95e12840e290fcf98cfc80d9571287f210c7c","ssdeep":"3072:4nztGo0Vll3mzmG00AlkMVh3OtlHuIcPHWPd1zZx:4nztGo0VlQzmG00AlkMVh3OtlHuNHW/P","tlshash":"0344d65626a232240153a1f8c69f530937349313ea06cf5ef66eb5cc8f9d9886867f73","first_seen":"2026-04-11T17:01:17.488374Z","last_seen":"2026-04-11T18:33:40.237025Z","times_seen":12,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/active/tasks/newcomer_benefit_reward/default.json?v=1775923838","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/active/tasks/newcomer_benefit_reward/default.json?v=1775923838 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E52A8AB2373542FB6D\r\nvary: Accept-Encoding, Origin\r\netag: W/\"6BAF2CF7F34321B8F80D38B6C4439671\"\r\nlast-modified: Sat, 11 Apr 2026 16:10:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17298634719840358504\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: a68s9/NDIbj4DTi2xEOWcQ==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: ba4672ce2d8999582f256e0dd3069d5f\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":192,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"6baf2cf7f34321b8f80d38b6c4439671","sha1":"7fc16801158d5c3263908dd7104da0362a62889c","sha256":"27e01d40e2750859f94593f96765d970399e44a19e73cdbe245f04de407f4377","sha512":"22a9211046205af34f07e2e442918eb5cebe5d33be63e33504b22abc4492a027d3ac89d873fb5dd02db5b900734d1aaffcab79ad745fb6aa4406ef0655d6b1a6","ssdeep":"","tlshash":"60c022222032a40d1b20a1de021a81828d63401ca76c525cba396ea1f42b362a60a844","first_seen":"2026-04-11T18:28:35.992925Z","last_seen":"2026-04-11T18:34:05.991686Z","times_seen":24,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_EventDialogsChunk.COzB3PDB.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:15.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_EventDialogsChunk.COzB3PDB.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB01B8FA3135C8F586\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10888539917812274282\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 8PoLsnSWpqLJi+rVYIk7FQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: c73bb643f8721effd41983cb7ee994ce\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":242450,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (64415)","md5":"f0fa0bb27496a6a2c98bead560893b15","sha1":"610fbfe1ebff956ee1bb0a7e13524e4e891ae782","sha256":"1ae841ffeb6790f6481836cfd7f17269830a15b5bf1569c28e06d6304f8b4701","sha512":"1facb6189a42a272c0e7707b5494893ec0d0d7c3725899f0804f8ebbf620f250b65b1667a004d595df63951a1ac835f6abe4e1fdaa46c257978344007189f247","ssdeep":"6144:gV78Spz0m5jQeV7Tbjw0WAGvhvxCJTmWozvrJfV4+sl4oE8EBjuHTXtL1zO:s847TwtAGPCFUCl1CuXx8","tlshash":"5e34ea45f06aa0a5b7bd685ce0a60991b56c3fc3c454d4e1b0ff4f342749f69b2a833a","first_seen":"2026-04-11T07:57:01.996464Z","last_seen":"2026-04-11T18:34:05.997269Z","times_seen":23,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m0189.top/","fqdn":"m0189.top","domain":"m0189.top","tld":"top"},"ip":{"addr":"206.119.82.56","port":443,"asn":140227,"as":"Hong Kong Communications International Co., Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T18:32:59.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m0189.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 13:02:44 GMT","end":"Sat, 06 Jun 2026 13:02:43 GMT"},"fingerprint":{"sha1":"8C:98:33:3F:24:F1:3B:BB:14:5E:12:8B:72:96:CF:74:66:ED:38:3E","sha256":"B6:68:FC:30:51:C7:C5:02:D2:D4:6C:B7:C5:1F:0B:F8:FA:72:35:8D:75:19:87:1F:E2:E7:2F:F1:BB:D9:41:92"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: m0189.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 18:33:01 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":110,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"41f3c8d253b14ae0a109fbd7f4d1f846","sha1":"7aa394202475c4c920e84e251a45cce21f1b7e52","sha256":"3f1a3f5447c494b34fbcd3deea921f7ffcb8928b525697e5882d7125a02d60e7","sha512":"ec643aceb0f46fd65a8a969776bcf54fda2d8310fd857925f5d94c9800a64568c14beb3f278ce07e1da86b6553efe0b30d71bdfa06e5c6519472930143974ec5","ssdeep":"","tlshash":"29b012d71ca29902618301520b9bb80c33af007b285cc448749edb000f133ef880b747","first_seen":"2026-04-11T18:33:40.239113Z","last_seen":"2026-04-11T18:33:40.239113Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2517,"timings":{"blocked":1093,"dns":559,"connect":261,"send":0,"wait":331,"receive":0,"ssl":270},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"m0189.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-swiper.BZHh067v.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/vendors/vendor-swiper.BZHh067v.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93DE10000034342DEED8\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7362587729140431364\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: wFskMIVNfa5hCtdsJWinbw==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 8ea12f02e7be04a299c069541ccef3af\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25325,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (25324)","md5":"c05b2430854d7dae610ad76c2568a76f","sha1":"145816300cd4c6909997794cf1ab42b3bb00dd6d","sha256":"d29a8b2c4c8b0610ddc3dcfccebb06412913eea41cd91ff89f0fcef10c7c29d7","sha512":"ee638330ae842e4710ee85dda03281a0a7d88a1cfaf428d07ecf99044327dbdccaf81c78f57b33638e66e342b54bd646339ba5b57bbb47fbe2243225d711656b","ssdeep":"384:bUbe8pEdUbehJZdKW+S1HB1Hr3zjfy35mSmZoTm84FiTU:Ib6ib8JZLDxB5zjQ5mSm84V","tlshash":"19b255a45350182757270f375b718bb8edb444c20b978a6aa1c0ed44d7facbd132f6b9","first_seen":"2025-07-01T16:31:57.746779Z","last_seen":"2026-04-11T18:34:05.948715Z","times_seen":105,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E4CD9B343838D88145\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14834463352724402867\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: znjKojvsMJuM7mIhhoU7/A==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: d4e9d6e243a8d818b09edab21802459c\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4231,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (4230)","md5":"ce78caa23bec309b8cee622186853bfc","sha1":"b357819ac4cd7541a23f8bd288488d111a49f093","sha256":"440ad477c82b0fd419f8ab4cc0f4e86aa9173e62c670c35582d995e4a9392f0b","sha512":"810228a7de832c8915264c2564c718c556cd02adc84d78ebbcc14440b3c2be6857326142c8f421f5badd75412dc972b145b859ffb9ec9f52dde27ffb50593921","ssdeep":"96:N2RaIrGAMfUUIA0Uf6DBAYA0Newn+L0DwKTxw6wNfwS+fRwgkSL+EfLAfcbWo20P:URawGnfUk0Uf6DB9Newn+YDwKTxw6wxI","tlshash":"6691880de819a8b274d62cf8e5a16934010d376f4b10ceaed27e67a39bc673cd24c935","first_seen":"2026-04-11T07:57:01.981153Z","last_seen":"2026-04-11T18:34:05.982059Z","times_seen":27,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/backstage/system/status/currency/CNY/language/zh/osType/4/platformType/5.json?v=1775924259","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/backstage/system/status/currency/CNY/language/zh/osType/4/platformType/5.json?v=1775924259 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E410000032392307D9\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 16:17:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1144662228958241368\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=60,max-age=0,public\r\ncontent-md5: cVglzK6n0Gws3pqDdcATyA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e80f585a6eb7b55ac646326e9d0d00b0\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":21824,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (21824), with no line terminators","md5":"715825ccaea7d06c2cde9a8375c013c8","sha1":"ac6bd173e17a9e55dd975f2f925232121100bea6","sha256":"6b1416c93c25ebfbbe6114dc7805bdc75a9ad3f1bf66045542a0245da6137801","sha512":"4425d555c4f3da05b7c4cfa98a22022df9126ef52f4f353f478636e12933589eba04e437d22c925a4865115e17475e54c92232e7997df593e4bb54b8cb64714b","ssdeep":"384:qSW+TrBmO+Rfj1rrvi0pWY3dgenUyu98JSjO7e3ww5YMNqTUH1DTrd9dNdg6DjPA:VX6fR/Lz/u0gN3wLMNqTYd9dNdg6v2EM","tlshash":"e0a2f109a71428985a2d9c6bb4cd22d9d523c89f28fc52414bb5c3c0e77fb43cbad8e4","first_seen":"2026-04-11T18:28:36.073168Z","last_seen":"2026-04-11T18:34:05.976748Z","times_seen":24,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.DT6xm3Nh.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/GlobalLazyInitIndex.DT6xm3Nh.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E5CD9B343532148445\r\nvary: Accept-Encoding, Origin\r\netag: W/\"AD95F49842A903FD005DECA47D8FE0A5\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11537027225761126676\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: rZX0mEKpA/0AXeykfY/gpQ==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 136ac84172ab32301a5d02287920502f\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":49,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ad95f49842a903fd005deca47d8fe0a5","sha1":"4c812069b62832241f6331c0d7d99a2ce3b1d91c","sha256":"e4a2abc3f844d03a66c305ba5b62ed3a31aa15bf3e4d212b6d7e0f540b1e21b1","sha512":"2c0c2bf149e46ffbb02ad802542b831487f18ea0235a751207e74c96baeb084c119d872691db82b7441f8b4646ed8fed96795566030bb1a695b9af324a51573d","ssdeep":"","tlshash":"ce90020a414b51800012d7455d9ee25e2165d0824d00590d294191412c4e0110050850","first_seen":"2026-01-21T00:49:34.370539Z","last_seen":"2026-04-11T19:41:53.649377Z","times_seen":3300,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/message/smsCountry/currency/CNY/language/zh.json?v=1775912174","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/message/smsCountry/currency/CNY/language/zh.json?v=1775912174 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E5CD9B343532288645\r\nvary: Accept-Encoding, Origin\r\netag: W/\"1B9B134A67EA240D4D04046BBF090998\"\r\nlast-modified: Sat, 11 Apr 2026 12:56:14 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7301319538651435096\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: G5sTSmfqJA1NBARrvwkJmA==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: f21a82fa43116ae0f5a62a9c03894ce3\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":896,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (896), with no line terminators","md5":"1b9b134a67ea240d4d04046bbf090998","sha1":"4e7390db7af34ebd2d86295954291bff01ab6ead","sha256":"87bae09912058ed5b5ad0c5f7f506cb4c082006958986b99d8d52816cfa97ac6","sha512":"9005aa1bd674aaedbd76a3797d90cf375a95a17a860439fc30f0925b54ef94347a6ac22fd67d6876eb1ae85c1bea2a4c08385ceaeb28bb791fd53475b7cf9c7d","ssdeep":"","tlshash":"9211631866e3e72c8e359341a5ba932bff1fad17229150dc64731e91abc0201c92cf28","first_seen":"2026-04-11T18:28:36.083139Z","last_seen":"2026-04-11T18:34:06.00501Z","times_seen":24,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/home/register?id=422876378","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:12.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /home/register?id=422876378 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:12 GMT\r\ncontent-type: text/html\r\nx-oss-request-id: 69DA93E801B8FA313546E986\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 17:06:08 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17493868138726715098\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: YgCOCybv8Qkr5nto7Q7BBQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 4e9be30f7597509873226b13f1dda571\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":256084,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"62008e0b26eff1092be67b68ed0ec105","sha1":"a48b8a892c9735ba605df495d0c46d5d812623a2","sha256":"912dc75fd420777be1c1f09456a9c5a5488f7c603430fb5fcb9945907753d0da","sha512":"e18ce635363e80710da014392e2df601c5211296be92c4be501092fc2439a07a1b216743a44592b3d2a4b7fe92b38d5b9dc55393d305a8619029d3c3abeddb0c","ssdeep":"6144:4/QrTzT/cWuKOOLUUllE1j1PMjAZPos+Rym/u0J:Ex0","tlshash":"3f44b9cbaa9c1f81f53b31e4d057b1cd9a4094dd1b70d9a87b7780abc36f4e08ac6562","first_seen":"2026-04-11T18:28:36.013524Z","last_seen":"2026-04-11T18:34:05.971299Z","times_seen":25,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/netstat/point/get/static/idx/422876378/idxType/2.json","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/netstat/point/get/static/idx/422876378/idxType/2.json HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/html\r\nx-oss-request-id: 69DA93E460F7333933D58190\r\nvary: Accept-Encoding, Origin\r\netag: W/\"EFC88B8CF48643A977DEE8EBEE5AAE3E\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12598442108753170511\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: no-cache\r\ncontent-md5: 78iLjPSGQ6l33ujr7lquPg==\r\nx-oss-server-time: 4\r\nserver: gocache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":310,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"efc88b8cf48643a977dee8ebee5aae3e","sha1":"50b89d535d399493558d0bde1b3225c80548eb2d","sha256":"68f62426c319126501255a6007a3eafcbe6d6b1cd1cfbff9356a7f074ec69feb","sha512":"a1a87517d23d55ac01901a3e09b67bfae830c429739faee843c00151a66ad96e31b831402de959a664aa403e90e88258db641d3dbfefc066f2bde9f80839df53","ssdeep":"","tlshash":"63e0c2c384f2940da155426109e1f2081aca95eb5b47984e3dcda7289f8ab4dc9d798c","first_seen":"2024-12-11T10:09:32.928381Z","last_seen":"2026-04-11T20:47:49.645683Z","times_seen":13642,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/SportDialogChunk.xyCDGz5N.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/SportDialogChunk.xyCDGz5N.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E5CD9B3435321A8545\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15399913536244692496\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: jnLdCdsM3bvE9+P/yHgQhQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 008936d4052e87d1bc19e8a1877d2fa2\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":22184,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (22183)","md5":"8e72dd09db0cddbbc4f7e3ffc8781085","sha1":"12f12132555e6ef5df47e615f708a93c7e3a2352","sha256":"95df4500d6f59003793bc6c893ed6f8a05dd595d488da90dc3608b941ca5f9f2","sha512":"21015d7a842eae380945be588ab7cc03694ded7555ff75bae995bc387c5d75dcd5239de3701e2f1182b3b7ef3129fd70c38ccc4466bf298d3fc76285514e0106","ssdeep":"192:goyXlzJ7UVnjn+VvQvjdz2PsYbYP7lJkIHcCtg52J7TMMOwWkWsNoe4Ojb+:cUnj+9IUIHc48w7IMO5kWM4Ojb+","tlshash":"eaa2b6f79621716fde2b8632ea8992d45140f070c4b29252fe736d290bcbb75bd207c2","first_seen":"2026-02-12T14:14:04.365465Z","last_seen":"2026-04-11T21:10:04.112086Z","times_seen":1553,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/store.C7Aw7dp4.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/store.C7Aw7dp4.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E660F73339337C8990\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6528693225050790319\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: g+ViaIRW/x7lMXL7rQM4oQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 0249d9d500df4715b2aec31a187deda9\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1500,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (1499)","md5":"83e562688456ff1ee53172fbad0338a1","sha1":"c7ae9ef53f1ae3dbe9e76dfce398a05094f9ef4a","sha256":"d9c8b836ab6e0ae7596ac7f5c6147d838ccd4d762e6946c2d18e0fe15c68d6c0","sha512":"7f143729069cea1104772ddf9eee738dc1d912f389adb400e847cf23765f5f3062d55890e408868a62eb1c3603f8cbc09ca8fd26dfe6694389fa9ee799b3fd19","ssdeep":"","tlshash":"be314589f0d63474b3b55c98f0746533131b2a727935d5e0e19f0a530752f01d5aaf49","first_seen":"2026-04-11T07:57:01.970364Z","last_seen":"2026-04-11T18:34:05.959477Z","times_seen":26,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/config/getAppDownloadInfo.json?v=1775624498","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/config/getAppDownloadInfo.json?v=1775624498 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E668A3743932486D4E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Wed, 08 Apr 2026 05:01:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11592966553445785639\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: ey9288LMxXmkdEQw45QsZA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 33c71bf267411eeaaaafcf8e858b619d\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2816,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (2816), with no line terminators","md5":"7b2f76f3c2ccc579a4744430e3942c64","sha1":"1596463363521f67ff7b61dd7bfa174124871fa9","sha256":"cb015aa7322fdbb86754aa5bcadf87481b8a609e74b2725fcc05127d333c116f","sha512":"7728a113a9f939342a3c5ddbbb21668c0d3578251814eb290c4d1ed293e3222ce2e6d0bf0aa81ecd31bdee1ed3731a6f784dcdee2be54da6fbac382fd311d458","ssdeep":"","tlshash":"e1513be20cbe08ca9a900344b5a11a5709614a268b85c01b664db7ca1ca657bfff532d","first_seen":"2026-04-08T07:13:21.570821Z","last_seen":"2026-04-11T18:34:05.986612Z","times_seen":30,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/domain/lobby/domainMatch?encryptString=qq4jdFZc4bd2NndAir6BGndLmyh5xAaLrEKYkgn3neBhpVVPL2TFB30%2FEB%2FqUkyd","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/domain/lobby/domainMatch?encryptString=qq4jdFZc4bd2NndAir6BGndLmyh5xAaLrEKYkgn3neBhpVVPL2TFB30%2FEB%2FqUkyd HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf917759323907611079e5d3d6d13fa79cb92ac2f4b822b8215581386;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-6vbfs|826b691dcb63415491b1e63e1b60053b\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28559\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/workers-DZZHDtNt.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:03.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/workers-DZZHDtNt.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E068A374393276564E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1800655718844965744\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: max-age=31622400\r\ncontent-md5: DK9hi/g31ry9kQ4NwXxTyQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 76b9ba8ab1d89a8cab65e103ba30370d\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4355,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (318)","md5":"0caf618bf837d6bcbd910e0dc17c53c9","sha1":"422eaaf06c514f38e1cfbdce551b6a5b451fd106","sha256":"c9363286062f33a64516d414d4a4958dc0a63d6bd04961919575252684152bf6","sha512":"b92e97c13ab7ad722dd4aded3a6515287134fc8ec41ceeae6db93cf41762f55d0e25cdf76d3f28d0adf7de5f1466bf9e8a63c5ed1a5cdba5ffeab156917ccfde","ssdeep":"96:UGEZjwF6V9jna4b2i0BXFRY/k6/QR46XXgEUKxaYlIjRqrIspS:UGEZ8F6nra4bd0drQ/QRVXXgEjxxlIt3","tlshash":"7d91220f3af6306a5427b070561f8805ba61a42705dedc207e5ce1b09f6587c9bbefad","first_seen":"2024-12-16T04:12:10.876821Z","last_seen":"2026-04-11T19:25:54.426732Z","times_seen":10245,"resource_available":false,"data":null}},"time_used":1302,"timings":{"blocked":451,"dns":4,"connect":1,"send":0,"wait":399,"receive":0,"ssl":444},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/webapi/optimizationV2/site/config/language/zh.json?v=1775632765","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/webapi/optimizationV2/site/config/language/zh.json?v=1775632765 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E4BCB28E3037A5E981\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Wed, 08 Apr 2026 07:19:24 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1566843417741636283\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: w/wbo9GfeQUeFvau2gWJOQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: c2566b5cb5f7d0a35123d13a5083c26a\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":11180,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (11180), with no line terminators","md5":"c3fc1ba3d19f79051e16f6aeda058939","sha1":"53c158cc95e45494456c6f9c4fac6cb8c39c711a","sha256":"05006588b57b5ae119b7760ca40e64a20e3e61567d82cff8351325d555144ca6","sha512":"3638baf7c9681dafb4063a69c951b3669f6de10d984af5da27d993ac62414bd5fda19168a304001d297e31337b96e2cc8ead43066fa41415a75cef77c9098654","ssdeep":"192:1HjVt75d9SKsr/hW5eri0mJgxi4oCxCxUk9NoUgO/d2TneG2Ai6K:1Rt75XSr/hWam8gCx3wPVwDC","tlshash":"8532c0ee2836cd731164ed0472aab246e8d54e5f0fd3f49993f89ec41ad716b0905d88","first_seen":"2026-04-09T09:12:31.976692Z","last_seen":"2026-04-11T18:34:05.98084Z","times_seen":29,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/useSuggestion.DMDpOIX0.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/useSuggestion.DMDpOIX0.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E45D88673136421862\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15113120456626703471\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: OhqaFMu+JYh9BudSVzfbFw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: dc083f22766452d122f2bbb6974f18bb\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1592,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1589)","md5":"3a1a9a14cbbe25887d06e7525737db17","sha1":"fba26cbe4fa8a6765f109ccfe2b874c12a02e189","sha256":"20878cf72928d6142ed628214a7eb632a9f26d7fd42e1eb90f73a399eaf7cd58","sha512":"2d42b94e596b275ab9534f45ef7a2a452f117ae2c8c91f41e422fa95b763885999de8f9da0762242b6efac4b3e6973c1521bd567f84e0d6216e151fb86a3d62d","ssdeep":"","tlshash":"43318109b6b5e9ba49eb28d05473257641ad0f1eac62f060c1bf2e437c09ed580cf56c","first_seen":"2026-04-11T07:57:01.975653Z","last_seen":"2026-04-11T18:34:05.973114Z","times_seen":27,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/commonChunk.DRl68tbz.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DF829A183239019161\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9860467917487008926\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: mlUUeblJ8Z2T5kENMyYfAQ==\r\nx-oss-server-time: 3\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e103ce8df73166e8998b83a2d08a8b07\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1685923,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (33519)","md5":"23dd74ae8d7430d9fabb2ddf0604beb9","sha1":"e9ac993f8b85841a9ed58c4bce62ec54cf5f2164","sha256":"ad9f2e95e2de0dd34e921038c799105b9ac51dca367e0b1a8cd8c878a783a353","sha512":"fc4651679d2a4d1681913ddd13054cf8da548ebea9808383cc511141f7ad625d2695289b7efee9c68284051a14fa9dcd51eaa40508d77a60d903649614efa3a7","ssdeep":"24576:n/R14BBH9ar4rKPfYXiMeKwaqpg2bqaDNSgn9gET:n/R14Bd9argK3YXiMeKvqpg2bqeNSSg2","tlshash":"7c255d8ab1be667077b81c9ca0bb157211297b41b405c8f4f3bf8f763396941a2e2735","first_seen":"2026-04-11T07:57:01.993478Z","last_seen":"2026-04-11T18:34:05.985502Z","times_seen":26,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/libs/rc/gt@5/gt.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /libs/rc/gt@5/gt.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E5CD9B343532748545\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 331822085686857861\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: max-age=31622400\r\ncontent-md5: d7dnpYWIgCUw/cl9sSm3iw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 3f37f4362216624c5d1f7698ba0a3716\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":12872,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"5c44f03dfa4417f3607058fdcfb38d3f","sha1":"78ca488aa7969868b18a71b5237300cfdbd3624d","sha256":"d9eda11c33956bd40daa019eac8079379a050d36fd39725ba7a05c69e55ea54c","sha512":"54d699b3b7ce9e573e0860a770600ebf73a46e4eff0f8dff2bd05f4b37ed0b5acef8ed28707a0347242bd3f25131548c6e6658c3721ab80e46f6cdfbbc5b810e","ssdeep":"192:HgarGaz2uPAQNaTSuwCgrVQYO4x70euo+RXWMwmZaiQ8SeKiDea/Q8SgQvmss5wd:HgmezXTT3V+le6vE4VgrAwzvC9gNFtEh","tlshash":"1c42214d7cf5a0538643b078899fa114b538da53042c9e567c9ce3a4ef684388bbafdc","first_seen":"2025-03-19T08:12:33.778336Z","last_seen":"2026-04-11T21:10:03.979308Z","times_seen":3756,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FloatBarIndex.CA_CzEbL.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/FloatBarIndex.CA_CzEbL.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E060F73339334A7390\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18101783120190078042\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: +eCIacahqrYxr3TmOWA/PA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: ffd247fb3400f08f7671c598f4b13ead\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1973,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1972)","md5":"f9e08869c6a1aab631af74e639603f3c","sha1":"121333529a6cee8a91d3b66f26e96c9e29b86309","sha256":"026d2e1b318f747da0690e162cc970097448f079a41b29202784b695e1fb59a4","sha512":"a5ef0b6bdbd5a87be31da5cfb54a29de7a8bb7b42ff650c7d3f21d04a268034379d793f664873e3f3406b977d72eb397b17c0f582d645c41c5a8dfd8662dc341","ssdeep":"","tlshash":"7141188f1124348e8da452724fd18e2e45d4c1f1523c1cda238f5f252bb029b3399ceb","first_seen":"2026-02-15T19:34:49.138668Z","last_seen":"2026-04-11T18:34:05.958341Z","times_seen":276,"resource_available":false,"data":null}},"time_used":788,"timings":{"blocked":377,"dns":0,"connect":0,"send":0,"wait":411,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/upload/img/1995443248204906497.png","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/upload/img/1995443248204906497.png HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 65391\r\nx-oss-request-id: 69DA93E001B8FA313545CD86\r\nvary: Origin\r\netag: \"F7336C832183626692BF743F8C020B19\"\r\nlast-modified: Mon, 01 Dec 2025 10:41:58 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6512158309788991293\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: 9zNsgyGDYmaSv3Q/jAILGQ==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 3a43708bdd1ac105bfe56e5c10cdeeb2\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":65391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"f7336c832183626692bf743f8c020b19","sha1":"18f959e7236825e28499b15ab9e31f26fa8c6d3f","sha256":"46e9b54f4d56fd0fe1a2580391ef87c3079b3d24705c559e6132ec521bd24a2f","sha512":"f86f31533f54fcb203bb5e24fe292181108e2ba47cb18df3437783ac80977817161687db997dd6f430b8e4df644db810f0ed7c99f919cb6de75681bfaae28f4f","ssdeep":"1536:hqSUV4v4mjf/gvq3RPS4L0/rJMJZudF3H3O+a3LzbDp9ylXaHL:cSLfYgSAgJMvusbb3V3","tlshash":"a753023e8b4eb326ca130ed350d788dda9fa0038b44208405e5c9be5ded4dac82e8f55","first_seen":"2025-12-02T05:51:31.715298Z","last_seen":"2026-04-11T18:34:05.944411Z","times_seen":288,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":261,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_SearchGameChunk.DyOw1KAn.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_SearchGameChunk.DyOw1KAn.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93EA01B8FA31356BF386\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9087085016992820464\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: N2Z6OJ1P3/FpdxDMaIY4VA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: aec4b2592e177a67ff0acf938e60baba\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34699,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (34698)","md5":"37667a389d4fdff1697710cc68863854","sha1":"639deef68ad917b356ef8e0dfff6869c2a9ff30f","sha256":"b72d99d3d98a630cefe541a4210650a2ffc3f25b454648647b15d1d4954db784","sha512":"816b3677054fe9c43919c4d40c6b3f4c456b08f785444dc69ea479d3242e0a1efd00baec5b37615d1b374251f7e06f560dead9d366f9d7bfcce4355cf61679d9","ssdeep":"768:Pjtv77SIeQRWLtajSquTaajJkmh4TtpnTeIUDRwY6jLNtDjlTO5dv:PtHXeWWLtajluTaajsrm","tlshash":"eaf2c6278530723ba87f562a36d5ea9c6144f810ca23eb16ed13ad1fc7d3f7a2634194","first_seen":"2026-02-09T23:27:38.205293Z","last_seen":"2026-04-11T18:34:06.010596Z","times_seen":389,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/autoDialog.C4xspLzz.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB68A374393204814E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4528269770731051642\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: GkDCBmKM4iLif9Q2Nif1wg==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: eabd73210bdbe9982e66781e2ae42447\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11552,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (11551)","md5":"1a40c206628ce222e27fd4363627f5c2","sha1":"990c3a603ca0f5d5391cd26fa37917ce8b213bb3","sha256":"1ed5083fed15a34cd385e12d339837145c7b6ec7c0be72e41be532763f4a64dc","sha512":"cf5ea7cfd044b2ee49804013e7a2b6cff39296df9953782bf9b829e0d273bd192b2b27921ca61de32d7a6e7989658cecf520d2dc316e7634af603d00664d0d52","ssdeep":"192:qRlGne3lU3EU5xWzpObp+2mrz10R70fXXQ7MfXxdDrdgrJOwp4LWzlaiaYy3K5FT:qRqe3SUU/WAg28z10R70fXXQ7MfXxdmr","tlshash":"c832768caa97a5b13998acc8d476863392281d533fddc0d4e5ef1e1532072c3e6b6e47","first_seen":"2026-04-11T07:57:01.966915Z","last_seen":"2026-04-11T18:34:05.957188Z","times_seen":24,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_SearchGameChunk.YQUi1zMU.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:15.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_SearchGameChunk.YQUi1zMU.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB1000003239DA22D9\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3104155690456051271\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: d/TzTDzJmqpNRfdGYtokFQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: c0fc93531b683ffbdb2a6d8367c45069\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":82179,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65367)","md5":"77f4f34c3cc99aaa4d45f74662da2415","sha1":"ae8b868c47665f3de56940cd6ac222c6ecd50f6d","sha256":"847074a1f6855a09e92264a7ddd4d0b1f0cc25896c7de1bcdf69e83c1d24df26","sha512":"0270c944115b181623c35adfe72ecddcb7d8851ad6db4a606606d6a6c9c78409fa35e9a1126c885b2a8b0a76d0e334d7f2060bc75933bebb167c642d263a1449","ssdeep":"1536:gNmRvl+Qaz7eEskMl0LHcwBoRE3D/i3ShQkMAVvQ1Km:gNmRvqz75skMl0LzBoRuDi3ShQkMmvWv","tlshash":"33833a46729ab53477fa6cd570a41080a5385b426501c9fce0ff9e2632eeef8b799334","first_seen":"2026-04-11T07:57:02.015035Z","last_seen":"2026-04-11T18:34:06.007546Z","times_seen":23,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.73.85/ipacdn.txt","fqdn":"146.103.73.85","domain":"146.103.73.85","tld":""},"ip":{"addr":"146.103.73.85","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.73.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 08:26:21 GMT","end":"Sat, 19 Sep 2026 08:26:20 GMT"},"fingerprint":{"sha1":"67:2E:D1:B9:EE:0D:12:F9:62:C4:76:82:44:68:26:BA:9A:11:B9:8D","sha256":"40:D1:DC:63:7C:DC:81:EF:9F:B5:03:78:00:E5:0B:02:C4:8C:B8:60:66:B1:23:54:4A:A6:B5:02:29:CE:4C:F3"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: 146.103.73.85\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 PS-SIN-047qh52:4 (W), 0.0 PS-HND-01MdG15:7 (W)\r\nx-px: ht PS-HND-01MdG15HND\r\nage: 18669050\r\nx-ws-request-id: 69da93e3_PS-HND-01MdG15_5090-32037\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":1291,"timings":{"blocked":514,"dns":0,"connect":255,"send":0,"wait":258,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/game/hall/gameVersion/currency/CNY.json","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/game/hall/gameVersion/currency/CNY.json HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E45D88673136DC1562\r\nvary: Accept-Encoding, Origin\r\netag: W/\"9A6F762E1D2862772D64E560BD415F81\"\r\nlast-modified: Tue, 31 Mar 2026 12:14:33 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11798490293238370030\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: mm92Lh0oYnctZOVgvUFfgQ==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 0e24e3b44f45b83ae346ffce3879f6c1\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":216,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"9a6f762e1d2862772d64e560bd415f81","sha1":"d34a3fd5072241ed5145ccf4c4ccbf2186e99e8f","sha256":"0b721079bbef3184b917be1a007241fa59eca4dd32554243cc9aeae6e779cd3e","sha512":"768e0562662d4eb6c697dd1f08dbb0978dd7fa719214b1e22d7aed873739a4bece23957755950dde4d51c25180a1a36a06862016d77b984638c666045d21d19f","ssdeep":"","tlshash":"f0d0a776c63410126120a999dac2298fdc9482b1df9c44d9b13e40ed61882114a216d1","first_seen":"2026-04-01T17:10:55.154419Z","last_seen":"2026-04-11T18:34:05.972515Z","times_seen":55,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/Fragment.yuY--IQM.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/Fragment.yuY--IQM.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E41000003239F907D9\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17420767217132558655\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: v3vPpRI8ehy080xdSD/Q/g==\r\nx-oss-server-time: 18\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 2340fe34c46a9a86c0a41d0ccf63bff6\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":66539,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"bf7bcfa5123c7a1cb4f34c5d483fd0fe","sha1":"d101505d0059621eafa2f4f9227cb48110bb8758","sha256":"0d4990b0cdfd0dffda97c81771d8ce6c0afaf1ce4495cdf009dae503cd8c1522","sha512":"17f8b564ce6f8ce8ae4ac3ca8e3043946050da2f2488812fea68e65ef6b9160b2dfc6778002afeb99979f068360c3162e3871a5b43de24255995ae2ddab54609","ssdeep":"768:/sDh412MulWAYNlN+SgHZet4Gl2F4FHZliWXs+hmXg7DQk5PzMIXMsD9ibWuLRbM:UFFSwjG4UHcgw6uLRbpEbMules5","tlshash":"59533a4cb47995f9bf789af878620434312d5f190401c8f9f0be9f962699f40f2a9b39","first_seen":"2026-04-11T07:57:01.988584Z","last_seen":"2026-04-11T18:34:05.969584Z","times_seen":27,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/login/login_icon_yzm.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/login/login_icon_yzm.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E51000003239A50BD9\r\nvary: Accept-Encoding, Origin\r\netag: W/\"19EC8272DCA3790DBF05C2F708ABFCDE\"\r\nlast-modified: Mon, 22 Sep 2025 02:38:34 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16147313297952050966\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: GeyCctyjeQ2/BcL3CKv83g==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: c87e37a7b47f4f8d28a3a5fd115eb5a6\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2112,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"19ec8272dca3790dbf05c2f708abfcde","sha1":"3efebf4ffca0d61344925691a22fef2634f44588","sha256":"88c4315a34924373bdca8153ee36b0bbf10cd39a26e29a22bd195f7dc70c6f75","sha512":"290128b73b6e0f6ef979d6ba3885ab268a71caef45a753570a2b237046022cf2e4a32944b25481bba360a72b3e185770d2ac8396edcb606736d565d49dc5cfe6","ssdeep":"","tlshash":"2f41013f0212dbaae5c0f7599b54629c7730e16078fd52d8db535da79c021b7e436c60","first_seen":"2025-04-07T01:42:52.783593Z","last_seen":"2026-04-11T19:13:42.603023Z","times_seen":5818,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/webapi/forceUpdate/getForceUpdate.json?v=1775624475","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:12.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/webapi/forceUpdate/getForceUpdate.json?v=1775624475 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:12 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E801B8FA313596EA86\r\nvary: Accept-Encoding, Origin\r\netag: W/\"F55061E44DF81543F3CD20F6295CFAD6\"\r\nlast-modified: Wed, 08 Apr 2026 05:01:15 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12471913413947167885\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: 9VBh5E34FUPzzSD2KVz61g==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 21b886f26135a272a64d89b5f761035c\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":492,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (492), with no line terminators","md5":"f55061e44df81543f3cd20f6295cfad6","sha1":"f27350864674e3c76ca709fee68a535e22ab3257","sha256":"a7eccb2f3ef0a22b5831ae45c1765e09feb508f1d53910da9036489b1b49d4ab","sha512":"f709afdb4337e4e065cdc89e8f9a66a1dbb420e68c979fb35242ec4e9554b1658052ee84dd21af4b434efb36b46dd2ac2bb49bb64268dcb420310e64867825f5","ssdeep":"","tlshash":"b1f07ef41722b82ba62d1131d003aa0c18750800e8b0c2da8aadef94a0538c70ee8306","first_seen":"2026-04-08T07:13:21.531378Z","last_seen":"2026-04-11T18:34:06.003136Z","times_seen":30,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"riskct.geetest.com/g2/api/v1/client_report","fqdn":"riskct.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"43.159.108.100","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"POST /g2/api/v1/client_report HTTP/1.1\r\nHost: riskct.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nClient-Type: 3\r\nAppID: 9ia4hndgblg9xihxcwgdjt9ztg8sjwaf\r\nAPI-Version: 1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 3594\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nCookie: g5_ts=v1.eyJ0cyI6MTc3NTkzMjM5MTIxNiwibiI6IjczV1pPTVUxUzFONiIsInViIjoiZGI4N2U1ODIifQ.6f177ad15dca372a0f2baa262fa6c4b4ef812c350c06c0bfd8e31b2894066f01\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3594,"data":"\"R0VFAAMzIa1nYlDj1lgh9Mvg5qC1j0ZsdvwDTN-zeGZFkjLRGfD0Q8ULnd3a8g_XP7COYcSq9yBVg4nC_zFYBJ9FTEG5DttJCvvnyNHSFqra_xPO_RLdS11qP3baZQ0hVFYTk-h4GES4TcUKUZBfX009v8aSfikecUq6226pZg9GBjj_yeP4vmgHlkUABu7kvRN_C8aVUkHyGBuXM-P0atJ6lXdefyIuYZAH-7Wlp86nWK8so6SwXE9qZtqkVYJFcODgczRHIZW6Z0rVtDW4LNtxkmmkbdMyDVKQg2itlQPmA4fGafugapQMerpbE7U5eaxVcQbxuFgIJDxdFZ057zZPHzcmZFNwbtm4SRMN_ICrP7CqL6KFC1pVnNVmLKuJhtDt0FBrcEIYqnMcLKRz9yFzPqj371UocvnX18b7_p94E6zViUHGIzfdtOipMvxaOdRDYnmPC0IloTpIgtwwHmgcmdI-fmEges4sX4IIZvLskVjcC6928cd-njR0qi0LUB7elqdHMXsbIdqA5LtEAL4hmB3tFQtXk6Jd9D2o1I5r2j6aLyTvK35XU-zor0GY2nwWvO2IDHCZhLZkUzRlK1bFaTHBSqxRQbYfr1b0tbQk22_DPtuRdxGxW2SxgZG0IvoFfiukmfK0yXF8I_HyINHaX7O05S2TBMwqEXSx9-vGRrBxpsiItOEsKpJQYH90rZk1UkKj85mGYdvg0cKuyhQiAaFsjd3ouHPIsoSKruA_l0JnE9dw8GHmd4fpr4ADns0IKjIBm_10y6G1SMvO0REo2NtpzxtB4poeKeqAfVP0ciFNOK529KF3WAlCAx9PAZxine1tdknswRz5kesdorCtr-Gp255uCuEQA47Tq0AiAmhRzAbUaDhfc1MMCgZApZl7nf4Hg85LwAgms1LHDBuzmsDyW8Ep6c6fi6mqOt5GHle3a7tRdfjR-l8Gk-LHfc3gnMnmw06Mv7zBWBLtr4WaJdL7yLicqjCYFdqUdc4-Mm7_bBnD2iXJSYOtK7oUGl4xMHoX-A8y5Q6Ltir9reRKe3CoEUxV7uEiCjEn9Q8WclcZp-NEEAn5BdQZjqszG8jWA4Hw-Q5P3nEqvtsz3T6kbOUk9eamxkdmx5Ovcsj7-eUos1KXLHKs-YMQK_OZ6QHbRp2e7Vze62mR5gaeGM6VPaJZDGexeLH52Y4-veGGbme9eDZtaHopZQOiV88pT-2W29mWEe1e6ehANMR9accPz4FFKo7cQLl4EPA8eE156BIfjZ07-RqOtFoNZ-goKhm1Cqia5rsmxWqu6fK8rXbHyxm5RwP6PN-OH7E0-DCq0FmEmwCfWNg2UrEnA3o8CfgwF4fXPUrdeq4ne_VmMDR6LZDU_n4W_z162iEqC6j7nt3BfTpbKmJVDCIYpbeIDFT7IC-tsmW0IrSucv1kwpAtliR7zp1V4p-6G0ha-aAmuhD3C61UeHKWswFAVMoPINQfmd8D4ZxzsZaez6Yltyy3TlbAO4XuM4gIbxdUjeBRTijMrkf0ZanbbQ8k1yjY8IrXYqjKzqH-qQ1R3tujg5cWrtyoXRU_83X8I0nM1fRTGc7rnfIiAtt-eAsncWsM0TbHxjZVOcLqG1TglzbR3A0N_Qd8p9znE-HPSR7Wicxc8-4tBlUYmwKjVuju-XYgdmNCN5HbkZvgevZ-WqkDUjvzlP1w9ZiNFjnFBZ8SbKo9wjhJ60-gLP0J8NbYjoq91YAHRShAj29Ky-lTXDGAURIetJvX4hxgjMdqhfNRPGOFwI_pKphV1iIG4kTeLm9CXUxLzzLHGP51aezRuSg_QaDP1FRuaxZnmiSUWCjUd5VFfAdsTIeXZaddURCKrcwX34_c63j5leDbZm_NvcUJnUDTu3E_dkM0A04nLNHnv7M_x8__HO2rEb59m-YsqbZ7A3ZyDFAVroRqhSjqMqsZmeCAqSufJHyizT17DFpC8Bz58yWPjSxzXQiWpIz_YFL7ePAWyIy-bsxFoIAeFIRj-AU1Sl527S3qNI6663zocZLJLs2r-KXOKKyHzYQlZN_KUL7rM5Uy7JQU-l5ojKtk7Ktwj50Glzt6SnDRoDkei0bY-tPQZvnBqRY36gjE2Av1rbpie6hTSeoBJ0TDEFW_EeFIePlIxBqiP6SKnmuF_lzwiTxlibgFNFtj0QSG5ooTftBbEJRhDeGR5VIl9o4KB8ikW5LL9LxhtFi4GpubzirZuLWkmu-Jyp3kK_wpRre-Y0l3Wj-sftNJNm-flO6KmX1J5HLV1GVMG7BIO9Xzo0t7Ulc1B8aAx5r6v1hVQR77rTsbWBXIGJtqklYjH305ETiRZikhSJi5blGDjfPpU33I2AFAibzO_YMYYlWaJNpuCPrZMevNo5eRK9gfnfHITZ705BFsgQsXYIPNFXU5fh4T4c4yA-iIkU9e-OPsYgDBQZr6Jkfem2Ql7BZkqZ6r3eZhYTUv_J2cEAgoRNfcZ-s2GDPe0p7wtx9C01yxvfeZ1wRe8jjsyeL41fTfJo-QcF-D-d1j_Dmq4ftvtnoVMN8Jls_rjBvjLk3ZuPjJo9WysDH5kbUJ8Y5qmQLU5qsYu-0V7o5dBKEuE9eLhobjQYzVjBUHAZrw5LnPatuMAht1vIbJUVsfotlddyDQiaFQRcBho1_FmJkgNeNJDNSzRPar13ivlInO2J_jYCSxJN64ZGMtmLZH1zCYqGCbu7NgkFXVWv7Vpydhi3rFZkK82ukqz05HApOFpUNtHoZqlJLuIY3wjAVgFXuG6Q_Rbk1RdD7iW18cJv7YvZ7sBJOSMjYp-ZGgWmvcFd4QRf7-Q0bJlFHOWTZ_HOfvNog-yccoywFIPL3QLd9SU_nnSyUh-Nd1gucWTyNx99cL4bh0WWmF1mI66wPDM041pbpt9lD3PMPWI8rXFegan9QqjAsR0bk9WtLI5MkECma2GK1WQFwrdnglIeNK2O1D3xcDZoGUxtkyG5DZBjPVP9sAyneO_5RLBclAjabAoUMIN94_DQY55efE-EbiP1Ub3hjb5AG6JWl5GeubB_v2nNYRMoSmsSGHLY-IEfcpRNyKdUK0LLMy7z5kSxN3zp6M8GtG82J55C-gx-xJ-IIqrlco6V0KbbQccWns27c9RgNB6JK8ol4-SZ5pJXR_bWJ2wKH4RIC5YrcPw2g-pEJG7XXV_Bkg9Zgv_flyOb8vo40WWEn4HsyKXVpgww3RqXnpCHzEipxweBjzSQlMo1p8GlseRpSCINzQtLze28jfx5GTG54-vhZpW8YS8D9NiVF2yRUNblFY6cjyO8QDTEtMbz2EgR8z8u23n60FJqS6C_Y4ERLbNswQV0tlCqtLbel_Lxg2SwvJKcDE-tTl-IwwE3_JP8fhENrHVPPPEgaSDxNR5xFbP46gYzRR2SjADrVR1V3yVTS46bmKhA3NeDoKkpJvaRkMB2RIwrsB6Xm6Z8_VmciR1bXqCfumQpG_wyX6ua5SYj8Ja_mX2dANF0LBLVy5p_BIOSsy_0nKBNVVQRQ4eUQpltWaYE_umE5WzyzpLXx5oO_Yy1nR7AaOp9BePciYA6z2cASxllZPYfWwQ2NZYFKQexgX5k91DrM=\""}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\nserver: TornadoServer/6.1\r\naccess-control-allow-origin: https://695rdgnfw5f.18912244.com:20206\r\naccess-control-allow-headers: Appid, Client-Type, Api-Version, GeeID, Content-Type\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS\r\naccess-control-allow-credentials: true\r\nexpires: 0\r\npragma: no-cache\r\ncache-control: must-revalidate, no-cache, no-store\r\ncontent-length: 553\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\neo-log-uuid: 11942250580499492483\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"TornadoServer:6.1","description":"","website":"https://tornadoweb.org","common_platform_enumeration":"","icon":"TornadoServer.png","categories":["Web servers"]}],"data":{"size":553,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"863684a6021d3627c980d04f9f8d19fa","sha1":"7c1fb417a4e7df38bdfce634aa44136f19ebeb31","sha256":"6a7a12aa6e75c2b683e6689534db25fca9280623dc2ffcd5dc10b0aa24a3a4c0","sha512":"0fdf5299f9b3a7f15fc14e0252f9d45eece747801efb24311cd23952ffb193dffa14ff32a65f61fd08aa89780dd398876f97126e7b8765a24ed5d958da894bf8","ssdeep":"","tlshash":"0cf0960e50ca54b01c70f851a86b21c9c56a36d8281d00c05ecc702d97f40c4b61f822","first_seen":"2026-04-11T18:33:40.260014Z","last_seen":"2026-04-11T18:33:40.260014Z","times_seen":1,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_EventDialogsChunk.DV65tY76.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_EventDialogsChunk.DV65tY76.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93EA68A3743932C77F4E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2463653236104947467\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: egowdAxo19mmc7e1HGpDRA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 6f419fdaabd4e5f35eab362cf27d732f\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":225743,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7a0a30740c68d7d9a673b7b51c6a4344","sha1":"84403b9729a208176b3b368ef1aa26e747de4a4a","sha256":"453048d6592a2c4290b07455116b653df8c1b25a7edc130c965bf02d19ce2bf4","sha512":"3ef9f2440840dc103f35251c16a5aaea4d5d3dd551618270a2dbc9d706545d28fa00ea1bc3ef6be11198f8c363ffd9afab70a9776abebc97d5a5d86592c27c61","ssdeep":"1536:k8Un2QrPWb1/iNC4iM5MosjfUboGswKErH1AweFx:k3n/bY1/iNC4iM5MFjzG7KiH1AweFx","tlshash":"dd24292bdb30713e642bc235bee1b3d46195e450d22b9266ed235e348fc73a73672642","first_seen":"2026-03-24T09:26:38.106256Z","last_seen":"2026-04-11T18:34:05.967174Z","times_seen":131,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/index.DMPbKmRp.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DE10000034344DEED8\r\nvary: Accept-Encoding, Origin\r\netag: W/\"E04F9A761CC73F53F604E332403E1D4F\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11237550270205145742\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 4E+adhzHP1P2BOMyQD4dTw==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: e2ea2bfcb1ce1cdc30f8fbb86d222795\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":358,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"e04f9a761cc73f53f604e332403e1d4f","sha1":"344802ef2d3827a970964c0f0e203004baa74e6f","sha256":"479d8498b6f9e041074a47a9ae553c10022b22f47b8c69e7ed1fd0c6d119efa0","sha512":"6b1f4562a9f4c47c5ac32be2831560cbc0c5063dfac2cb5f8293f4bc172fdc17274a4362f6f4cb861532afda5c6f93e34e5e5f1501b2c821e7a6ba8ada85a0ea","ssdeep":"","tlshash":"6ee0c602844474e028c6dc80c72ceaa1e2c806633362f476f2ee2f62a3043b58a08703","first_seen":"2026-04-11T07:57:01.980459Z","last_seen":"2026-04-11T18:34:05.974264Z","times_seen":28,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.73.193/ipacdn.txt","fqdn":"146.103.73.193","domain":"146.103.73.193","tld":""},"ip":{"addr":"146.103.73.193","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.73.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 08:26:21 GMT","end":"Sat, 19 Sep 2026 08:26:20 GMT"},"fingerprint":{"sha1":"67:2E:D1:B9:EE:0D:12:F9:62:C4:76:82:44:68:26:BA:9A:11:B9:8D","sha256":"40:D1:DC:63:7C:DC:81:EF:9F:B5:03:78:00:E5:0B:02:C4:8C:B8:60:66:B1:23:54:4A:A6:B5:02:29:CE:4C:F3"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: 146.103.73.193\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 PS-SIN-047qh52:4 (W), 0.0 PS-HND-01MdG15:6 (W)\r\nx-px: ht PS-HND-01MdG15HND\r\nage: 18669049\r\nx-ws-request-id: 69da93e3_PS-HND-01MdG15_4972-42822\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":799,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":799,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.BKUOS2W0.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/index.BKUOS2W0.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E668A3743932546C4E\r\nvary: Accept-Encoding, Origin\r\netag: W/\"42CC1B31BDEC308BB0DD10035D899094\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9708368353051721836\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: QswbMb3sMIuw3RADXYmQlA==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 9258882626e838fb183dcf4522302050\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":717,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (716)","md5":"42cc1b31bdec308bb0dd10035d899094","sha1":"8e9a0ca1e06f85bbc559326457006fc3e1050aa1","sha256":"4e87052dc311a5b72358ec7980f4c98f97d99850c1ee8800da61318ecf540f30","sha512":"f4cb33e7fd67c6f9100f59983756deb4c01281470ffa291825614caba00657864a066f7b820b9856439588b28f718cd7f4dd2f8e3f7004f02b65194314ffa8d5","ssdeep":"","tlshash":"1e01fe67f142aafef62ca4a4c0106bf54a02019431f598e0e53eaeb300e0ccb2c1fc0b","first_seen":"2026-04-11T07:57:01.976982Z","last_seen":"2026-04-11T18:34:05.950775Z","times_seen":26,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/agent/promote/getIpBindInfo","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/agent/promote/getIpBindInfo HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf917759323896918572e5d3d8225c2418a3500129a828bbb0ab642f9;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-fnc2j|1fd3c65937dd4de2314dfd1090673bbf\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e5_PS-AMS-01QkJ103_53875-28518\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/input_icon_yqm.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/input_icon_yqm.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E501B8FA31355CE086\r\nvary: Accept-Encoding, Origin\r\netag: W/\"EE20807ACEF94C9720A478D922641E1F\"\r\nlast-modified: Wed, 28 Jan 2026 13:51:15 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8373359362244287372\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: 7iCAes75TJcgpHjZImQeHw==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 21cf4170a1eb554f55b254e1ecd09ef4\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5401,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee20807acef94c9720a478d922641e1f","sha1":"18e39b277a84a4a949fe188d1a9c34fba1594409","sha256":"722a9c40fdba9d4e69eb34c3b92ca98179ca08abbc4604a20b67d1abe53489c6","sha512":"aaa468275c1bf81899543b27c5b87908a66a5875b6dda6e2632376735e76cc06f304cec9f6ba40f562e22b61c6cf3c15c9e0f4fcc165a36dae6a263d525588cf","ssdeep":"96:+IslkH5Dci06kdAZV1FblW9GU0uk2T7IsEFW8Xbv87D:u6HJOu1OKF2vHy87D","tlshash":"01b164fb0324db96a6c897941f90b98d373992c9f1f281c0cb171a52dc0b1b7a23dc50","first_seen":"2025-04-11T00:37:49.535331Z","last_seen":"2026-04-11T18:34:06.00565Z","times_seen":1678,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/SportDialogChunk.B6i88ztc.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/SportDialogChunk.B6i88ztc.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/FastEntryIndex.CDXIfMt4.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E568A3743932A86B4E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3647380512386429017\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: iaA+vL1jzxyv9Tvd/xRYOw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e910fb8467c4936ad1e0ac16ca37db48\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":126678,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"89a03ebcbd63cf1caff53bddff14583b","sha1":"b6f749386c14528fca07615c364f859c485010e7","sha256":"eb1e6bb93fa5edc98cad189db50124035e5449f936ea34d317496f8bdb380049","sha512":"66b16e0b632596a9b7e950cc10410c197e19f1878553236bad6b31528419e499437831a7f8a0238b79ae9f8bb553ddc2bdbf904269d60dfffa8c234fef5d4ef1","ssdeep":"3072:sWXth1hpyW79eOyqblMjsfiEHa/krIIFYykV2oXE9eU6Kue+uS0WiD2N+9b4zGoK:1Xr1hpys9eOyqblMjUIIFYykV2oXEEub","tlshash":"efc32a18bc117d7b632f9958763c0489615e2771b08bc8f1edfa9ff0b649b11a271e28","first_seen":"2026-04-11T17:01:17.532657Z","last_seen":"2026-04-11T18:33:40.264072Z","times_seen":12,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/gohal/staffAllV3/currency/CNY/language/zh.json?v=1775924197","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/gohal/staffAllV3/currency/CNY/language/zh.json?v=1775924197 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E601B8FA31352BE286\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 16:16:36 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15082276009759923846\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=60,max-age=0,public\r\ncontent-md5: xhJj4Jxa3CXRhjzj5zztYQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 70daa7f0929dbf5272b89fe40bcc9e9d\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":19884,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (19884), with no line terminators","md5":"c61263e09c5adc25d1863ce3e73ced61","sha1":"287aa3df736efaba9b0a3b05d7ba66c76422fd80","sha256":"150258ec9c56bb997d062d79cb879add2d2d09c9e09b3936bc0bb98e2e2390d8","sha512":"333cea5ca2161573d0325f086bb978021367bf6318ae104e8de427580bf2133b32b324b64ad82d1ede0ca23edf653d71c6445b6908c02d420adce9fb55e41bca","ssdeep":"384:lHMusDN4PVb1vgFs1rI7vKrKts/lAChX/v3X64ry0iEQVkGe8:tMusqPV1YfcZH6SbcFe8","tlshash":"e392d058fbcc8b04a84aee50ae6bd0c43459b4fdd250b9e60ad9548f100ed216ebbf71","first_seen":"2026-04-11T18:28:36.051806Z","last_seen":"2026-04-11T18:34:06.006291Z","times_seen":22,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.BSFsUolT.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:15.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/index.BSFsUolT.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB68A374393202824E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3722565124371609502\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: jVvHDb3clQp3qNxIqNFh1g==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 41bcc585a6eccf91bf799b31c1918ee5\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4222,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (4221)","md5":"8d5bc70dbddc950a77a8dc48a8d161d6","sha1":"204c31cfbf9429b29cebe399b2e000ee0f7d2d62","sha256":"9b565d979fabc9a984dd12649b854814d2cebe3715aaa0ea6ff3ecb9b78a2e51","sha512":"4aa59e069accb5da8e9c1ea2127770dd4b237d904299ad9fd9a4d1e7062bd6a2e024d9e744d96b2174dcfd691642897c4dfcf6260abc0b0dee19a1c59791d6da","ssdeep":"96:xtIe9Y2xuktiNFMMOBAmt5XilCZ8AjlCeAqlCXAalC4+AxlCJsA+UGWgBZ7cv:xt19Y2ftiNFMMOPtMl0lXlGlRBlaQFBI","tlshash":"7d91a8caf02d33a1751c5c5eb42d376a0f1c7b20a02ae4f0ee8b5b75120499bf9d9d69","first_seen":"2026-04-11T07:57:02.027754Z","last_seen":"2026-04-11T18:34:05.957768Z","times_seen":24,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3338188mgm.osfp4nmyl.win/ipacdn.txt","fqdn":"3338188mgm.osfp4nmyl.win","domain":"osfp4nmyl.win","tld":"win"},"ip":{"addr":"172.65.218.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3338188mgm.osfp4nmyl.win","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 17 Jul 2025 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:9E:38:D1:9D:FD:4D:EF:4D:55:05:E4:50:2D:58:88:B5:0F:4A:CF","sha256":"E4:E7:8E:22:6A:48:0F:AD:6E:FC:26:03:BF:70:3A:BA:71:90:CD:6B:45:3D:C0:06:52:0B:D9:04:85:71:C8:83"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: 3338188mgm.osfp4nmyl.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\nset-cookie: acw_tc=0a0f6b9117759323878087317e50bce30d663058398e97165fee1b51e97c48;path=/;HttpOnly;Max-Age=1800\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nserver: gocache\r\nc-type: pf\r\nrid: 031251e7470dca8253525cc78842f44a\r\nx-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":1455,"timings":{"blocked":550,"dns":85,"connect":1,"send":0,"wait":351,"receive":0,"ssl":465},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/game/hall/listPlatformCateExtLink/currency/CNY/language/zh.json","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/game/hall/listPlatformCateExtLink/currency/CNY/language/zh.json HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E460F73339338A8190\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 09:41:24 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9522029237424924410\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: qG3nGpG1cOXDciLd0KY82A==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 54b239562a4f01d11c9cfc0360eff4ae\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24256,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (24256), with no line terminators","md5":"a86de71a91b570e5c37222ddd0a63cd8","sha1":"1c8864d57faa5e98d42ea5a2c7c256eab66289b8","sha256":"a5b0a39af5a30448b89c9ba93335e8fb0cf902ad358283319fb477a6179b1e08","sha512":"62b8a92c1ed196923fa22a1a4ac54e11d15dfcc12983927ecc65349e3c63d8c0ed6155f0de0071817badd7103c89eebc17dec8723f4de979dff75ff09c9ec10a","ssdeep":"384:dyIA8zVYQyV2Tycrxky4S9n5gNaTRFn5NhWpadVTcFqawmu5oCzS/RHXNhIk:AmVYRqrxf5lF5N4odhcWeRH9hIk","tlshash":"b1b2d06f8361ea90b95e25667046ae703de66be7cd41fe794e04b0c74f1ce62cc09740","first_seen":"2026-04-11T18:28:36.061152Z","last_seen":"2026-04-11T18:34:05.991035Z","times_seen":24,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/gameApi/v1/hall/gameRule/saasStatic/loginUrl.json?v=1770189122","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/gameApi/v1/hall/gameRule/saasStatic/loginUrl.json?v=1770189122 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E5CD9B343532DC8645\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Wed, 04 Feb 2026 07:12:02 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1744321656867229616\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=60,max-age=0,public\r\ncontent-md5: dpT0z9A8kSOZmxAGwV24qw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: daa7576cdfdc4ad1c19b42ca6500ce62\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1541,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7694f4cfd03c9123999b1006c15db8ab","sha1":"23de097ce886aa20668d6cc0250275f71d92025e","sha256":"3c0d2d45b824661f185d11a2aa0c31e4de8a16bbfc3b3036fb511b91a267f4b7","sha512":"d4fce1b39a6e27d6e78760b212385124b40edefce85967773be8eace673820afc3f32552e384689712841d188b18edb3afc1bf01f4e5d517083f202f115617b4","ssdeep":"","tlshash":"c531e6b221783571db7609de604a325f90fe5217d9cddaf1db2f1c3b01b66b851104a7","first_seen":"2026-02-04T07:25:50.97663Z","last_seen":"2026-04-11T19:41:53.612969Z","times_seen":2537,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/agent/promote/binding/reportViewV2","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"POST /hall/api/agent/promote/binding/reportViewV2 HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: plain\r\nx-request-id: c2c359cc-93bb-449f-8012-b272d3f283aa\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932389\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 156\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":156,"data":"{\"promoter_info\":\"422876378\",\"accessUrl\":\"https://695rdgnfw5f.18912244.com:20206\",\"visitor_device\":\"f75052df-c3a1-4058-a524-7aad8f7dc107\",\"time\":1775932389}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 100\r\nset-cookie: acw_tc=0a0ccaf917759323904508899e5d3de84a35bcb8f625d203b154378e1de789;path=/;HttpOnly;Max-Age=1800\r\nx-trace-id: 80cbe3b01ea2d5f2f73a4d644f1d8999\r\nx-env-apisix: 0\r\nx-env-go-biz-agent-server: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-lr8n8|ee4b24650ca4522623268200f6dd5526\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28548\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":100,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"18ba54695857f98c4cea97d5daeaea71","sha1":"7e5e505ec56313f827256dcc1c9ea8b15b977027","sha256":"bd956b383672d5f23610b5cabb9f7e58f902c865cea874b2c8cac51d8f9ca393","sha512":"91a96e5ce5f462adc4c292a46a4c689243694bfcd2f352de24d0dff33cc569d0d62bda9f7c5f04727350331a0b822a9c4ad01118f1886295cab875aafe88e966","ssdeep":"","tlshash":"13b01290532c8b4248556366110f1d81d7bf15798c38831ccc4ead28c44a07723004b4","first_seen":"2026-04-11T18:33:40.267415Z","last_seen":"2026-04-11T18:33:40.267415Z","times_seen":1,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/upload/img/1995443248204906497.png","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/upload/img/1995443248204906497.png HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 65391\r\nx-oss-request-id: 69DA93E05D886731363D0962\r\nvary: Origin\r\netag: \"F7336C832183626692BF743F8C020B19\"\r\nlast-modified: Mon, 01 Dec 2025 10:41:58 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6512158309788991293\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: 9zNsgyGDYmaSv3Q/jAILGQ==\r\nx-oss-server-time: 3\r\nserver: gocache\r\nc-type: pf\r\nrid: 4da53381b5b2de43afee5e3e5cd10783\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":65391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"f7336c832183626692bf743f8c020b19","sha1":"18f959e7236825e28499b15ab9e31f26fa8c6d3f","sha256":"46e9b54f4d56fd0fe1a2580391ef87c3079b3d24705c559e6132ec521bd24a2f","sha512":"f86f31533f54fcb203bb5e24fe292181108e2ba47cb18df3437783ac80977817161687db997dd6f430b8e4df644db810f0ed7c99f919cb6de75681bfaae28f4f","ssdeep":"1536:hqSUV4v4mjf/gvq3RPS4L0/rJMJZudF3H3O+a3LzbDp9ylXaHL:cSLfYgSAgJMvusbb3V3","tlshash":"a753023e8b4eb326ca130ed350d788dda9fa0038b44208405e5c9be5ded4dac82e8f55","first_seen":"2025-12-02T05:51:31.715298Z","last_seen":"2026-04-11T18:34:05.944411Z","times_seen":288,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":262,"receive":208,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.73.193/hall/api/agent/promote/linkSetting","fqdn":"146.103.73.193","domain":"146.103.73.193","tld":""},"ip":{"addr":"146.103.73.193","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:05.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.73.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 08:26:21 GMT","end":"Sat, 19 Sep 2026 08:26:20 GMT"},"fingerprint":{"sha1":"67:2E:D1:B9:EE:0D:12:F9:62:C4:76:82:44:68:26:BA:9A:11:B9:8D","sha256":"40:D1:DC:63:7C:DC:81:EF:9F:B5:03:78:00:E5:0B:02:C4:8C:B8:60:66:B1:23:54:4A:A6:B5:02:29:CE:4C:F3"}}},"request":{"raw":"POST /hall/api/agent/promote/linkSetting HTTP/1.1\r\nHost: 146.103.73.193\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: \r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: plain\r\nx-request-id: 9c5c27cb-fee6-4a6b-ba89-1cbfdd9394a4\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ntimestamp: 1775932384\r\nsiteCode: 1937\r\nlanguage: \r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 41\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":41,"data":"{\"promoteId\":422876378,\"time\":1775932384}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 89\r\nset-cookie: acw_tc=0a0ccb0717759323877093708e4aac32b474d5fba1fdaabc9131d89563e497;path=/;HttpOnly;Max-Age=1800\r\nx-trace-id: ecae9c0a3970940a087eed9ecf5a62b8\r\nx-env-apisix: 0\r\nx-env-go-biz-agent-server: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-ltzh6|88945cccbc0046940697ca74df2a8bb8\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:2 (W), 1.1 PS-HND-01MdG15:6 (W)\r\nx-px: ms PS-HND-01MdG15HND, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e3_PS-HND-01MdG15_4972-42821\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3d3491d3f615a56a258675efba53f891","sha1":"3345fc609795ce0a7b28115d91145437f2061762","sha256":"8de43c59e2f345e7b89e89111df7a9ee4fd13b8b65787be941e7a50f6a020f19","sha512":"f35442aafc60b49037943576b404fc3bc89c7a0f1655c346d57af3f4f93cc9ad79ca4f21c7fa4914a626a6c0d6308d1268394f5147844a760027459238dac278","ssdeep":"","tlshash":"aab0128012195281880152a894451844e2281106d487c7548d6c191844cc1595000f61","first_seen":"2026-04-11T18:33:40.268801Z","last_seen":"2026-04-11T18:33:40.268801Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2845,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2845,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_EntryLoginRegisterChunk.DdEo6oU7.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:05.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_EntryLoginRegisterChunk.DdEo6oU7.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E160F7333933277690\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5996253081032906048\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: /uDfbWR4gTaRYA3agh4QjA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: ba70bfd5b6977f6f93bf42df284418cd\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":173025,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65508), with no line terminators","md5":"fee0df6d6478813691600dda821e108c","sha1":"c9cb24674177ba7ab214e0956ce5a98ac2d3498d","sha256":"a3b354f74e29f3e1c618fac87c30d0d20a606f44a5066a8dde50009aa64ee30c","sha512":"74a2c25fb3d3ed2f59a0869e92ed425242327a58aaf2686904a9f3267bcf74408a57ffbaf5645218508d816c93ff90b522510960593a77cf5ddf27ba29a70d81","ssdeep":"3072:JfHn8jZaav+2UFkZzQIQkoBVKs61rzcKwj9LY/CAq1rWY6iXOhKYoOyR:JfH8j8av+2UFkZzQIaV81rz62qNWY6iL","tlshash":"2af35c49b1bde6b5afb92ca87076082123185f555400d4e1f1feaf2037daf51f2a933a","first_seen":"2026-04-11T07:57:01.991142Z","last_seen":"2026-04-11T18:34:05.965416Z","times_seen":28,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/ipCheck?siteCode=1937\u0026currency=CNY\u0026language=zh\u0026platformType=5","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/ipCheck?siteCode=1937\u0026currency=CNY\u0026language=zh\u0026platformType=5 HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf917759323889908299e5d3d1a1bfdf20991396d742b519d7a0f679c;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-pp87x|f87abff66e6ae72df1f3362898629c4e\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e4_PS-AMS-01QkJ103_53875-28495\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FastEntryIndex.CDXIfMt4.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/FastEntryIndex.CDXIfMt4.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/FloatBarIndex.nFWC6Mt1.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E501B8FA3938E1DE86\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6195868896103800936\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: Kz6LZw24WKTwXPZ17Uqrow==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 22d26c02233ba38566ed96fb3bcf6d33\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15629,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (15628)","md5":"2b3e8b670db858a4f05cf675ed4aaba3","sha1":"075b7bbbedef53ba5eaf89cd617b7591ddfd1d19","sha256":"f5a6f350d467149bd873321938149338fbda0288c2fe38b42bcc2aca259a6112","sha512":"3c74b024e656ea646b2dc96cd11b4c175ba1b9a944f6973ce1bb9e527ed97e5a1bc157bfa107da85dd174403dcecda78014cccfef48e40ff1a3c71acde729425","ssdeep":"384:jvr4vAYVqSSYoLMTIr+JMFzkADRqjrrUrBPJD/9nXIYkrvyx9o2opEDzYUS1yO:jr4vAYUJYolr+JMFzkADRqjnUrX/J4Y+","tlshash":"3162da8cb0ba7077f7b9ac8ce0685552986c3fdad401f0f0f8af6ea11265db17294616","first_seen":"2026-04-11T17:01:17.514122Z","last_seen":"2026-04-11T18:33:40.271171Z","times_seen":12,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/statistics/domain/pointer","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"POST /hall/api/statistics/domain/pointer HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: plain\r\nx-request-id: 9f2a6103-6516-4145-9096-7838250766ca\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932389\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 82\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":82,"data":"{\"id\":422876378,\"kind\":4,\"deviceKind\":3,\"packKind\":4,\"counts\":1,\"time\":1775932389}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 50\r\nset-cookie: acw_tc=0a0ccaf217759323906665115e337d85822418348e6e1c2aa0e8eb3d8b741c;path=/;HttpOnly;Max-Age=1800\r\nx-trace-id: e0e1e8a15d41b879a38bf60a3ff048f3\r\nx-env-apisix: 0\r\nx-env-go-biz-statistics-server: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-857mg|8c6fd9f67217758679c65c04ae48c679\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04DFS81:8 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04DFS81SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28554\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7d7d220f6e63a034c11418fc207c01c8","sha1":"ff6da1fb0c5439c4caab05f20d7b0c48bf96f602","sha256":"b2a843de34278235e09d387109396d1e47772fbe08ff695617ebb3e02f0289e8","sha512":"51b9c0f44b05c80b0a87b281269f744f61313c0a727b775b79cd42c6e8da2ecb58c12630823cbee4e00d8bfbae803f69336177283a2c6dbcd4a3bf8618fcfc58","ssdeep":"","tlshash":"519002d0435d42824c45633861097d81612c546a4455c3188d5d0d24085c0961001551","first_seen":"2026-04-11T18:33:40.271992Z","last_seen":"2026-04-11T18:33:40.271992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/Fragment.GuddWZuA.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/Fragment.GuddWZuA.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E401B8FA39387BDA86\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5366708472410618857\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: nFYIYwZUQEKUPuTeLJNC+w==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: dfc2f2d35086705dbda0b8454bc94f69\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":28943,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28942)","md5":"9c56086306544042943ee4de2c9342fb","sha1":"2dd2995d900640a1897dc8fe3167c5ac8f2fe557","sha256":"74d161d9596c053b9fac7138f745113d753632ce6608f7013222342dcae09c5e","sha512":"02040166e0a56a693b461661834c212e6cd97a0b78e818f7619291b11bbd7caaea3e0a7d13774d7a7b6fccca62301f238a3416ee75327b76e91a9c3d8e2a5042","ssdeep":"384:5VqsIy1lWPOt2gm7dHAcs1iLi2l82VK1sqNgQVJibwkSWtkX0ylJyRv4iiz7TXvp:5VqsUgVJibwpWta0wNLpWh1wN","tlshash":"97d2b65b4b317a36bc1fd83bd6c4a6d49008f910c6238647fd976d27c6c3b6225a079e","first_seen":"2026-04-10T16:38:05.368987Z","last_seen":"2026-04-11T20:47:49.657653Z","times_seen":87,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/site/getSiteInfo/language/zh.json?v=1775589397","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/site/getSiteInfo/language/zh.json?v=1775589397 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E4CD9B3438380B8245\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Tue, 07 Apr 2026 19:16:37 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4893955862861448722\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: cS/MtTCFrPeQ7Yar4IWB5w==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e01f8e021a9ca7a167af3a52ba04ff19\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4416,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (4416), with no line terminators","md5":"712fccb53085acf790ed86abe08581e7","sha1":"bc1250eb5ff5f33de22cd022d7af4c2eed64fdf2","sha256":"539de99324d235c2cd7cc0f71988bb87fcd2af501329f36295f08ae4a5c15196","sha512":"c847ce13547233a860edf2f5cf93e63063aaa57181f408fec10b0573107425e7c0d6f16eb769a8f6a6b40670bed9d023427c14ba9f8c08365e1a4929b30e0676","ssdeep":"96:yAc4SD0Hm+Z2F9qwdCVGw7lVN9b5kzwMxL8LA+OavC:yF4X8AGw7p9bbnA+I","tlshash":"6a915c826c790cf6b4f80a1c216db930f978d0568626a62335fbaaa041ddf8e152f853","first_seen":"2026-04-08T07:13:21.572349Z","last_seen":"2026-04-11T18:34:05.978541Z","times_seen":30,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/login/login_icon_mm.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/login/login_icon_mm.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E5BCB28E303775EE81\r\nvary: Accept-Encoding, Origin\r\netag: W/\"655776100D0C0825C7B64E7D9030C5DA\"\r\nlast-modified: Mon, 22 Sep 2025 02:38:34 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5396805531694654305\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: ZVd2EA0MCCXHtk59kDDF2g==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 0e6029f76d448f450dbef8a6cf4b5373\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":919,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"655776100d0c0825c7b64e7d9030c5da","sha1":"9ab860871d0a97e020b7818722d92b26904d357c","sha256":"d9b4b0749b573048c454032df690dde38f5b4163a3ac514ea137de68c5a4bf54","sha512":"124eb9565a1c4efb115f6e14d15b9643656b1c09bc298fcc173d0df972dee495a232e93219ef3593fbb4bd4b3e6fb926884658b8d34b112c3300da877c84b8b5","ssdeep":"","tlshash":"e0111026d7bb9958e082170893a44d528798f1b4c2ecd4c9e5182a11d6732f1ab3291c","first_seen":"2025-04-07T02:41:07.35007Z","last_seen":"2026-04-11T19:13:42.49281Z","times_seen":4570,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E15D886731360E0A62\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15562207678545264996\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: IWE5O5R54nvNI/MTh2AHpA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 69501472cf52c7c23ab4db7c3e9873f7\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":4457,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3918)","md5":"2161393b9479e27bcd23f313876007a4","sha1":"f6a0a66456e9dfe3c309b2840848869481f97679","sha256":"1a16cb77c3f3aef401d38421e9afce0fb02caa1a02fd234f9e5998b60dbe0fde","sha512":"dec2dd02767b6376c7adc515bc9bf0425c58a8de236e6dcffc103aeb293f13f60eb81112768e63fe21d6e884860daa433613ad7df3c1e73c0ce590b90a1339a2","ssdeep":"96:+/e9ysxI2decrMLlyzqqk2UGdsnvjgV0+QLd2ef0MZNtPAkb+8D4NUw0pbGHyZr:ge9vx5decrMLALkhGyvjgV0+QLd2bMZd","tlshash":"6391a54aa6147bfd39e91cc4fa62946707830be726118290e56e1d0de6cca00cf1dfd5","first_seen":"2026-04-11T07:57:01.96405Z","last_seen":"2026-04-11T18:34:05.975443Z","times_seen":28,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_WithdrawChunk.DBcne3kV.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_WithdrawChunk.DBcne3kV.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E45D88673136B71562\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1796360218414133592\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: JuwyI3IzLCSYjFpP8uEu/w==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 1b194e343173b3a1538e26f03212357b\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":117522,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"26ec322372332c24988c5a4ff2e12eff","sha1":"9055d6ed303e8ab0da810fef93d694c8e61f3b5c","sha256":"fefc32f1b586ff687b63694ba9d67e4896c9fc63a0cfb660da236e3f6db06fe5","sha512":"2e074fe8662a965a611e64b6205bac89921cae8796f3ece10209e895de04e6050eb39616bf3b7aeed2cdd76ac43f90f481dbbc62687b34e72aef6e85c3fab785","ssdeep":"1536:A/t0wVQt+Blp36tyndtWBfu6DlDWfhrGoDsdOBm46fejKJFGK7QF6T:A/t0ptyndYBfu6DlDWfhrmFGK7QF6T","tlshash":"a5b3f85b9b30743b9837d574aec1d7e8b1a8b590c923c257fd836e2e4b8f7a17922401","first_seen":"2026-03-18T07:53:40.325672Z","last_seen":"2026-04-11T21:08:28.087549Z","times_seen":1173,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/winnerCarousel/result/currency/CNY.json","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/winnerCarousel/result/currency/CNY.json HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E468A374393287644E\r\nvary: Accept-Encoding, Origin\r\netag: W/\"4514E63E4311CEBC33A4114DF087B2FC\"\r\nlast-modified: Tue, 07 Apr 2026 19:16:37 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18405144550872095459\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: RRTmPkMRzrwzpBFN8Iey/A==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: c561082935af5d5d443e442205c24be6\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":192,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"4514e63e4311cebc33a4114df087b2fc","sha1":"9294aceb9551096f76cd14c48fa328276e0d23cf","sha256":"9eaaf600bd6592363aa476c0a526ef867ef9c13c4fc6e95e0c478feeb30365e0","sha512":"bdd60c1261ef0e3e16053fe462495b858c9b66c6d7af645e580d1a2d708265a26a73de588404f6f7405d2b5490df0b1cb26f8c34cc27646e2d40d2f1fcbc7cea","ssdeep":"","tlshash":"62c022e6c875047808dd0180220ccda1e0ab8a380102be0a324887823d71b3838abb8b","first_seen":"2026-04-08T07:13:21.582119Z","last_seen":"2026-04-11T18:34:06.00025Z","times_seen":30,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/upload/img/2041771161617002497.avif","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/upload/img/2041771161617002497.avif HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/avif\r\ncontent-length: 27628\r\nx-oss-request-id: 69DA93E5CD9B343532CC8545\r\nvary: Origin\r\netag: \"58074814228A1540BD6B48A6028683C7\"\r\nlast-modified: Wed, 08 Apr 2026 06:52:34 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7052562345767722279\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: WAdIFCKKFUC9a0imAoaDxw==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 38a843685d00fcf52d9259bef784c78c\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27628,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"58074814228a1540bd6b48a6028683c7","sha1":"aed753b747099b3ed70d6364a02ffe557c2c5c5a","sha256":"4b0c8834b24c28f5772d2bd9f42bbf1beacda5269f9886db01c7028b5c4e9933","sha512":"6d0b76519bd558a55d2cf8e0fda669c0b37e2c15ae0c2e454d6a8cf804af32a0b814271a88605aa214181edbedf3b2dd6ffc90b7f5537668177d404383749fa5","ssdeep":"768:ZE4FfI2yuYmbMr7VQ3Xt9tqPZ1WnIpgR2A6HqgbGM9:qC/ygbMreN9EVgRr6HqyGM9","tlshash":"bbc2f10601725f80ee7c4ffcee8a4ed7802275d170423a869d9746c0af3b54e4d52a3d","first_seen":"2026-04-08T07:13:21.554107Z","last_seen":"2026-04-11T18:34:05.958914Z","times_seen":30,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":283,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/input_icon_zh.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/input_icon_zh.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E52A8AB2373542FC6D\r\nvary: Accept-Encoding, Origin\r\netag: W/\"B6656DF1488AA418B6658F7BBAD46309\"\r\nlast-modified: Wed, 28 Jan 2026 13:51:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17354386544977869253\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: tmVt8UiKpBi2ZY97utRjCQ==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 014175717293c030d3366b27dd9d41d4\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1500,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b6656df1488aa418b6658f7bbad46309","sha1":"11d9bdca7e71338758c620f794601383da1c8af6","sha256":"1af46767152628425d3622ecca99bd75c6cad260d0fc4aca1806692c8a2673f0","sha512":"b3fb07624bf8bf9c77713ac4c8cc113e77501f6850947abc84551a33c21ce0d26e9b9e07feefc5249256bc5033124ac49b6e0a9acf57379410b0f19e15140c2b","ssdeep":"","tlshash":"15318efe659915a663005b40cbe59c5c4d3ce1eab4d509c8bb1a55044f2439bbbfe242","first_seen":"2025-04-07T01:42:52.742503Z","last_seen":"2026-04-11T19:33:23.122238Z","times_seen":7826,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/comm_icon_pay_2.avif?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/comm_icon_pay_2.avif?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/avif\r\ncontent-length: 837\r\nx-oss-request-id: 69DA93E5CD9B343838408745\r\nvary: Origin\r\netag: \"6DD235E3400FA0B4794E66E53894DC5A\"\r\nlast-modified: Wed, 28 Jan 2026 13:51:24 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12864486679884237906\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: bdI140APoLR5TmblOJTcWg==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: c8a0758f9522272dd78868a33cd22511\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":837,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"6dd235e3400fa0b4794e66e53894dc5a","sha1":"de6078523adcef58af5d651be83d32ef837a24ff","sha256":"1385a6791b49eab27e3e319fd05e7161ce10f45e43997595b49e932c8f07d90f","sha512":"99a4b49002fd41dff019be5d1bb844e23bc57e66d6b9bb00daa2308aa977a56a72b249079227b56061e55edc5ea334ee7df980cb382c70be33a22bfb938b6aec","ssdeep":"","tlshash":"dc01fd66b3a02522c4a943310489932633a0a63573336df47cc13134d63177ba113f0c","first_seen":"2025-03-19T08:10:08.193707Z","last_seen":"2026-04-11T19:25:54.462509Z","times_seen":1841,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/utils.T26e7GE9.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:05.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/utils.T26e7GE9.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E15D88673136260B62\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4278964272239826646\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 5ZpZmX7psa/U3qxJgKnqyQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 761915ee905e07ec608cce465c706cb0\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1308,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (1307)","md5":"e59a59997ee9b1afd4deac4980a9eac9","sha1":"0c6146ffae9bd3938fe584f4e304da3e6e92bf81","sha256":"8d7c978385bb1cadd140e01b1917b856f32fa5a93778066aa090c75b4e93963f","sha512":"d5b495fd35464a59e2df3c015b497d067f08c20559f9f9c52f8cba7e3e7ac12f6eab3d8ce3de83049e5b6acf517219046086be39b0143de07eab0c2f5fab48b4","ssdeep":"","tlshash":"8d215d327a6aa63567a009ffa9303061d0700ae1342ce1d0310f0d5b3ddeb894be5ace","first_seen":"2026-04-11T07:57:02.021159Z","last_seen":"2026-04-11T18:34:05.987859Z","times_seen":28,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/ipacdn.txt","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 jp184:5 (W), 0.0 PS-AMS-01QkJ103:21 (W)\r\nx-px: ht PS-AMS-01QkJ103AMS\r\nage: 9537171\r\nx-ws-request-id: 69da93e3_PS-AMS-01QkJ103_53875-28423\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":38,"dns":1,"connect":17,"send":0,"wait":19,"receive":3,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E52A8AB23735ECFB6D\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1268031140570383573\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 0tTu/4oChxxPf04rKxzIXg==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e0c7737d7310102ab92858b2560763ad\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9294,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8316)","md5":"d2d4eeff8a02871c4f7f4e2b2b1cc85e","sha1":"997aa454c75a4ddb90dfe4de8b39977af318895f","sha256":"ba93a638c7d2ba777040d71a52f57a6ad8d2d4aeb09c066cafadbc90032df665","sha512":"e5e217dc44edbc0a34684d28ce454818c389c7a9c5069e0b53d8aad5a13edd66771997cc22b23f5332914ab2d84c69d0af94a51cd168e35d6a44212be33610c1","ssdeep":"192:gD9YLf2ENYUThjXbe0gbps8TuGx1lX37IHVfYdxS+BiVLNnb1GCm0f4lsG+e0S0:gRY6EmUThTbe0gbJuGhX3EHZYdxSiiVB","tlshash":"e112d88a71b75af0be7c6cacd46744929b5d3b171410c0f9f0ef5e3023d8940a2ae965","first_seen":"2026-04-11T07:57:02.030027Z","last_seen":"2026-04-11T18:34:05.942832Z","times_seen":27,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/upload/img/2041449847849902081.avif","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/upload/img/2041449847849902081.avif HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/avif\r\ncontent-length: 32581\r\nx-oss-request-id: 69DA93E501B8FA393849E086\r\nvary: Origin\r\netag: \"1E9F168B46BCFB1A542361CFA6A482DB\"\r\nlast-modified: Tue, 07 Apr 2026 09:35:51 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13833344523934968762\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: Hp8Wi0a8+xpUI2HPpqSC2w==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: aa63210570d988b8c579224547348cc6\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":32581,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"1e9f168b46bcfb1a542361cfa6a482db","sha1":"513ffa10f61fa3b649cdb09c7fa227c4892781d8","sha256":"cd21f118e256bcc32d0399b25f823b2765bd425bc11ffeeea65160f908c322af","sha512":"21f6041039f00160d157820fb252b8fd780192778df13ab64dfb4c886c64723c47d9e31cf21845dee57a1863e3183852481bb86600ce1cb1faae4af42b10979a","ssdeep":"768:Tz+jyXn0CCjlWv1088h8kYf/8T60lkQozanaW:Tzt0CDd2FYf/8qzo7","tlshash":"79e2f11bfaaafc3bedce4538467d672100bd4fec65a7520890a3f0da04e5a331e94356","first_seen":"2026-04-08T07:13:21.547141Z","last_seen":"2026-04-11T18:34:05.961754Z","times_seen":30,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"7495078mgm.hdhfrm7v6u.win/ipacdn.txt","fqdn":"7495078mgm.hdhfrm7v6u.win","domain":"hdhfrm7v6u.win","tld":"win"},"ip":{"addr":"172.65.218.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"7495078mgm.hdhfrm7v6u.win","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 17 Jul 2025 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6F:1B:BF:15:50:EA:E3:1C:7E:79:36:8D:93:F1:50:36:86:41:5D:F6","sha256":"67:E9:29:1C:28:3B:F5:76:74:93:15:57:0C:FE:F9:61:27:EE:BF:D1:27:C8:6D:4A:69:F5:63:6E:65:A3:97:68"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: 7495078mgm.hdhfrm7v6u.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\nset-cookie: acw_tc=0a0f6b8c17759323878292419e4b849c15f6e72d4d3facd1e14a5df4eb8d0f;path=/;HttpOnly;Max-Age=1800\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nserver: gocache\r\nc-type: pf\r\nrid: 138262d55bbe0b9e8e54417a987d2020\r\nx-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":915,"timings":{"blocked":-1,"dns":77,"connect":3,"send":0,"wait":372,"receive":0,"ssl":463},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_WithdrawChunk.BVZncZop.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_WithdrawChunk.BVZncZop.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E4BCB28E303767EA81\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7255738119554989485\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: OcJjILN6J4PSW/JcWV9FcQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 059268da09090cdb8eafab4233d21728\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":373279,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (64710)","md5":"39c26320b37a2783d25bf25c595f4571","sha1":"5d036e319ce17f3422261d85dbace9ccedb160f3","sha256":"8c8a697440a0f3e3c09a07c5886e8059a7c404df34860e9707853747069294ec","sha512":"630d4d67ae7f6b1049bb0a12c69569b16e82b49bb4fd5ffa43f8731eed5a24a12c15700eb8c88743013b36431e352091261586cd7c83d0a1a218e234f631b04a","ssdeep":"6144:gwYcTXmqMbxvDNNHthG+/c2/pizzEnENQ/wYTqZrbMjWRLUY:VXmqMbxvDNNDG+/c2/pcgnEeJTKnl","tlshash":"95844c867067e0f8baf9699c60b2059671283b8ad005c0fb70fe8e51379fa50f9e5735","first_seen":"2026-04-11T07:57:02.01974Z","last_seen":"2026-04-11T18:34:05.981448Z","times_seen":27,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/input_icon_zsxm1.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/input_icon_zsxm1.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E560F7333933C38890\r\nvary: Accept-Encoding, Origin\r\netag: W/\"51A7AE37C07E9D6A331980D6F384DD74\"\r\nlast-modified: Wed, 28 Jan 2026 13:51:01 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9154132755381714673\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,public\r\ncontent-md5: UaeuN8B+nWozGYDW84TddA==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: 16bae4a2f9c2b6c987f6de1e835784b3\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2356,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"51a7ae37c07e9d6a331980d6f384dd74","sha1":"ca63b281e412d6a0e6e62d9f4b59f69f0dd6ce48","sha256":"9b3ab2dbc48b71dd17e769df6c2cc740fdb6b153b4115c1c63d521460f94fafa","sha512":"119e7fe54decd97017efb0bd1a3d956ccaf03c608bee0d641d1b1842eb82a1c95188b4c2f238b5bd5d7affa87edb7146e0a9a61faf70c87a2f5d9a7b99bb26fb","ssdeep":"","tlshash":"774100fb125da5e8a0fa87017f81994d273cf5fab0d5229c37191c140e107ebbb3a151","first_seen":"2025-04-07T01:42:52.735543Z","last_seen":"2026-04-11T21:26:13.038458Z","times_seen":4231,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/agent/promote/binding/reportViewV2","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/agent/promote/binding/reportViewV2 HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf917759323902518804e5d3d455cc040f141c10004922fd29e85c236;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-vfnzf|582112267d01db08e47c52133e952a19\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28541\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/index.Bk07ZAVP.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:15.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/index.Bk07ZAVP.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB60F7333933D59E90\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7404062085809207484\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: vbZVudHmQDbfLIWDg/3+6g==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 1cbf2b6cd642fb2766655f900fb744dc\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3257,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (3256)","md5":"bdb655b9d1e64036df2c858383fdfeea","sha1":"2150e1942c83d3395d2b85ff1a9163fb6b470bfe","sha256":"5831de6bd4033f68ef158d3449d0d8a1a32bacb9b8a7285e84f7d8f67b10ba7a","sha512":"292697b5487a026a4fc8d24ab05a6a2241790a560a607a7c6f7ce7afafcf4ee37ce998c5995e969c22a901d7aeab7d470965a035a1a98d31a32148fadff3828a","ssdeep":"","tlshash":"a761a44df4ae6f3033d82e8d60781062b52e3990310ed8e5b9af1b785709ac7827772d","first_seen":"2026-04-11T07:57:01.971183Z","last_seen":"2026-04-11T18:34:05.984884Z","times_seen":23,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgmxbedecp.hddnfpftzj.win/ipacdn.txt","fqdn":"mgmxbedecp.hddnfpftzj.win","domain":"hddnfpftzj.win","tld":"win"},"ip":{"addr":"182.16.49.68","port":443,"asn":45753,"as":"Netsec Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgmxbedecp.hddnfpftzj.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 15:43:48 GMT","end":"Wed, 24 Jun 2026 15:43:47 GMT"},"fingerprint":{"sha1":"30:80:AB:AC:23:EE:11:2E:F0:AE:27:8E:A2:18:5D:73:1C:22:AE:24","sha256":"9E:4E:D9:60:6B:0D:4F:40:50:62:3C:11:CF:6F:1F:A6:E1:66:24:19:A9:8D:0B:4E:CE:0F:3D:A2:51:3E:BD:BE"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgmxbedecp.hddnfpftzj.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\ncache-control: s-maxage=315360000,max-age=0,public\r\ncontent-type: text/plain\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\nset-cookie: acw_tc=0a0ccaf917759323876951245e5d31e5f6022a08d6ba4334fefb060fd4464a;path=/;HttpOnly;Max-Age=1800\r\nstrict-transport-security: max-age=31536000\r\nx-cache: BYPASS\r\ncontent-length: 2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":1244,"timings":{"blocked":489,"dns":133,"connect":175,"send":0,"wait":260,"receive":1,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgmxbedecp.hddnfpftzj.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/cocos/maintain-time.json?timestamp=1775932388073","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /cocos/maintain-time.json?timestamp=1775932388073 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/html\r\nx-oss-request-id: 69DA93E401B8FA313549DA86\r\nvary: Accept-Encoding, Origin\r\netag: W/\"EFC88B8CF48643A977DEE8EBEE5AAE3E\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12598442108753170511\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: no-cache\r\ncontent-md5: 78iLjPSGQ6l33ujr7lquPg==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":310,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"efc88b8cf48643a977dee8ebee5aae3e","sha1":"50b89d535d399493558d0bde1b3225c80548eb2d","sha256":"68f62426c319126501255a6007a3eafcbe6d6b1cd1cfbff9356a7f074ec69feb","sha512":"a1a87517d23d55ac01901a3e09b67bfae830c429739faee843c00151a66ad96e31b831402de959a664aa403e90e88258db641d3dbfefc066f2bde9f80839df53","ssdeep":"","tlshash":"63e0c2c384f2940da155426109e1f2081aca95eb5b47984e3dcda7289f8ab4dc9d798c","first_seen":"2024-12-11T10:09:32.928381Z","last_seen":"2026-04-11T20:47:49.645683Z","times_seen":13642,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/bewcdn.txt?1775932391110","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:11.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /bewcdn.txt?1775932391110 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\nx-oss-request-id: 69DA93E701B8FA313577E586\r\nvary: Origin\r\netag: \"E0AA021E21DDDBD6D8CECEC71E9CF564\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4312349438756823821\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: s-maxage=31622400,max-age=0,public\r\ncontent-md5: 4KoCHiHd29bYzs7HHpz1ZA==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 71226ae2313930387aae417b624127a4\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/vendorChunk.CNv9ECRO.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/vendorChunk.CNv9ECRO.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DF4F0FE43635E6C005\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8017742670860311860\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: gNrEFFIO0YR2OkRJ0zjvzA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 355d0de5f138aa2ed219809a897089ad\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":308171,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40763)","md5":"80dac414520ed184763a4449d338efcc","sha1":"67786faf3b64ff2400e93c4b46d3c0427586cd50","sha256":"c964ebfa5bd3111469ce26c8ba3c68bb61e9a5581bc3efc040e0428e97d7a3c4","sha512":"e18371d2a214e1756ed516c66fd28e684541ce9f6da2f042d2a1399cd5b5849e6fa1abe890d8adf2ffa9a0797f54cd7a3603a243f5dc23a6b472f1459d1e53cd","ssdeep":"6144:wg/xbI5Pz6FfU+esssCmAzdMlDKQqaMBJphoO:jxKPuVImAzdMl+QqaMBx5","tlshash":"f3643ad932d6f0a143e7a5a4407f100bf23a6c15b84d9458f6a9d4e63cb889b427bf3d","first_seen":"2026-04-02T15:37:42.899597Z","last_seen":"2026-04-11T18:34:05.962914Z","times_seen":61,"resource_available":true,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/enum.DZ4s6Hb8.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:05.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/enum.DZ4s6Hb8.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalEventListenerIndex.BQaDkeeJ.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E101B8FA313524CF86\r\nvary: Accept-Encoding, Origin\r\netag: W/\"7DC8363CFC6A05184E3235CD48D3FCBB\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2269259784238930174\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: fcg2PPxqBRhOMjXNSNP8uw==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 66d90ac3fb6f51eb93bfcd938202ee02\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":299,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"7dc8363cfc6a05184e3235cd48d3fcbb","sha1":"575b30d834843216571fc7d69f95e524f36fd1b3","sha256":"222e1d08a78dc825ee32e45438686d6824fdafaedac1dd8f079899d582250a0e","sha512":"3f6b01ce008bb7f595c11a1b76d6c79c7802e283060aedc89691f355e2439abc57a32b04737c6465716ebb09d91900e4c595a2ce6d2423415fee832612d5af8f","ssdeep":"","tlshash":"5ee0ec830264ae9cb8444d5adbb8988162e12ce6cfab32de0bd91a6734c1bd44cd8015","first_seen":"2025-12-23T10:54:41.061691Z","last_seen":"2026-04-11T19:41:53.637996Z","times_seen":4431,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.73.104/ipacdn.txt","fqdn":"146.103.73.104","domain":"146.103.73.104","tld":""},"ip":{"addr":"146.103.73.104","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.73.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 08:26:21 GMT","end":"Sat, 19 Sep 2026 08:26:20 GMT"},"fingerprint":{"sha1":"67:2E:D1:B9:EE:0D:12:F9:62:C4:76:82:44:68:26:BA:9A:11:B9:8D","sha256":"40:D1:DC:63:7C:DC:81:EF:9F:B5:03:78:00:E5:0B:02:C4:8C:B8:60:66:B1:23:54:4A:A6:B5:02:29:CE:4C:F3"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: 146.103.73.104\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 jp184:1 (W), 0.0 PS-HND-01MdG15:18 (W)\r\nx-px: ht PS-HND-01MdG15HND\r\nage: 18669049\r\nx-ws-request-id: 69da93e3_PS-HND-01MdG15_17297-44123\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":1266,"timings":{"blocked":504,"dns":0,"connect":250,"send":0,"wait":253,"receive":0,"ssl":256},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.DBczgYj7.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/LoginRegisterIndex.DBczgYj7.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E410000032392C05D9\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6985113427340621631\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: SQ1PyBv7moZQRVas03O4QQ==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: f78998870707a20eaf1165285bfea468\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":22419,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (22418)","md5":"490d4fc81bfb9a86504556acd373b841","sha1":"03255ecdb4cd31480e6460c4822724d39f6baf10","sha256":"461b35b27031aaa9812f59820dfe0c5b1335959bfdb347882b03090138c64724","sha512":"e1186817806114685b049ed775b552fd2225b72e4c4b4b1463301a3eaa24958e029dfc0113512da55b540eaddf470323fc7d08940751742a82b9fff3cb7f2139","ssdeep":"384:Bj3VFTGE+SXrSXQSXISXBSXeSXUOtHtHuHKHjHzFjtgNg/9/Yzoi1XgKgS7gSSgE:JVUwHtHuHKHjHzFjtgNg/9/Yzoi1XgKc","tlshash":"38a2a00ae52c156b1d82a4fda8c628fc154f6c1d8c04cb6feeb15f87498b359a339e71","first_seen":"2026-04-11T07:57:01.952012Z","last_seen":"2026-04-11T18:34:05.971911Z","times_seen":27,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_SettingChunk.u0m4ptHM.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_SettingChunk.u0m4ptHM.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E4CD9B343838D48245\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10932933703646755679\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: YfZhsli0hlkBACIdiXmV2g==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 8b164fee1254a93e255b415f254f2bfe\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":60268,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (60267)","md5":"61f661b258b486590100221d897995da","sha1":"48a5a77ebab408e19ed58cbd42fc9089ca82ed9c","sha256":"fc7cbacc8459bb59bdf0005a8fb5e7e71c05960fb6f6fcb80c11879c3b693e3e","sha512":"acef4fb27306e1562daf0b47005655870b00e469fcb76d4b270341fb9b4fdaf7802e22ec4db91607d2bfba35f608b6c3312ad80a4f89affb0d758b3134e29a82","ssdeep":"768:pCS4JkEdvPdXSYGa2xJ1vGcnQ71gBz0hv6vii7ZO5AgFcxwjAgFN5fJn9xbk/6T9:pCv015Byh/+7c+P/U","tlshash":"57436c48b8fc91fa677a5ae8a0aa4410662ca799c010e8f5d47f5b9017fdfd0b1e437c","first_seen":"2026-04-11T07:57:01.977819Z","last_seen":"2026-04-11T18:34:05.955506Z","times_seen":27,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/CustomerServiceDomWidgetIndex.DJlYGdWp.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/CustomerServiceDomWidgetIndex.DJlYGdWp.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E601B8FA31354BE386\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13850400364664280809\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: aQfF78K6VHbjt9EecVoZzw==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 070c8a9e58aa44c2ff858c52946c9856\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":6274,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6273)","md5":"6907c5efc2ba5476e3b7d11e715a19cf","sha1":"90f1ace592846136d6a390bb77c130dece1c62bb","sha256":"5909da4f060ff64245dab392b2b3ca2436650b74b0d6fd139e1e9b324fe27b97","sha512":"373646a409382a51b63e3da18e33ebe98e36edfd2ced8e540a9e79bff111f03c58602c9674b8b325ddd5e1ddece1488a3fba52a56962caa7619ce4462bdf4c93","ssdeep":"192:RanNqcNNCRPTtAKEnHmQ5KyhJdbNl6Vy0YtI3R:+NqcNNCRPTtAKM5KyhrNwVy08IB","tlshash":"afd1ea64623350744eaadbdbb17ca3827575028db907c0b875fd4f66a984cc33236e7a","first_seen":"2026-04-11T07:57:02.015768Z","last_seen":"2026-04-11T18:34:05.964697Z","times_seen":25,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/gohal/heartbeat","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/gohal/heartbeat HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf217759323941916914e337d7b090f07cbf1e90df8af41b0b6ac87a5;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-fnc2j|bd62c5af0b0c2645b00cd16ec169f830\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04DFS81:8 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04DFS81SIN(origin)\r\nx-ws-request-id: 69da93ea_PS-AMS-01QkJ103_53875-28695\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/libs/browser-media-match@0.0.6/index.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /libs/browser-media-match@0.0.6/index.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DE6AC59032347B6905\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:45 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13106139430498415699\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.47\r\ncache-control: max-age=31622400\r\ncontent-md5: brxcA4Gn1egzJNj0T74FWg==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 02ffe7075c37644c19513899464e39c1\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3248,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3248), with no line terminators","md5":"6ebc5c0381a7d5e83324d8f44fbe055a","sha1":"716c0c49b5eed05fc5752e658e280a37b2eca14a","sha256":"048412edb70558ba3a98abb4c3b99982679f8a941df859d41b2f18e0f56fde56","sha512":"8ccc49138cb761ce38fe430bb63386fb187d6d8b25ca56c4cfabc915fd81b5eb38356c4cf7d3f522aac5fff047327db27e99f5141bef65c3cbd72c9e32d462e4","ssdeep":"","tlshash":"6e611f69767ab5194616b0b0998fd009bde9ad3613cc4845822d88f4f8799f8473fdcc","first_seen":"2025-06-26T13:19:27.401603Z","last_seen":"2026-04-11T19:41:53.683379Z","times_seen":12709,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/statistics/domain/pointer","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/statistics/domain/pointer HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccaf217759323904564968e337d080d9ead36a02b4d2a12317d72645c4a;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-rdl6b|29fb3b34a01d8b8c727874eb5a4134d4\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04DFS81:8 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04DFS81SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28542\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":391,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.73.193/hall/api/agent/promote/linkSetting","fqdn":"146.103.73.193","domain":"146.103.73.193","tld":""},"ip":{"addr":"146.103.73.193","port":443,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.73.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 08:26:21 GMT","end":"Sat, 19 Sep 2026 08:26:20 GMT"},"fingerprint":{"sha1":"67:2E:D1:B9:EE:0D:12:F9:62:C4:76:82:44:68:26:BA:9A:11:B9:8D","sha256":"40:D1:DC:63:7C:DC:81:EF:9F:B5:03:78:00:E5:0B:02:C4:8C:B8:60:66:B1:23:54:4A:A6:B5:02:29:CE:4C:F3"}}},"request":{"raw":"OPTIONS /hall/api/agent/promote/linkSetting HTTP/1.1\r\nHost: 146.103.73.193\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0ccb0717759323848832176e4aac01415050a1ad2eea6062b591f7be5593;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-7965p|beaed57a9f9415483635a03098f5cbae\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,content-type,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:2 (W), 1.1 PS-HND-01MdG15:6 (W)\r\nx-px: ms PS-HND-01MdG15HND, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e0_PS-HND-01MdG15_4972-42809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":1497,"timings":{"blocked":555,"dns":0,"connect":263,"send":0,"wait":346,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgmnhajzfh.appuhy8rmm.vip/ipacdn.txt","fqdn":"mgmnhajzfh.appuhy8rmm.vip","domain":"appuhy8rmm.vip","tld":"vip"},"ip":{"addr":"45.125.14.216","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgmnhajzfh.appuhy8rmm.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 15:53:15 GMT","end":"Wed, 24 Jun 2026 15:53:14 GMT"},"fingerprint":{"sha1":"AB:DF:49:A7:9F:72:A7:9F:40:E2:56:0C:4D:B2:BE:7C:16:96:D7:39","sha256":"AB:92:0E:82:2E:44:BD:12:0F:E6:A9:88:C3:E1:33:6D:89:D1:CD:65:43:4E:DD:C7:C1:0C:B9:E1:64:32:30:67"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgmnhajzfh.appuhy8rmm.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\ncache-control: s-maxage=315360000,max-age=0,public\r\ncontent-type: text/plain\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\nset-cookie: acw_tc=0a0ccaf817759323877966294e5d3bc0ed8025e08e6be13cba04e6fbb7d6f0;path=/;HttpOnly;Max-Age=1800\r\nstrict-transport-security: max-age=31536000\r\nx-cache: BYPASS\r\ncontent-length: 2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":129,"connect":218,"send":0,"wait":303,"receive":1,"ssl":228},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromoteChunk.BsY6rJig.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_PromoteChunk.BsY6rJig.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E4CD9B3438384E8045\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2790406758382704950\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: tT5FjBuhQ8QtcWvoaJxX+A==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 9c91dc1c446f35f6865285b91c8d4b5f\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":279186,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b53e458c1ba143c42d716be8689c57f8","sha1":"2b579c88080699436d9c8ad4ca66ad84fc62b750","sha256":"105e5f27df4be76faaac7e070bec4e4050ad1da0dbb65bb52f65cc6082d27b13","sha512":"b22bbcb6c7da100eb89780e213c488b4e7371816942ee44b70a6b889bdda0c761d833fdbc7badcde6762a7d45263ae2405a016f0d335669de41647c5547e157f","ssdeep":"1536:7+/ixZ18HGehwQIpLV0gsDfUha4iyOxoJQhsLkwwcJMel9+WLiLZ+8mhXJkzOzrx:C/cLpGakmxdCa","tlshash":"4054c65a8930b17bdc2fc132b9e6dad8a195a040c52605eebb371e3d47cbfb538b1059","first_seen":"2026-03-26T15:58:21.706009Z","last_seen":"2026-04-11T20:47:49.771595Z","times_seen":429,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/lobby/publicityInfo/list/language/zh.json?v=1775589397","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/lobby/publicityInfo/list/language/zh.json?v=1775589397 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E501B8FA393837E086\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Tue, 07 Apr 2026 19:16:37 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14918927885362989692\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,public,max-age=0\r\ncontent-md5: nODML7xFoFaajiMnqxyXrg==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 5f6329f54b4e444744b8af15ff0331e0\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3480,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (3480), with no line terminators","md5":"9ce0cc2fbc45a0569a8e2327ab1c97ae","sha1":"68efdd9a3dcdc5a807c6a13d3b1153e73bf13853","sha256":"de43cfab903d333a3254fa2cae146aacd1377b23c55e0dd8866cc949f5fcc68c","sha512":"833a0f1654afea7c0ace6dce98990ddd0863421d9ca55f44000cf6e9087feab95ccaaa45bb1fb0fae2e9b22798185cdbcadfcfefb326b283945ff7de4ed8e387","ssdeep":"","tlshash":"57718d1598049eab82818b23e4699b57062483d78c3feb8db18057e2ff0da6fe5010fc","first_seen":"2026-04-08T07:13:21.526125Z","last_seen":"2026-04-11T18:34:05.994798Z","times_seen":30,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/active/isShowV2/default.json?v=1775925603","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/active/isShowV2/default.json?v=1775925603 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E601B8FA3135D2E186\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 16:40:03 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12487936220136950610\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: POj77rZqc0aAIjP0j9tv+g==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 29a696df3dce2d3134639caf34cb1a58\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2008,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (2008), with no line terminators","md5":"3ce8fbeeb66a7346802233f48fdb6ffa","sha1":"6ec60d6ff90d1d3148d9789909fa17e1d14fda6d","sha256":"a3e58be9144b02baaa3f3702ae5f2137f3f97917b0b6aca3e72bc598b8baaf7e","sha512":"cd5fa51e2500d84461e0c801dbfa2d2773b68c517eaea415cde183c8f4bf98b22a266cbe8334c96ae403ad9de1bb31e9c6a8a5ee6d6c8b64645410890617fb1f","ssdeep":"","tlshash":"bf41e8e624d68508c7f3d2abc56c5e0726a447eaf9982f96b26e0c68153e407767c190","first_seen":"2026-04-11T18:28:36.007826Z","last_seen":"2026-04-11T18:34:05.952797Z","times_seen":24,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/layoutDesign/1995442336439889921.avif?swRuntimeCacheName=images","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/layoutDesign/1995442336439889921.avif?swRuntimeCacheName=images HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: image/avif\r\ncontent-length: 59753\r\nx-oss-request-id: 69DA93DE4F0FE43635C2BF05\r\nvary: Origin\r\netag: \"382173B0895E694B925A1374845715D3\"\r\nlast-modified: Mon, 01 Dec 2025 10:38:31 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10110454726901143479\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: OCFzsIleaUuSWhN0hFcV0w==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: fb0b87bafad5283286618a60679d667c\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":59753,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"382173b0895e694b925a1374845715d3","sha1":"f217f0e93b4418b5b9e800cb3cb73ff687711057","sha256":"f85213062c0bd4206f8caeff3335aa4cf97ab34af8781bb92147e6f48e306bab","sha512":"53486995810bdce54cdd448948e15b02df0ebb0a17144eeae9553bac8fb16efa0e90d2bbd8cb538a99dcb8004d6112053f5964e49e4dd3a7d2c000c0f5c58150","ssdeep":"768:udCm4TQ579l+W0lMzp4Y8GC4RKcZ6Hlmlcr/eQ9pVVLBLCVzPrfO1O/PyUWANIg:udWc577+HM1z8uR3ilos1BLCVz9yUWyv","tlshash":"e443029149084673ef9d4fbc03fa051a1326a0e3267df085319dfe6b64969b8e2dfc20","first_seen":"2025-12-02T05:51:31.707722Z","last_seen":"2026-04-11T18:34:05.960037Z","times_seen":288,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-stable.COsUG-6a.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/vendors/vendor-stable.COsUG-6a.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DF6AC5903234BA6A05\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:44 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14890409485303504954\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: dD68Lal/Q6wj3miiSGYX5A==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: e0a478479bb96405fd660bdf70dd1468\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":433918,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (59463)","md5":"743ebc2da97f43ac23de68a2486617e4","sha1":"0bec950bd1692a9e15d860528417ec147bbce019","sha256":"06237eb8497d5d253bdccdc4e2bdf95c17a566b57d36de8113d269a4ac5e4da7","sha512":"ca93b37d91b9774385c8b42f41e89fe30c3716205d2cda129b275fe9d2e5a3839df92f7010f888702765d04933518bafc88b6c45ca78a693873a50b71d399d78","ssdeep":"12288:UzSHwFcVGMGi35FHE7rWGWAfTRu2b3Guocm:UkwF6GMGi35ZCrW0fTRua3Guu","tlshash":"9d9408d872e2b06243b729f0407f010bf33a6955384c9494f1a9d9da3d7a91992bbf3d","first_seen":"2026-04-04T14:10:15.131722Z","last_seen":"2026-04-11T18:34:05.977944Z","times_seen":47,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FloatBarIndex.nFWC6Mt1.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/FloatBarIndex.nFWC6Mt1.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DRl68tbz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:05 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E05D88673136A00962\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7336644439445796005\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: b7VLvQi2bZzBwqEn8qhx1g==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: cfc9e5e161a95eb5b30274510f16bcf1\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3839,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (3435)","md5":"6fb54bbd08b66d9cc1c2a127f2a871d6","sha1":"bc269ca7af0cac219fe6c33dfea2957a0997c9d9","sha256":"5cfa0f34d9aeca5cba1528c35c79174a6498d400579c2bf1832cec5eb67de829","sha512":"958e14bad8da0c2118b04d4ddb6c50cc135318f415d7777c5142daf04d72000fa9412639f5f505ed387611880fedcd6e69daef2ef7d669cefb8be92c3e17ba61","ssdeep":"","tlshash":"ef813b4f30d935b4f1e68559c0797c924a0c67925141c4e1e2ff1c382292dd8e05ffe5","first_seen":"2026-04-11T07:57:01.95708Z","last_seen":"2026-04-11T18:34:05.97486Z","times_seen":28,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/comm_icon_hide.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/comm_icon_hide.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E55D88673136B41B62\r\nvary: Accept-Encoding, Origin\r\netag: W/\"37299DC7DF43B6E7E43C7EDD9CF5DD5A\"\r\nlast-modified: Wed, 28 Jan 2026 13:50:49 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5454729927980148248\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: Nymdx99DtufkPH7dnPXdWg==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: dea1e86b6ee39c3d69babe7784981173\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1197,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"37299dc7df43b6e7e43c7edd9cf5dd5a","sha1":"d96ed94ce13fd946f2f6342b74b0abd8c86aaa91","sha256":"2faac1129068f22761b05f4e1497fcb63269301d8bd38f7719a5f1362526eaf3","sha512":"da024ecd4c8a7bb3ce89c6be3ff9e1b842380a680d37687e6dcc8e54b0506fc9d81b2b1f7b1d70bd9127518c67c324fbc04dc7332ee0b33306443dd89b8b916e","ssdeep":"","tlshash":"c521caf325a05dd449408fb846ad68ac2b7ff2fab36198d467662c610b980e328dc960","first_seen":"2025-04-07T01:42:52.857743Z","last_seen":"2026-04-11T19:33:23.038658Z","times_seen":6423,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/netstat/attribution/match","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"POST /hall/api/netstat/attribution/match HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: chipher\r\nx-request-id: 972a6ec3-2564-49af-88ec-c0cb902582c7\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932389\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 448\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":448,"data":"37s3d38l9xZ5q4eqnb3ooSE0KB3ZLD0lhBzE1hvLZVoegXCjgre+ooGp/z/KeqClfOA8vTRzqPLADrxR43YcuoGtDhA0iwduGkDqec0eLnbK1SZDoh9PgQkWo39jdcejMuFjv2DojGfHtzQP2D4+mJF/eZCKM0A1Zfttt8pp4hanhIXgvMZxp2qN1WTCGr7+dB+joW0Qk6I3ujnDJvDjwY2ezhNheypZHA/plJAOa1Fgbd/VfO0uAV/YNlzNK4UWkCUcapYiuVSx+AfJF+jy4TDy710iZk41wMOXS2+U8uIVn1734brG4YWuZt1yOIigcDm4DjbeuqrPU3TSwjddLMgoNgWCEy79Tld+IzCBnBm7Kfgr3TULJpR+SmCePBqZihf4GycUI3j7rmsfn17FPxCUutA0K7uhxA1Y6TaUKo/77OcDbjsx1Gs84JWI4MVB"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 128\r\nset-cookie: acw_tc=0a0f6b8717759323908352077e5fa33b53f31b1304911d06bfedbee23c3c99;path=/;HttpOnly;Max-Age=1800\r\nx-trace-id: 08f880eb1bf6b7a886c2b00a06317a36\r\nx-env-apisix: 0\r\nx-env-go-biz-netstat: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-pp87x|9e183a117c47d328708abd80d1166033\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:2 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28564\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":128,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"d1707e29bc1cee301c35fb280f394689","sha1":"edc6d7651e45be72e82f36902b82efbdccbb6fce","sha256":"132f4b3fee5343480b877e171a26aa1b2bee6410144a2180d6dbef5ca917f427","sha512":"dcac4b60fa8fc0ab32dbf96e0c1464a8571ef88fdce76cfa85f88199f6c6968185fc4d7c77bf723fee7a048da35b20cf2f47568c2f9b459fa1b3547655f7f971","ssdeep":"","tlshash":"18b02b40b0d12ef9d8550c00f56f97814c004d00100192309740c0c20f7071d4403101","first_seen":"2026-04-11T18:33:40.296977Z","last_seen":"2026-04-11T18:33:40.296977Z","times_seen":1,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/cocos/lg/favicon.ico","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:03.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /cocos/lg/favicon.ico HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: image/x-icon\r\nx-oss-request-id: 69DA93DF829A183239E39361\r\nvary: Accept-Encoding, Origin\r\netag: W/\"9B4027ECB48B8E7E298617E9BA478660\"\r\nlast-modified: Mon, 01 Dec 2025 10:40:08 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7720984913608656026\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=86400,public,max-age=1800\r\ncontent-md5: m0An7LSLjn4phhfpukeGYA==\r\nx-oss-server-time: 2\r\nserver: gocache\r\nc-type: pf\r\nrid: f79aed89cfbf45c6184421257fb21137\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"9b4027ecb48b8e7e298617e9ba478660","sha1":"95b96780d5671434d9f3712e5142a4b23b56e0b9","sha256":"8eacaaf35e57d7b820d9c38363e0263135794810d6d84faff115fb54aa3fe64c","sha512":"d9e41215f74953202ff74bd108d57b7b93b30d2399cdf2db604243fc0110084e87434889ce8747a584d671822557ef6422a51e6fc9fad836fa31aebfe2fbb601","ssdeep":"96:p7qjsBiWcxOWHic6IYvC4tezVyW7SL37ob:pejsBcxkDIYvCMezVh7SL3","tlshash":"8991fdc4c28481d1fca89a7425771c6521af3e6aadb42b4ca88df65237b74d71473c1b","first_seen":"2025-12-02T05:51:31.725629Z","last_seen":"2026-04-11T18:34:05.960601Z","times_seen":288,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/cocos/config_data.json?timestamp=1775932384075","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:04.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /cocos/config_data.json?timestamp=1775932384075 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:04 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E05D88673136910862\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Thu, 02 Apr 2026 12:56:04 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10114661774832019939\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=86400\r\ncontent-md5: 9bellJQnh7wa08eqw7EpWA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: fae24f2be1bc71925263d295fed17724\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":6080,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (6080), with no line terminators","md5":"f5b7a594942787bc1ad3c7aac3b12958","sha1":"b3e84a386a9ec023e281a8b77e744552025f8f22","sha256":"176b5dc48574ff118eb164d6370604a8d3038b8f01b15da8e7ec539adb6fe239","sha512":"925611d41ee5132ccf63378256125adc8239ee2d0ed873e27c285dbc59e7faf427f857cccee5b01734a8b0a83f65752c360225c2f84c4970a55b561e1d7bdc67","ssdeep":"96:t2JNYGt5ddY26zTyI+ntlpnmn/3Yt1OuVOiKpRVLeoaXZrQsNKpJCkyiKgl4:AHYGndXZI+npy/3duVgp3SrXp1NO5rKT","tlshash":"f1c17e6848f93bf800a12f9b70efaf6dd814cf274dd6289861537d25f2ad142a385c28","first_seen":"2026-04-03T12:20:41.704594Z","last_seen":"2026-04-11T18:34:05.951442Z","times_seen":56,"resource_available":false,"data":null}},"time_used":776,"timings":{"blocked":368,"dns":0,"connect":0,"send":0,"wait":408,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromotionChunk.DFA9zug6.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_PromotionChunk.DFA9zug6.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E460F7333933F08190\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14619645097234285032\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: aOhoRXFbcaqdUazLvceW+w==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: c2883918455e237379c90fd7927fff07\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":185096,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"68e86845715b71aa9d51accbbdc796fb","sha1":"81b571f8f865c06545fc58ef4db47d347455877d","sha256":"1ca74191e779c37623db0d9a5db9c5ff7c93f6b4b13bff2b4988855c2a4479e7","sha512":"52c14bbcacf2698a3490c8fed27b4c183de96cc94bc682226adfb61a67670bd6175b0412d8877f511673cc7acb7d603ad5dd99da952359256c198c7ee5bed8b6","ssdeep":"1536:ANRc8sp/Vw1hgBLYVZXpHqssx/ZlcAE///d/h/El/9/u/HkLuIj5XNi1nRuqSKwg:ANG8yLYVZXpHqskYkLuIjdw1nJ","tlshash":"31040a5bd7317136ac2fca39ba81b2e85195a040c603c1a5ed936e3dcfdb7f6253058a","first_seen":"2026-04-09T13:58:04.691206Z","last_seen":"2026-04-11T18:34:05.988495Z","times_seen":35,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/1_PromotionChunk.6MoBCaV2.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/1_PromotionChunk.6MoBCaV2.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E401B8FA393802DD86\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6857207984597398606\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: st6QdLvuhjz/IIQuYIJ6yA==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 60e80c6c656a2d311cb2a757add29bd2\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":275900,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (41107)","md5":"b2de9074bbee863cff20842e60827ac8","sha1":"d582a0fdeba56dec98a9351eb6f3f6241e558720","sha256":"4437d7dd41a91a405cab3b5ec741ec28999fe38241ca459e65a8fabb5e5e0f3b","sha512":"a2a23b313d8032f2ffadb74d840e4b4d4c08673c25806777e45118f7369f06818936e1c0624ef6ef28241491c0403d771a3a456edd5f809067bd2bad5634f15d","ssdeep":"6144:gPOKujudsJGhEPEebDtGvwvAExMaXadEezmcP4Sk:VjudsJSvw7AdkcP4H","tlshash":"5a442b4df06ea1b5fb795c18e0aa056166682bc79010e4f4b0ff5f30238df64b2a9779","first_seen":"2026-04-11T07:57:02.013323Z","last_seen":"2026-04-11T18:34:05.98974Z","times_seen":27,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/input_icon_mm.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/input_icon_mm.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E568A37439327E6B4E\r\nvary: Accept-Encoding, Origin\r\netag: W/\"85D0D0BE71D95C657B2A4ABD510EB074\"\r\nlast-modified: Wed, 28 Jan 2026 13:51:48 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16158492568346811360\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: hdDQvnHZXGV7Kkq9UQ6wdA==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 426f463e7ed8c46598d5bef3c716102e\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1740,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"85d0d0be71d95c657b2a4abd510eb074","sha1":"91febe4ca32da28f5c832501814e98aa5d992fd1","sha256":"e68897d1b41f233bed3f779f7b3b939bf67c9ca818fadb935b70775ae54eb5ce","sha512":"c55a9c0f9b857c9bb55b881e992634979a3da387d40861318a75a014e14d580ca679add1b00ce519055a54baca4e1275951831e2edb0b92d5cd85e06ebfa8254","ssdeep":"","tlshash":"5531acf6489564a150208315dbecfd88ba7dd2da7be401a4fb6c658c6e302cb367d240","first_seen":"2025-04-07T01:42:52.75959Z","last_seen":"2026-04-11T21:26:12.972171Z","times_seen":8288,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"riskct.geetest.com/g2/api/v1/pre_load?client_type=web\u0026appid=9ia4hndgblg9xihxcwgdjt9ztg8sjwaf\u0026callback=geetest_1775932390661","fqdn":"riskct.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"43.159.108.100","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"GET /g2/api/v1/pre_load?client_type=web\u0026appid=9ia4hndgblg9xihxcwgdjt9ztg8sjwaf\u0026callback=geetest_1775932390661 HTTP/1.1\r\nHost: riskct.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript;charset=UTF-8\r\nserver: TornadoServer/6.1\r\naccess-control-allow-origin: \r\naccess-control-allow-headers: Appid, Client-Type, Api-Version, GeeID, Content-Type\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS\r\naccess-control-allow-credentials: true\r\nexpires: 0\r\npragma: no-cache\r\netag: \"fa7d6b9078c23c61c94bce3ca6c04c4dc97d2df7\"\r\nset-cookie: g5_ts=v1.eyJ0cyI6MTc3NTkzMjM5MTIxNiwibiI6IjczV1pPTVUxUzFONiIsInViIjoiZGI4N2U1ODIifQ.6f177ad15dca372a0f2baa262fa6c4b4ef812c350c06c0bfd8e31b2894066f01; Domain=.geetest.com; Path=/; SameSite=None; Secure\r\ncache-control: must-revalidate, no-cache, no-store\r\ncontent-length: 304\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\neo-log-uuid: 2822307835727379133\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"TornadoServer:6.1","description":"","website":"https://tornadoweb.org","common_platform_enumeration":"","icon":"TornadoServer.png","categories":["Web servers"]}],"data":{"size":304,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (304), with no line terminators","md5":"a5daa8909a3bf4c22f7d580ac77fc2ff","sha1":"fa7d6b9078c23c61c94bce3ca6c04c4dc97d2df7","sha256":"03d579bcf37d5c18d840599424e65c8c526e528466793b7cb537afe0074caf3a","sha512":"478ae57a0a3aa0c35f46b59081146ce232f16b710a8aab4b6503a8e497777324add3db561a7869638915dd13cc62b0902dcb1f3e8d7ea66bf380eb1eeb4ef670","ssdeep":"","tlshash":"70e0e70c08446df20c29bd907c29457651d433b548313ce4deec1f30c947174f15a810","first_seen":"2026-04-11T18:33:40.303051Z","last_seen":"2026-04-11T18:33:40.303051Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2971,"timings":{"blocked":1419,"dns":735,"connect":19,"send":0,"wait":129,"receive":0,"ssl":666},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/vendors/vendor-swiper.C2cEjFFH.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/vendors/vendor-swiper.C2cEjFFH.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/index.DMPbKmRp.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93DF100000343446EFD8\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:44 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18419118515342464328\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: F8y0E0ahxKHo2IeXzud7kg==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: ca17d0b0e8e15442f742b6788a7963ac\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":111839,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"17ccb41346a1c4a1e8d88797cee77b92","sha1":"b6e962ceec5902ab497d54b1e17e85b3f6a35725","sha256":"d9a6a0674919bb7b10ed67bc00703435aa9c088b4d2db245e5475ced88d7fd12","sha512":"75f774000a45722efbde75ddc63dbc650db69b6d49cf668d8ce57ad1e996ec1b817ef487c09a1e89ae203ffd4e17faf2a950b787fd8534e476626975163c7f5a","ssdeep":"1536:rQTfptbBsn1gjg7fPBD54e27vTBZdPMoFtqByBlxvHA+CEIk6XiA6wKKvMPX/BEh:czHYfPBmxHBDqBpIRzPexSjw","tlshash":"3eb31a89a224757742fb1ada83758201b2b04854f809d4e4b0fd9d7f497e99803aeffd","first_seen":"2026-04-04T14:10:15.145505Z","last_seen":"2026-04-11T18:34:05.946707Z","times_seen":47,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/levitate.BmLj5Yg6.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/levitate.BmLj5Yg6.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/GlobalLazyInitIndex.BQlcIJGe.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E601B8FA3135F4E086\r\nvary: Accept-Encoding, Origin\r\netag: W/\"C901D0B87D566A41F07A8A9718A05136\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4968131683663736970\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: yQHQuH1WakHweoqXGKBRNg==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 19042b29b04b8de09b6f1b6a5ca0d19f\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":364,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (363)","md5":"c901d0b87d566a41f07a8a9718a05136","sha1":"b4cdbc0ec16e821b647e31e0504b68b7156f68b0","sha256":"f252a0774ac9686b77df76ffb391111afc48d7ec6556169c6f65b204c714fa33","sha512":"c7950c5a874a0a76939f08abbd052452857949ac2f0aa28f2a8c34964caa7376ca3dd930ade2c44a8e8d12f3ae175f53a09fa035683c2f9cc794652907a0e708","ssdeep":"","tlshash":"72e0c092385274f03bb20cf0c33da89b40600735390155e435de196176221743fafce3","first_seen":"2026-04-04T14:10:15.08701Z","last_seen":"2026-04-11T18:34:05.966587Z","times_seen":43,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/76-0-7/assets.hash.json?timestamp=1775932391071","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:11.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/76-0-7/assets.hash.json?timestamp=1775932391071 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E768A37439329B714E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Thu, 02 Apr 2026 11:32:21 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12466478358748321408\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,public\r\ncontent-md5: mnAK2iqbRpyw4KBzltgIhg==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: f125c9aae82307d327a54a5915a7b908\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":222757,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9a700ada2a9b469cb0e0a07396d80886","sha1":"9e14d9aab96222c53000363fc28df31eead04172","sha256":"87570715981e79b56d7cf2afe79d0d424a35cef617c41dea0bf419c5ccb0745a","sha512":"dea0766b0e0599a556f25724e155f1e8fc419f7a6a1717c0706ad3e83e5f7154ec89bb2dee54e5c1f61e3d1f9e80ecd57319b2a4a9b80e2d05b559a4f3d71bfa","ssdeep":"1536:qGaGr6Lggi2p/fH+s/C/Fzimw/mkARJk5Hi5gx8jgXQ5q1T4N0vhDe8rNv:yg8p/fH+sadi7OHjgXQ5q1T4OvV3rNv","tlshash":"0a24ff7252d8ec1272dd65f4227bbdd5aaa51f81e7801c41b07bbe21f4d3e048a1f63a","first_seen":"2026-04-03T12:20:41.663657Z","last_seen":"2026-04-11T18:34:05.994178Z","times_seen":54,"resource_available":false,"data":null}},"time_used":394,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":394,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"riskct.geetest.com/g2/api/v1/client_report","fqdn":"riskct.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"43.159.108.100","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"OPTIONS /g2/api/v1/client_report HTTP/1.1\r\nHost: riskct.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: api-version,appid,client-type\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\nserver: TornadoServer/6.1\r\naccess-control-allow-origin: https://695rdgnfw5f.18912244.com:20206\r\naccess-control-allow-headers: Appid, Client-Type, Api-Version, GeeID, Content-Type\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS\r\naccess-control-allow-credentials: true\r\nexpires: 0\r\npragma: no-cache\r\ncache-control: must-revalidate, no-cache, no-store\r\ncontent-length: 0\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\neo-log-uuid: 12887719075913952742\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"TornadoServer:6.1","description":"","website":"https://tornadoweb.org","common_platform_enumeration":"","icon":"TornadoServer.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":45,"dns":0,"connect":19,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgm5328330.osmpqbjtb.top/ipacdn.txt","fqdn":"mgm5328330.osmpqbjtb.top","domain":"osmpqbjtb.top","tld":"top"},"ip":{"addr":"138.113.211.7","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm5328330.osmpqbjtb.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:34 GMT","end":"Mon, 08 Jun 2026 16:26:33 GMT"},"fingerprint":{"sha1":"08:A5:61:2B:71:FB:58:19:F2:04:6B:59:2B:CA:61:8E:D1:3B:B8:54","sha256":"2B:58:79:51:B1:AC:3C:9D:C9:0D:19:F1:34:13:E5:61:0C:83:C6:F8:7D:9C:FD:E2:59:19:A2:A7:DC:FC:82:7F"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgm5328330.osmpqbjtb.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nvia: 1.1 PS-SIN-01RKJ185:4 (W), 0.0 PS-AMS-01QkJ103:21 (W)\r\nx-px: ht PS-AMS-01QkJ103AMS\r\nage: 9537169\r\nx-ws-request-id: 69da93e3_PS-AMS-01QkJ103_53875-28424\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":1,"connect":17,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/siteadmin/skin/lobby_asset/common/web/common/comm_icon_gou.svg?manualVersion=1\u0026version=v7.1.212","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /siteadmin/skin/lobby_asset/common/web/common/comm_icon_gou.svg?manualVersion=1\u0026version=v7.1.212 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: image/svg+xml\r\nx-oss-request-id: 69DA93E5CD9B3435322F8745\r\nvary: Accept-Encoding, Origin\r\netag: W/\"FB9C464A7BF2BB7D90C9CC20A8F5444F\"\r\nlast-modified: Wed, 28 Jan 2026 13:50:49 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10173272335333948012\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=604800,stale-while-revalidate=86400,immutable,proxy-revalidate,public\r\ncontent-md5: +5xGSnvyu32QycwgqPVETw==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: a7a64d1c6ef13a80584fce64f4955541\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":446,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fb9c464a7bf2bb7d90c9cc20a8f5444f","sha1":"be60d64def64da2c5cfd0414a00d2ff588c12b06","sha256":"e89fbe2caecbdd670f6c99d42aefe82b447d618c34df51f544f1acee61f52a7c","sha512":"8910c56ef8e500eff8d52d8aff1a06dba13314940673e1d96d9fbcf0fbca57a3ce2d07f199bb5336f589db90711279853fb32502309030f200d9d8fe3ce47c61","ssdeep":"","tlshash":"dbf0dc3643105aa940140f01638861ee63f8f092d46304c5f385230bd992d33623c1a8","first_seen":"2025-04-07T01:42:52.8507Z","last_seen":"2026-04-11T21:26:12.981188Z","times_seen":8895,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/backstage/customer/getWebTrans/language/zh.json?v=1775880253","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/backstage/customer/getWebTrans/language/zh.json?v=1775880253 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E701B8FA313503E586\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:04:12 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8449273806918611408\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: 4D9i44ZKTyO8YCbQR9VfNA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: a2304eaf4ae0c884b9d55742490d9021\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2034456,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"db2f924e88aceb6728fb6ca92a25dd9a","sha1":"81dc986743f42494daae84f0cb7fc11560d77e04","sha256":"bd23a6b418534400a0dbbbc8970a79fb796ac207b800a738f5bdc18dcb0b1e04","sha512":"46868677e01f239b173779a23059d0ba5fe8545641768ea857495f4a3fd6baf6fb484eb5d3e2247835376bd8ab5ae4f32c6752c54057ff8325792fde33108de3","ssdeep":"24576:oKWxtko/Xvu3M4S8cAXVkBndo8XaXsFJdM:bWs0Fs","tlshash":"aa250246ee9c75778c843ddc41fb36991f7a4293da8826b7c3eb570f22a05c61f28891","first_seen":"2026-04-11T03:32:17.165348Z","last_seen":"2026-04-11T20:47:49.688322Z","times_seen":67,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/useUserProfileTips.XUHbf1w7.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:15.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/useUserProfileTips.XUHbf1w7.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/autoDialog.C4xspLzz.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D; gt_local_id=C5YgoKFLtbA1cBz29ibmSpW//BUutWSOVT1Db/yOC2/d2a1UuNMIwA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93EB5D88673136A43162\r\nvary: Accept-Encoding, Origin\r\netag: W/\"D3AD3281F465763873C2ACB8CF2C5E92\"\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4383489791009318190\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 060ygfRldjhzwqy4zyxekg==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 5fbb1eba16ff8142ca2aad7c10fdc7e8\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":843,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (842)","md5":"d3ad3281f465763873c2acb8cf2c5e92","sha1":"b3340992e00ffc6b16cafcb0569a8b834c8ba4e6","sha256":"6d52decf16cdc9354e4c5269c812b5c875ae0e3e855d8ffb404f2539c9308bdb","sha512":"add3c84e43b43dcee633fd1886016dd50c3a94c206a9b301806f69a0e367bdbf3b61a7fe02894cd4eeb1c7edccada5ac72a0766364dc40640bad7ddec7a766a3","ssdeep":"","tlshash":"7e01ef2a589b9da5354c0cdcf07465b2865854a27114d1b0e0ff250b771a3dbcfea62f","first_seen":"2026-04-11T07:57:01.992646Z","last_seen":"2026-04-11T18:34:05.962329Z","times_seen":23,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/commonChunk.DUdGrg8s.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:02.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/commonChunk.DUdGrg8s.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:02 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93DE829A183239C98F61\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12769228502084225894\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: BX7OWoFAbQKin4Cda5lMkA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 5f86706d5e9ad528bc439c8f9689ec19\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":293840,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"057ece5a81406d02a29f809d6b994c90","sha1":"d24e4022f794e797f436506404753a2128203c5a","sha256":"223ee3332159838dadea045e8d197f6f00f6bd2d6eecaf034a518ffcf2b40eb8","sha512":"ee9bee37dbc703b38a07f544cebb90564553a20ba1e68a29a49f7c7d7a712f21ad4d9dcac20de869a29291d1cf3423a9db66bf3140ee9a4f5da9daa2ed559b8d","ssdeep":"6144:PFM+zWEJeQeKEMXpE9feRNh+h9bkZax71PiId6:GShcbkZQe","tlshash":"365419675a20703edd2b6431aadaabec9114e020d6139a8afd336d1f47c77f1163126f","first_seen":"2026-04-11T07:57:02.016681Z","last_seen":"2026-04-11T18:34:05.96779Z","times_seen":28,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/agent/promote/getIpBindInfo","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"POST /hall/api/agent/promote/getIpBindInfo HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: plain\r\nx-request-id: 7f8eff3e-ba13-463a-8376-7f8b13c7c5f0\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932389\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 74\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":74,"data":"{\"agentName\":\"422876378\",\"channelId\":0,\"currency\":\"CNY\",\"time\":1775932389}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 104\r\nset-cookie: acw_tc=0a0ccaf917759323898908652e5d3d4f0f08cb0dde3e0701ad50bc62c43bf0;path=/;HttpOnly;Max-Age=1800\r\nx-trace-id: b126f550abe956994fadcc1473a41d8c\r\nx-env-apisix: 0\r\nx-env-go-biz-agent-server: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-wgzrx|c09df5b9e09de673a92c4ffab3c33442\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:17 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e5_PS-AMS-01QkJ103_53875-28531\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"391e216ebfd7033c05c07f2311d99287","sha1":"815dfa8b1e99d0bb5a04adadda46a2508d5357e6","sha256":"314a505897294dc313316fb45c7ea54168aec1e379a84ae1b12333fd49b0627a","sha512":"97542b2e4008f4fecb40750a58ccfae0e1fa36322b787f48b0ef9ac87d439a49680831eeb3309270a3efb4630b8ac0f194293ba2ae0c7b6757bdd737b201e509","ssdeep":"","tlshash":"35b01240423c82838c11736950450990675f2207f866db7d9d5e0c14844917ea004d71","first_seen":"2026-04-11T18:33:40.311123Z","last_seen":"2026-04-11T18:33:40.311123Z","times_seen":1,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm7537346.hdyrw822fm.vip/ipacdn.txt","fqdn":"mgm7537346.hdyrw822fm.vip","domain":"hdyrw822fm.vip","tld":"vip"},"ip":{"addr":"45.87.41.222","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:07.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mgm7537346.hdyrw822fm.vip","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 19 Feb 2026 00:00:00 GMT","end":"Wed, 20 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"10:AA:4D:D0:26:F2:BB:8C:24:59:5C:06:50:F3:7A:83:0D:FD:8E:6B","sha256":"B9:D9:35:EE:D2:38:DB:42:8D:47:F0:53:A4:6F:6C:3A:90:FF:99:5A:6C:6C:25:86:86:8D:1D:67:89:CD:39:F9"}}},"request":{"raw":"GET /ipacdn.txt HTTP/1.1\r\nHost: mgm7537346.hdyrw822fm.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:07 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\nset-cookie: acw_tc=0a0ccaf017759323878664029e43234a12051fcf8d6b22ba29f3a2af8f7136;path=/;HttpOnly;Max-Age=1800\r\ncache-control: s-maxage=315360000,max-age=0,public\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-credentials: true\r\nserver: superedge\r\nstrict-transport-security: max-age=31536000;\r\nx-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-11T20:59:31.234535Z","times_seen":264621,"resource_available":true,"data":null}},"time_used":1473,"timings":{"blocked":558,"dns":482,"connect":23,"send":0,"wait":352,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/2_RechargeDialogsChunk.Dy0RJSoL.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/2_RechargeDialogsChunk.Dy0RJSoL.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E468A374393258674E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 861619405642682388\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: tW2sqONHggBS5l6jWKRtHg==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 7105040cbf320b34ed96bd7f867ee424\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":28461,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (28456)","md5":"b56daca8e347820052e65ea358a46d1e","sha1":"5013dbe8f1abafbb4aa25a56ebcf6bd2e30d44b8","sha256":"ff727d83d02760ae6a97f16afdb9f5cedfec2dd24f2983c7c766d7ac56850b4b","sha512":"99d250d0e612fdc387d49b62b29e60245adf96cb19ece4ee20b1173b5e143a5deea82b0b1f6e89e0ca0a0a30cc7112976d5f6577ea911afab31cc9479a48205f","ssdeep":"768:BrATrIfALXqijgmcJZ7f6Ln607a0tMRLd0CDlYKrGXnV3nXSXmJRWg5F:BrnuLn40tMR7lY5lv","tlshash":"abd2d74c79b9a679b6a99d6d60b71d72210c3f169000d8f0e1ff8f0023d5ea5b9e9339","first_seen":"2026-04-11T07:57:01.998806Z","last_seen":"2026-04-11T18:34:05.97735Z","times_seen":27,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/FastEntryIndex.D-x_uP1B.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:09.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/FastEntryIndex.D-x_uP1B.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:09 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E52A8AB237353CFA6D\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6349419342620982866\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: e9tKEHjeD/vutx23KieFIA==\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 0c88bc5d301f02a50159f6f76a634aed\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7612,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7611)","md5":"7bdb4a1078de0ffbeeb71db72a278520","sha1":"a5f7c1d21fbdf4b7bf76691c1fb80feae94e7155","sha256":"c0e98cc0b691a87858a4b31be38b7a2602c649550c3fa94844ee45a64d21b74c","sha512":"1fc8916da7ce1574f11b0e78a6e81d9755d58eb2b80b3e0263f7b988a95cc77e960016ce44c1ac5a71b7ce4b0ad213575d2ed266a1a6cfedf216c72b979770a6","ssdeep":"192:X+zBFWE8N6w//UUxeWbry2YXV+zdlaeWIuHBwpgIakRT0/fud0R0f9g:OznBGwwpgIakRT0+fq","tlshash":"35f185477a12323da517c4b37896e264b09ca1a1de039a44be639c114bdfbb135b22fd","first_seen":"2026-03-18T07:53:40.321678Z","last_seen":"2026-04-11T21:10:04.013874Z","times_seen":832,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/hall/api/message/popupcfg/currency/CNY.json?v=1775916343","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /hall/api/message/popupcfg/currency/CNY.json?v=1775916343 HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/json\r\nx-oss-request-id: 69DA93E601B8FA3135E6E286\r\nvary: Accept-Encoding, Origin\r\netag: W/\"E64139D860FD888179D1AD31F8D10243\"\r\nlast-modified: Sat, 11 Apr 2026 14:05:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9967830023115676243\r\nx-oss-storage-class: Standard\r\ncache-control: s-maxage=600,max-age=0,public\r\ncontent-md5: 5kE52GD9iIF50a0x+NECQw==\r\nx-oss-server-time: 1\r\nserver: gocache\r\nc-type: pf\r\nrid: 442e4552d8d19e2050aa845b0802af17\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"e64139d860fd888179d1ad31f8d10243","sha1":"69cf6ed923faf63a9856af6401376709e9ef05df","sha256":"ae96164621665b72730288aac001562740e1988f0b79e9708f2522797525e669","sha512":"a9395e1ad89d2fa3197240d89e7d008f9e9438125b6887f1f7591b3c775f7d2a852bc8f22ab19ee19e859ee361e022cc390a789d03ec9a9c1e4393f922d979c1","ssdeep":"","tlshash":"35b01273455075001228441d004865d64c1b4c41b001d46088290c50e467920884c6c5","first_seen":"2026-04-11T18:28:36.019619Z","last_seen":"2026-04-11T18:34:06.006936Z","times_seen":22,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/v1/static/v1.2.4/js/geeGuard.a624a606c405df21c58408882e276ff8.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:11.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"GET /g5/v1/static/v1.2.4/js/geeGuard.a624a606c405df21c58408882e276ff8.js HTTP/1.1\r\nHost: static.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9eac14064c4b5693-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\nexpires: Sun, 12 Apr 2026 18:33:11 GMT\r\nlast-modified: Mon, 23 Mar 2026 01:55:51 GMT\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD\r\naccess-control-max-age: 60\r\ncontent-md5: 1TWCcMwMh7x/dmKGBswaHw==\r\nx-oss-hash-crc64ecma: 9670507556249368874\r\nx-oss-object-type: Normal\r\nx-oss-request-id: 69CCC464989F153331BAFBC3\r\nx-oss-server-time: 3\r\nx-oss-storage-class: Standard\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":235846,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d5358270cc0c87bc7f76628606cc1a1f","sha1":"cb705c77b2ec68b0dad08e7dc8d9d0caf527ee68","sha256":"ce807b6386b096bba42c735e2121294ce23c316dc76e868bff1bfe64b4fcae53","sha512":"8f3531e1b9efd4f1d20e74ffd4169949044c241bd4ba0ecde9a96c1374d0999cbbabf3260772524b3e64697db8d65bea64d12cf135b94ca0c7f1f5af58c7e93c","ssdeep":"3072:D/QRZTobjaDx94pOBNnhH98FGSZvYK3N4asP:+zDxvBNnhH9cZ4asP","tlshash":"fe341cb4728d2d783532f92d7d3a1c0e64bc2cd4d9098360eb2fa1ec6e642d563b5627","first_seen":"2026-04-01T13:19:01.670436Z","last_seen":"2026-04-11T21:10:03.931153Z","times_seen":193,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":56,"dns":36,"connect":1,"send":0,"wait":142,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_RechargeDialogsChunk.CcFSbyIQ.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_RechargeDialogsChunk.CcFSbyIQ.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E468A374393257644E\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11256616889293026541\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: 1NHUW1yD0at+3n0FEn45TQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: c0b87256a0e63c005642d4bf532976b3\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":59773,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (59772)","md5":"d4d1d45b5c83d1ab7ede7d05127e394d","sha1":"9bca5dde77d330e3beb04a6b642e83e257545e97","sha256":"326b284526e21f48e621fb6f25d1f9de7a67bb8ca3d434d11f27cd50c999b2ad","sha512":"9fbbdeedf3b420e935aa77d7d96e5213297ece122a9809140a88992043961d37004f8309f3b5e0bf90470e1964b2021371919b1ce9ef59ecdbf8ed52bfada3d6","ssdeep":"768:WAY36tnXGQLxxKK6zlTTZ7l0O96JVj3zqMJ4X3:K36tnXGwxEKiR6JVj3zP6X3","tlshash":"a543c8af7b207239bd17db706ac297e46284b500c93396d6fd132e2a89c77b1282455f","first_seen":"2026-04-09T13:58:04.682173Z","last_seen":"2026-04-11T18:34:05.9996Z","times_seen":33,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/useSuggestion.BiaV77aV.css","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/useSuggestion.BiaV77aV.css HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/?id=422876378\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: text/css\r\nx-oss-request-id: 69DA93E4CD9B343532598045\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:42 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13096816459650075144\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: YertFi61gl7ZGj4ART8ItQ==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: a9c4a50fa21843e9aee634a7dc300f76\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1132,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1131)","md5":"61eaed162eb5825ed91a3e00453f08b5","sha1":"f366ef352601cb7dc5ef45be33195b02897fae68","sha256":"c8e530f9b88824133c6ab70495510996e0289d30f1f53956ca57da758a7122b2","sha512":"63c632ecce6a68d0344a507251195ac57b0954ae9a8d1ef05f380a9f39fd9f5272f35ebe5e0663550c50184e65fafb2b5daa8e1189eb22b7181cb32f785cab1f","ssdeep":"","tlshash":"2f2105439630323f981743ba9a82579c50b3ad8c5a13e232fd07ed1bda477e0187e0d5","first_seen":"2026-01-21T00:49:34.333556Z","last_seen":"2026-04-11T19:41:53.688777Z","times_seen":3090,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/netstat/attribution/match","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"OPTIONS /hall/api/netstat/attribution/match HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:10 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nset-cookie: acw_tc=0a0f6b8717759323906321976e5fa33691d6f5cd1b3c4962fcc1c06f23ab26;path=/;HttpOnly;Max-Age=1800\r\nx-saas-server-id: 844988bcd4-f8mmb|bbc415f20137567fcc1891b601c2407e\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: appsystem,appversion,browserfingerid,browsertype,clienttimezone,currency,device,devicebrand,devicemodel,devicetype,domain,language,operatingsystem,physicaldevicemodel,platformtype,sitecode,timestamp,token,webauthndomain,x-custom-referer,x-data-mode,x-device,x-object-id,x-request-id,x-version\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04A9N80:2 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04A9N80SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T20:55:57.946951Z","times_seen":13635644,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":543,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/domain/lobby/domainMatch?encryptString=qq4jdFZc4bd2NndAir6BGndLmyh5xAaLrEKYkgn3neBhpVVPL2TFB30%2FEB%2FqUkyd","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:10.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"GET /hall/api/domain/lobby/domainMatch?encryptString=qq4jdFZc4bd2NndAir6BGndLmyh5xAaLrEKYkgn3neBhpVVPL2TFB30%2FEB%2FqUkyd HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: chipher\r\nx-request-id: f33ecb44-4144-4422-8257-d7a7d1cbf795\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932389\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:11 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nset-cookie: acw_tc=0a0ccaf217759323909765286e337dc4b2277d7ecdacb9aaf97a708dec14cf;path=/;HttpOnly;Max-Age=1800\r\nvary: Accept-Encoding\r\nx-env-apisix: 0\r\nx-ratelimit-requested-tokens: 1\r\nx-ratelimit-remaining: 499\r\nx-ratelimit-refresh-period: 5\r\nx-ratelimit-replenish-rate: 500\r\nlanguage: zh\r\nx-env-backcenter-biz-domain: 0\r\nx-trace-id: d1fa76fbcd24a253298c7a40cfeec26c, d1fa76fbcd24a253298c7a40cfeec26c\r\nx-env-backcenter-gateway-external: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-nxxgf|edda3aec81870206f07e150ae23cdfa4\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true, true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Access-Control-Max-Age, Access-Control-Request-Headers, X-Frame-Options, X-Trace-ID, newjwt, token\r\ncontent-encoding: gzip\r\nvia: 1.1 PS-SIN-04DFS81:8 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04DFS81SIN(origin)\r\nx-ws-request-id: 69da93e6_PS-AMS-01QkJ103_53875-28572\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":344,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (344), with no line terminators","md5":"685c23a4e4e9bc3bf0aab9069961f010","sha1":"eb9a5eca989aada2986128fd2434345bc8c1ca39","sha256":"8912e7c440c1c8b7c5a32985fd3d64331ebcca843ff82418dfa597b2d05e0a55","sha512":"485403873a85815919dab4bd190990ef7d7aba45c9c9aa80a8c9f4a99c8d3b513de2873d5091ad43e3a11f8787d2902d3b77672fbda140502d153045033c3221","ssdeep":"","tlshash":"29e0c000cba3e31c81582b47dc7eb2ed10c945a0b8ae517a00019acc049f488dd48a17","first_seen":"2026-04-11T18:33:40.317438Z","last_seen":"2026-04-11T18:33:40.317438Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"695rdgnfw5f.18912244.com:20206/assets/theme-0/0_RechargeDialogsChunk.C8Tn1UZC.js","fqdn":"695rdgnfw5f.18912244.com","domain":"18912244.com","tld":"com"},"ip":{"addr":"172.65.218.121","port":20206,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:08.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"695rdgnfw5f.18912244.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Mon, 20 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AB:44:50:F3:CC:F8:FC:F3:42:EC:75:E2:D3:0C:19:1B:5F:B9:36:F4","sha256":"4B:05:65:FA:AC:EF:A3:36:43:B0:62:26:67:2E:84:49:29:62:7C:DA:CE:AF:8D:5A:0B:1B:23:85:8B:6B:BB:46"}}},"request":{"raw":"GET /assets/theme-0/0_RechargeDialogsChunk.C8Tn1UZC.js HTTP/1.1\r\nHost: 695rdgnfw5f.18912244.com:20206\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/assets/theme-0/LoginRegisterIndex.5cxrQ2SR.js\r\nCookie: web__lobby__persisted__device=%7B%22uuid%22%3A%22f75052df-c3a1-4058-a524-7aad8f7dc107%22%7D; web__lobby__persisted__user=%7B%22userInfos%22%3A%7B%22game_gold%22%3A2000%2C%22account_type%22%3A1%2C%22platfromid%22%3A%22web_lobby_guest_account%22%2C%22mode%22%3A0%2C%22currency%22%3A%22CNY%22%7D%7D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-oss-request-id: 69DA93E42A8AB23735F8F76D\r\nvary: Accept-Encoding, Origin\r\nlast-modified: Sat, 11 Apr 2026 04:21:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11644583468615185052\r\nx-oss-storage-class: Standard\r\nx-oss-meta-version: v7.1.212\r\ncache-control: max-age=31622400\r\ncontent-md5: AOyW3R/vfAqTxhp95RLc/Q==\r\nx-oss-server-time: 1\r\ncontent-encoding: gzip\r\nserver: gocache\r\nc-type: pf\r\nrid: 836f783a37fe525dcba58985f3f6ab90\r\nx-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":161900,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (46301)","md5":"00ec96dd1fef7c0a93c61a7de512dcfd","sha1":"a72a4f1a3a43b568e21b143814c9f2c17bc8fbc5","sha256":"6ffc9b28809fb92f16a867887a041cc2cc845c202b32971706d9e07479c1978b","sha512":"aaa3fa35c66f456f3920a3fc2d23fd0f9a94c717132b4afaff6eb9b49b5d376c492a688bda9c0808b780eb22fee0def285b85ae8fa52bcbc9c17d549ad90d777","ssdeep":"3072:g0IyJvRN4t494rvvftxqHfeRWnFWyJ2FpSgusFRayOFldXsQRzC/1E9v:g0VpRN4S9EvftxqZnFWyJ2FpSgusFkqG","tlshash":"aff30988b47ab1787b79199860fa08e2421c3f97d000d4f1a0fe4e65379af74b2d577a","first_seen":"2026-04-11T07:57:01.952907Z","last_seen":"2026-04-11T18:34:05.982666Z","times_seen":27,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"695rdgnfw5f.18912244.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgm1940797.appfrvpmgw.win/hall/api/gohal/heartbeat","fqdn":"mgm1940797.appfrvpmgw.win","domain":"appfrvpmgw.win","tld":"win"},"ip":{"addr":"138.113.210.9","port":443,"asn":54994,"as":"ML-1432-54994","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://695rdgnfw5f.18912244.com:20206/?id=422876378","date":"2026-04-11T18:33:14.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgm1940797.appfrvpmgw.win","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:26:44 GMT","end":"Mon, 08 Jun 2026 16:26:43 GMT"},"fingerprint":{"sha1":"F4:B1:A8:F3:75:CF:9E:D8:01:08:8D:AB:DA:56:67:50:D3:F3:94:44","sha256":"EA:6F:FC:B6:79:2A:3B:E8:21:21:AB:18:FB:BE:1C:DB:F9:F0:1B:8C:DA:50:C7:4E:CB:CA:85:51:61:5D:9B:10"}}},"request":{"raw":"POST /hall/api/gohal/heartbeat HTTP/1.1\r\nHost: mgm1940797.appfrvpmgw.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nx-object-id: {\"uid\":\"\",\"browserLanguage\":\"en-US\",\"init\":{\"device\":\"\",\"created\":1775932383901,\"version\":1775793838000}}\r\nplatformType: 5\r\ndevicetype: 3\r\nx-device: 1-5\r\nx-data-mode: chipher\r\nx-request-id: acf32fb3-3e56-4afe-8b6b-ce8ac86f222b\r\ndevice: f75052df-c3a1-4058-a524-7aad8f7dc107\r\ncurrency: CNY\r\ntimestamp: 1775932393\r\nsiteCode: 1937\r\nlanguage: zh\r\ntoken: b2e3d672-9d88-47a7-81b4-9d7ffc62054f\r\ndeviceModel: Firefox v134.0\r\nphysicalDeviceModel: unknown\r\noperatingSystem: Windows\r\ndeviceBrand: unknown\r\nbrowserType: Firefox v134.0\r\nappSystem: Windows 10\r\ndomain: 695rdgnfw5f.18912244.com:20206\r\nwebauthnDomain: 695rdgnfw5f.18912244.com:20206\r\nclienttimezone: 0\r\nx-custom-referer: https://695rdgnfw5f.18912244.com:20206/home/register?id=422876378\r\nx-version: 7.1.212\r\nbrowserfingerid: \r\nappVersion: v7.1.212\r\nContent-Length: 44\r\nOrigin: https://695rdgnfw5f.18912244.com:20206\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://695rdgnfw5f.18912244.com:20206/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":44,"data":"xsOulZQoMfpEUI/HCgN4O+mKwqEXkYcclikpvS+ACyY="}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 18:33:14 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 88\r\nx-trace-id: fc3d2cd186a564ab877a2e705a6625d3\r\nx-env-apisix: 0\r\nset-cookie: acw_tc=0a0ccaf217759323944037125e337dd821986091d68c8cbfd16cb3c8508424;path=/;HttpOnly;Max-Age=1800\nUserKey=35dbWawUfEkiSLMi0rbB5Tp1YfFh4j5iCUnfVhKYL28NY12kXO0QzKeyT3-7-33r; Path=/; Expires=Sun, 11 Apr 2027 18:33:14 GMT; Max-Age=31535999; HttpOnly\r\nx-env-go-biz-gohal-server: 0\r\ncache-control: no-cache\r\nx-saas-server-id: 844988bcd4-xs9nw|660d88997a3d13c40737a130a3621441\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Trace-ID, newjwt, token\r\nvia: 1.1 PS-SIN-04DFS81:8 (W), 1.1 PS-AMS-01QkJ103:21 (W)\r\nx-px: ms PS-AMS-01QkJ103AMS, ms PS-SIN-04DFS81SIN(origin)\r\nx-ws-request-id: 69da93ea_PS-AMS-01QkJ103_53875-28712\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":88,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"e0ee010566de1b7bd47654b51be222f8","sha1":"dffacaeeb974214bfc74ac3aa60bbd009999016f","sha256":"d830e12ce4277c34d97b349b037a73fbba8afe7d2690e1be848db5e4b415520b","sha512":"404d836afc748d34075f5b4a206e12a647ebafaa5c284a593e5f6fd27e6b5bfe08192ade788a9f2153c3e003335d76c6326ccc49eb94cb18d3649bccecfa5df8","ssdeep":"","tlshash":"c8b012a0d1100cf289104d101d09eb138d319d48d1003030c3487091822033e0c03561","first_seen":"2026-04-11T18:33:40.32023Z","last_seen":"2026-04-11T18:33:40.32023Z","times_seen":1,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"mgm1940797.appfrvpmgw.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}