{"report_id":"1f2dde40-e55f-424b-a26b-62a4db942565","version":6,"status":"done","tags":[],"date":"2026-01-08T05:27:36Z","url":{"schema":"http","addr":"mxx80.net/","fqdn":"mxx80.net","domain":"mxx80.net","tld":"net"},"ip":{"addr":"104.21.19.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"title":"ManBetX(万博体育)官网|英超狼队和水晶宫全球赞助伙伴","dom":{"size":117795,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1723)","md5":"1e01d6b5a9f19ea7b8f8205060f97e99","sha1":"04bb8fd744a8dd6dec02ccd0449f8fad8ab8f6b0","sha256":"cfac95c221de5b0ec6804b3416621a9051f984eb7399b0a4a870a1e2b24ce0b5","sha512":"4cf0c75b21959c01fac961ac3bf59217b77ec58d18aec35dc20d9e30f8f18ad1f823c3890defbef11cca99418ca2d52b7301db12e57b83813e673a324dfa1707","ssdeep":"1536:wqTY0pSpCFEr2cvenf+MuqvkzXSVTS325VUpGHCLL89bkst5cdbSaOjQvvvuvKvY:Eh2pmMuGTSMkMm+WbSaZXWyzwbRWu","tlshash":"4ab30751a8fe0533017780d6a5b7af1aaeaa9037d7068c1072fe4fc45fc2e82895765e","dom_hash":"domhasha0f21435e1b9045834234f044c13491f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mxx80.net/","fqdn":"mxx80.net","domain":"mxx80.net","tld":"net"},"ip":{"addr":"104.21.19.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-12T05:27:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":11}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-08T05:27:17Z","timestamp":1767850037,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":39351,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-08T05:27:17.326400+0000\",\"flow_id\":1211720873147136,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":39351,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-08T05:27:17.326400+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"mxx80.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-06-19","alert":"Phishing - Other","trigger":"cn.1mebetx.com/home/register?code=40516","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}],"urlquery":null},"summary":[{"fqdn":"static-content-j.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:27:25Z","last_seen":"2025-12-31T07:42:38.524296Z","alert_count":0,"request_count":1,"received_data":6700,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"www.vrfpshbc.com","ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2023-07-07T23:23:19Z","last_seen":"2026-01-02T07:30:51.901047Z","alert_count":0,"request_count":1,"received_data":4910,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.v1c2h.com","ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-25T12:54:58.845462Z","last_seen":"2026-01-02T07:30:52.98038Z","alert_count":0,"request_count":1,"received_data":35341,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"game.gp5trb.com","ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-03-13","domain_rank":0,"first_seen":"2025-08-11T16:46:35.765228Z","last_seen":"2026-01-04T06:32:52.15578Z","alert_count":0,"request_count":3,"received_data":16942,"sent_data":1394,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-04T22:18:41.67311Z","alert_count":0,"request_count":2,"received_data":710556,"sent_data":888,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.f4bzyrz92us3.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-11-02","domain_rank":0,"first_seen":"2019-11-02T15:14:40Z","last_seen":"2026-01-04T20:15:07.755183Z","alert_count":0,"request_count":2,"received_data":55914,"sent_data":905,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"file-new.a4hskh.com","ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-10-23T12:54:45.112235Z","last_seen":"2026-01-02T07:30:51.195042Z","alert_count":0,"request_count":3,"received_data":290971,"sent_data":1452,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static-content-cn.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-11-08T06:15:29Z","last_seen":"2026-01-02T07:30:51.745247Z","alert_count":0,"request_count":14,"received_data":624564,"sent_data":6538,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"banner-notice.6dqr2n.com","ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-16","domain_rank":0,"first_seen":"2025-06-01T18:49:53.405981Z","last_seen":"2026-01-02T07:30:51.27898Z","alert_count":0,"request_count":3,"received_data":25424,"sent_data":1335,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mxx80.net","ip":{"addr":"172.67.185.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-01-09","domain_rank":0,"first_seen":"2025-07-18T06:59:12.774001Z","last_seen":"2025-10-30T23:18:03.025811Z","alert_count":5,"request_count":1,"received_data":103243,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-01-05T01:27:37.424479Z","alert_count":0,"request_count":2,"received_data":30887,"sent_data":1295,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cn.1mebetx.com","ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-23","domain_rank":0,"first_seen":"2025-03-11T18:24:04.090449Z","last_seen":"2026-01-06T05:48:40.780586Z","alert_count":51,"request_count":10,"received_data":635627,"sent_data":5550,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}]},{"fqdn":"static-content-t.wb27jlt6u066.com","ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-13","domain_rank":0,"first_seen":"2022-10-27T08:48:51Z","last_seen":"2025-12-31T07:49:08.201412Z","alert_count":0,"request_count":29,"received_data":988017,"sent_data":14543,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}]},{"fqdn":"api.eaafacef.com","ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-29","domain_rank":0,"first_seen":"2024-08-15T12:53:23Z","last_seen":"2025-12-31T07:42:38.584151Z","alert_count":0,"request_count":1,"received_data":3038,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1767850034","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6917b6258fb8090e20de3e940c61e398","sha1":"3163b917655feecf98b910bacf8d1c461943fa3b","sha256":"a681b2271c75b6075d40f063db0e48f1d90d057b3a829968fa29a723adcc101b","sha512":"392185fb23690c00fa2742840973d461257c28e77493891343047ca0e401c306a47803d0b11adf306f61cd44ebbf2e986075f24ba04e4fee33ac8ad980dc81b3","ssdeep":"1536:n6Dk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:oGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"5033e71ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","size":54486,"data":"","first_seen":"2026-01-08T05:28:13.496621Z","last_seen":"2026-01-08T05:28:13.496621Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5185b039d75edd72e946c541d17e3c80","sha1":"710791c76ea207cec0548cf54149c83dbe400c5f","sha256":"fee40cb56673410470defe50e78d0c069be613bf37749c660bdd527402c44edb","sha512":"4d80fb27e9a9b0ebaea4770fcdf8871ba96bf57c4a78afb54be5c4f10b88f5506722f6d764b6d7e3103273d820191d70da57596c1e09d3df42770104550f7636","ssdeep":"","tlshash":"2be0df2abafa0d792dfb211a213ba9445a93202b639cd960b50d69e00f861e9310321a","size":402,"data":"","first_seen":"2025-10-25T13:35:11.606562Z","last_seen":"2026-03-02T07:28:25.828714Z","times_seen":300,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7d1b0c4abecb0c34180637dbde008e31","sha1":"7b46777f96a5319977e401a7b63f9d7c5bd8174e","sha256":"f1ffa8997c9b2f897c44a110581b729b94b610803889cd27c6ff3d3405ca5096","sha512":"cae93c4e7e28dd4d0d71a9dc150b91e755e3a75825d89179322b0efda69637d759d5c906e8c3d29c744710ad8a2a803e3c81f1d89c0235ff3b2194562f6ef435","ssdeep":"","tlshash":"11217b066daa118227fb307912bfc2c833b99027058bd9c03d5c55408f2cefa66f9b45","size":1201,"data":"","first_seen":"2026-01-08T05:28:13.591519Z","last_seen":"2026-01-08T05:28:13.591519Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/sandbox%20eval%20code","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-28T16:24:02.712773Z","times_seen":822569,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e546d7ad4c50322dfaa6a96fd320c46b","sha1":"9c861759b7d3839274623f234768efc7cbe04158","sha256":"0c660204b059c921518b106d14f4dd061d6459a0802ca5d113a651415af290d0","sha512":"2416ed5d7561d5c3a0c323274d94743687a5aba05ed8098ba185f2debb871b6b691aa4590497b5c451dc644fb594e2ee417b53a5ab0072c2a6f6c4f3b02ffb0a","ssdeep":"192:/ODdk3EGClSTYtR/yy9lWVCytUNJDkG1ys:/sSCLDn","tlshash":"b802bc8df1a752b829b73036537f10c2ab6f021bd456dc30ba8f66b44f82a10a746799","size":8776,"data":"","first_seen":"2025-09-12T00:40:29.99588Z","last_seen":"2026-04-27T14:49:05.495901Z","times_seen":445,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7ee54a7240990e7c3b05eab06f4a2e7","sha1":"344f7f9163a8214f5583328970d8f6bde9371089","sha256":"6d762892025be8c5b37c804c06fb5300353bd9a6f57eba232b5775b29106cb61","sha512":"74636b349bc64770baea93e5542d1d579192ef0367b87cad5b8a25a2898a33540b82e85ae90c7f7a5a40280d1c97c6c898348123f243ad9a9da93ad7f80f9ed3","ssdeep":"","tlshash":"8c01dc38f2744a4660bb70722d6be81aa9a94c072c0bda14f86c05e12fc06858b6194d","size":760,"data":"","first_seen":"2023-05-15T15:49:02Z","last_seen":"2026-04-27T14:49:05.511417Z","times_seen":721,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","size":18633,"data":"","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2856109bcf4ab287c95f14b1400ad5dd","sha1":"dc925cacf122b5a6acd7ad8738d823ca0ccb45dc","sha256":"7ae47d0607886d1c2ad904eee62a34d4da0a302dfabaa29053898c7858c5354f","sha512":"e6f9efd6be7d220b3bc4e11739a8ba37e34f22453a662ec0e4ad598ee3c6b0b10182ccb6ac20de839aa3556301711f3ecb39afa20c8ef39c7187e209ae50518c","ssdeep":"","tlshash":"6061626abab70155007f202e0abfaa087d904027a20cdd2dbc6cd8c59fd4d0675f7ead","size":3186,"data":"","first_seen":"2025-12-05T15:52:02.651036Z","last_seen":"2026-01-19T13:31:43.46506Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528ef4a1a4b0d93d15940376c9f30a94","sha1":"3dce760e0effd87001127aa2e43a33df79cc2ce4","sha256":"e5778ea07b95de382d159e4876a0ab85ad9cce8343ca2034ef7219a2e7e6a47d","sha512":"e52fd3701f7f4929be758d430d3e9c6325b49173875b2c3934e6b1e0d73033f42aa40bbac1b98651402364a6d920b2efd3bae7950c7d8f87bf4d0694bce361d7","ssdeep":"192:t4tYyfgH8iIXXyiCavEEM8g2Frp3dx4rOyKztANA2A8ARadKHKCST:YB02hkstw","tlshash":"ab02b41af9eb1605293730ad1b7f418875b8d1236548cf30b94cead40f96914d2bafec","size":8902,"data":"","first_seen":"2025-03-02T07:32:23.116883Z","last_seen":"2026-03-30T14:28:44.979286Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","size":13514,"data":"","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-27T14:49:05.230861Z","times_seen":1050,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"0c9a5311ca803f4ad6c8f6f363e43033","sha1":"8b96508dbe3e154b35d4878052e1b694b0327bdc","sha256":"f95123c8b72f74901d34a182a4b7ff0d1e2b94170d274954f1ccdbf6c148033c","sha512":"d224720aeb7baac3c800e2ef89834b9c57f2ef637cdba8670864b3f6ec8acf0b8d538dabf3f0d85bb978bb2178de2c26a7c8357709996ab926738ffb985d9c91","ssdeep":"384:d4JSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:d44VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"89d2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29905,"data":"","first_seen":"2026-01-08T05:28:13.567956Z","last_seen":"2026-01-08T05:28:13.567956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c8770feb1d73456ebd6076c93eb3e3b0","sha1":"0c925eda3c849844b07b99dbc2aae096ac24c684","sha256":"b503d574c2e5e081de902cc599c4011769cba6f08faa6ce13d1e0cbc0e396f78","sha512":"5ba76cb37f5d6899ae520e9791d193b202026f9088d4272513f8afdf56fbda5f4091d015d4fe220dd89908fe65e99596d81384ba1413327daa274d87ca1caf03","ssdeep":"","tlshash":"dcf09ece8349caaa29e738ba7417744ca4c80d1735ea8ca4dc04505224c563340d259f","size":488,"data":"","first_seen":"2026-01-08T05:28:13.612872Z","last_seen":"2026-01-08T05:28:13.612872Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","size":10405,"data":"","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-27T14:49:05.399697Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","size":60825,"data":"","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dcf0335ed30477122c0936de2dbd0eb","sha1":"2b9acec2f0e4d0f423b3c39189056b9a9b95c169","sha256":"41f0709567e18db982900875177721852e5c22a27e9800bef9073b03f3b2ec82","sha512":"9e11b41988c0725928e18661b4c0d6ae7860e43b999764bfe4fdebbf2586746a4e811225792945419a73c09bbae34580d17aef0d3e41b9cd6ce423114092e3ee","ssdeep":"3072:xqEsEtrIxV/J4AV0PbKsB67ZKrEv5wtfvvph3rNh8nbzlXJjO67gxMOTkkmhgYvr:4NV/4xEh2phZhYRXJjO67YMOTkLhgYvr","tlshash":"476419cd73da742683a3a474503f018bb17b69d2e84cc895f186d8d42e74aaa4237f7d","size":322955,"data":"","first_seen":"2026-01-08T05:28:13.504027Z","last_seen":"2026-01-08T05:28:13.504027Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2be170d8f4f787340db2e14d377e79","sha1":"f668d01ccf043d3594e169439d3ce19468e51cd1","sha256":"8134add4aeda5822524e8a34e6251356f57acc8ba3147c31bfafa57f78c674ef","sha512":"6e57acf91dc87fe9cd903e93fef832fcb323772877645b501f6d856624817871c735b45cebe56253df4bf64584cceff5beac06e02631a7885b60fbbfb26d52f6","ssdeep":"","tlshash":"a25140e6fb98330ca4be90a91cbb30c5b19518e525408c747d4d57e17b2282d6b3bfad","size":3154,"data":"","first_seen":"2025-08-26T08:39:52.098859Z","last_seen":"2026-02-12T05:30:34.717229Z","times_seen":413,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","size":520714,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-28T15:28:18.098448Z","times_seen":14459,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","size":77892,"data":"","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-27T14:49:05.151977Z","times_seen":950,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d0b0bc1ef7bcdddb43044412caaef9f","sha1":"7486b48306bd3c1c94547a5c4b238d40e4c2be3c","sha256":"87f57b68bdd4f868c5a97901e2bb9b9192d77093a62ba7fb2b0a405e4d73eb6c","sha512":"9cbb500a3bb1bbe52fd69f7b3ffe53f325c55da5b7d3510d72dc6f01b9ff25c3f268e8317a86d65c787fee9d23197cb877c138ff00416ecda80d40c1ee9e281f","ssdeep":"","tlshash":"9be0c216736e1091842328154a3b53054b342513682f7c02fc8d02941f2e60cc073a02","size":382,"data":"","first_seen":"2025-03-02T07:32:23.118872Z","last_seen":"2026-04-27T14:49:05.529497Z","times_seen":713,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","size":68787,"data":"","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5a0fa4eef16d69c6b9dee35c25d26d8","sha1":"e8635305ef3b8d12872017b4fb281af70c777426","sha256":"777b8446c3d8bf1de5e4511d0f9cf79303a0ee4ffe58b52ae23685d92a596c01","sha512":"ef1fbfc9f3285c6c7070ef739d8e06483126e53a752fff23a5bb56720038cdcf41b53a53f23043085b9595f62024651c741c5887e742b9babb2941b0d638658a","ssdeep":"","tlshash":"aab01211110d2000f091307f84905e4407140c245d23c1d35590053310ec4604df832b","size":98,"data":"","first_seen":"2026-01-08T05:28:13.577718Z","last_seen":"2026-01-08T05:28:13.577718Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","size":10762,"data":"","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6160","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0dbd469337215da9fe3b82cd36d54d5a","sha1":"d8f70bf79e09e2579a6323d905f17b041c2fb019","sha256":"5e94b36bbe305643cbec84b2335dad80e8fc31895299aa90d0c2fde1377dbc8b","sha512":"2a1b817f6257746cca736ecaa8a68aae39be9997944d2b62c0c83884c4356935fef2043f6a6f2c56138f3bbb3441530d86d454deb10e40d97b6ac444e6eed5ed","ssdeep":"6144:w8NV1qWCEh2phH4lhueXJjO67YM+TkJfShdl0v8:lnJhwH4nY/Tk8","tlshash":"3a841ace73c670669396a478503f018bb57b6992f45cc895f18acce42e746aa4237f3c","size":386367,"data":"","first_seen":"2026-01-08T05:28:13.495783Z","last_seen":"2026-01-08T05:28:13.495783Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b42e0314adee140fb5e18e096f4bacc6","sha1":"88a0dd79b84b2e572836c66669ab55f89b900b58","sha256":"79cfa18812005def94e215acc70f8ac882ed591a822067b972f4ac2235c6f1f4","sha512":"99546e964d9fbec171b64edc7d2d355aa9214fd8948f81883cecc0950eb590e49bfde4a8e76b7941c43b9e1d9670e6058f566d327912f96e3d7f7ed00553ec0a","ssdeep":"","tlshash":"b6c02bc8211a0c7191fb27008b3ff604b402721898e96931cd0a33054d30e03db58c44","size":155,"data":"","first_seen":"2025-03-02T07:32:23.121669Z","last_seen":"2026-04-27T14:49:05.532041Z","times_seen":721,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa249485a4961fe24b760a4d9e9febce","sha1":"c21e2c980ab76e0f7a7f9cfaecd375bcdaa20fec","sha256":"e41ff2bf25448947d8dab8b9ca03133890adb03079188916abd97b5498ea4fa4","sha512":"fe75a281232dd8aec23d33f4f14da97a77561267a7cccd1fc3c51f165aec9b69599ab0d7706c8f9fa72a089744e604a97b9b5f9950e4cab9c607bc2fc777023a","ssdeep":"","tlshash":"2001834e345c05e721b776e733f3820cb86756071084f492f74c869c0e008ba005b4ac","size":688,"data":"","first_seen":"2025-03-02T07:32:23.124386Z","last_seen":"2026-04-27T14:49:05.538112Z","times_seen":710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-28T16:24:02.712051Z","times_seen":820952,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-28T16:24:02.712051Z","times_seen":820952,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-28T16:00:52.919721Z","times_seen":108362,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87044102cff06b623100ade4509413fe","sha1":"4910cda6da540e5340cc9357a21861856067ea00","sha256":"25d6d6174234062dea3e4341e86b162a91f2a8a245654aa69f6f5bd1282d23fc","sha512":"2781832da4ef05f20d23240d0321a6a74fba1a7baa07797ea68a8fb18b5bb7daf28176aec390a0a65bef36720af288df0be5afd889b52534c441ca011bb01a49","ssdeep":"","tlshash":"60d0950f1c1514382379147d10bae5ccb171104c907dd50040dcd4504964ed50c3d7c8","size":254,"data":"","first_seen":"2025-03-02T07:32:23.127917Z","last_seen":"2026-04-27T14:49:05.562405Z","times_seen":710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","size":62427,"data":"","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"09b6a9ef54ab9c825298cd9a9d9ca45d","sha1":"eb87b20d55ec83c8d29417da60113f0283b2246d","sha256":"af68e9610525733157637c6a6d65d9d80deadf76dd5b96aaaafc133c280c09a5","sha512":"d9fa04f34e4c18a79fa7a70c631589cd16077e1c2fd880973624f8feb4d02cb19f56b3dca48ae8c60093d74cc0275d18bfd6ed9eeb9d58894498b86c5ecca8b0","ssdeep":"","tlshash":"e8c08cc028e20ea2553ee04218b9c29220712fed01739894e0ae931c2208060bbed23e","size":156,"data":"","first_seen":"2023-03-07T16:03:14Z","last_seen":"2026-04-27T14:49:05.572976Z","times_seen":735,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/sandbox%20eval%20code","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-28T16:24:02.712773Z","times_seen":822569,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-28T16:00:52.919721Z","times_seen":108362,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","size":24119,"data":"","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-27T14:49:05.353924Z","times_seen":726,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4da556734f4b410ce3f99b7a5d1602c7","sha1":"796c0c45978d28d16ce343d9cc38154d80da9f3b","sha256":"99369cde7758c83db3a0cf8c5e8c2298d043bcb243c93b1327acd242b7cfd2c3","sha512":"22e0dc1e0b2fbc3c91874da0b1861484068c6c587f86c57d6796cbb03b120d61de2165ec8fbfad56b96e2bae76c29e5932f7108e05a436bd3d3239c6e350e264","ssdeep":"","tlshash":"d7b012315b10516e2594d02d353f1800fcc66117ca00c9b5663fd9d149c4cf0c1748cf","size":105,"data":"","first_seen":"2025-03-02T07:32:23.133072Z","last_seen":"2026-04-27T14:49:05.577074Z","times_seen":710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e281b6261d7a4389d1a73ba7edca4c3","sha1":"3ff58b8c22b9a16f71fc165c2fdca441df3116f2","sha256":"7977e1460356f3afb0bd6241246a968d2f485a905c6248e534fb53140c96c53c","sha512":"1d007f47c8fd6020cb584d67325b21835a8b1fd4a63ca49cc014beb6c895d2bcc47369134b46715a66cd24b2965e92e10116aac415e0b6f09045f79eb2b42ecc","ssdeep":"","tlshash":"c7b09288e9a8402a91ba1922242212cd19aa1866e8c000821462d99009bab4c656be9b","size":114,"data":"","first_seen":"2025-03-02T07:32:23.13386Z","last_seen":"2026-04-27T14:49:05.580313Z","times_seen":710,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"971c3cdc01aac017b45d6aaf9d29f3ca","sha1":"43b0e892b57bcf623a59772c8486e310db12b99e","sha256":"095e217a343951c56a3242eeb3e57680822ea3f9289c76751d6ab036ffeca2c2","sha512":"f63223e81453fdcd94958f3f49eb7534469ffbe1c58df30637d72679a79818c7f478847923dc48781ce5d7f6d4586acc1d9a19ddf97aa474f1036eb995c8cb6b","ssdeep":"","tlshash":"f7c09b31d97994d45d3694c5041593793cf4e03207dc5321f7d8716ca7ec75151a1643","size":134,"data":"","first_seen":"2025-03-02T07:32:23.135874Z","last_seen":"2026-04-27T14:49:05.585189Z","times_seen":704,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95931,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-28T16:00:59.354135Z","times_seen":17483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","size":34779,"data":"","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-27T14:49:05.334062Z","times_seen":725,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i2022109557596bf60a4a37a8fd6570231b8312.png","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i2022109557596bf60a4a37a8fd6570231b8312.png HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 228056\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:07:34 GMT\r\nETag: \"6344ddf6-37ad8\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 972234011633ba12499a06a744d3a3e8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":228056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 838 x 572, 8-bit/color RGBA, non-interlaced","md5":"ad437106303315b23ca37c00fac9b9a7","sha1":"f503a3d13adaba3b253e4adb493181f86c50bb6f","sha256":"9624ab5cf4b378ccbf9525a00dfbc12c923cb62d887e8bd6a69c4d140c6a8133","sha512":"36cf78c0da7bd3530167e12f2bd3a0f75c38a745f337075d0b493eb41d6e035a2e7fe461df7a771e94eb42e69f419eb3af283b220bb211a2b652d8f55d47558a","ssdeep":"6144:/LkBXH85hsNRgjSxVQldvROEZ7dhzZA6x/qQ:QqnsNRKOVwdvgEE6IQ","tlshash":"122412ecb69b980fef3d1147925c0db4e0f820043b1c9277a155e9b7e8d21a939b5acc","first_seen":"2023-05-05T17:23:57Z","last_seen":"2026-04-27T14:49:05.458266Z","times_seen":740,"resource_available":false,"data":null}},"time_used":3073,"timings":{"blocked":1913,"dns":0,"connect":4,"send":0,"wait":443,"receive":263,"ssl":449},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 143\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-8f\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a9919dfbe9ac661549bb31d20bc8a0be\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit gray+alpha, non-interlaced","md5":"9a413aaa3c056af34c80628bee9e4586","sha1":"a676a5b3e90762c8c4a9314985e9abf2bad95666","sha256":"5aa5f649a8a53a15e0b65385149db1ed4f7b6286ff043f5fd96445173fc8d6d3","sha512":"ce054b7ace97a2c6922c028af0a5501b442ce7c10110ae85e5df72a542355e9ae5cc0a51b5ec6d9d577517051b30378466cbc61d9830542d47fbe36b04c440c1","ssdeep":"","tlshash":"76c08ce12a204a28faa603a22a3811d0f820b2782929474800284837401212711ea6c7","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.358646Z","times_seen":846,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 3150\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Feb 2023 01:02:19 GMT\r\nETag: \"63d9ba1b-c4e\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ea039a1259d3a7bf5f67bae4584e102a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":3150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 373, 8-bit/color RGBA, non-interlaced","md5":"a64222f0baf49b7b54175cb4b70c7772","sha1":"179e5f57fdd5dee04578274231a5445b76b83ae2","sha256":"382fcd4debce444b68de702fa69d2b8935ba546457f1a36d358d312baec1f35b","sha512":"13ef9e867c04188713a5812ed810ccd9f80771648acfed7ee5a3b7ffe0862f67233d1136de6440ade5854d2a14012fd6d7f1751c010a6f8dcc708d4c6d640291","ssdeep":"","tlshash":"ad514cc1185c2e117ffd4130cece1ff99c9e2da667e0a29d8639d1926da4310f4a5b8c","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.438014Z","times_seen":845,"resource_available":false,"data":null}},"time_used":1936,"timings":{"blocked":973,"dns":0,"connect":0,"send":0,"wait":963,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/news?try_platform=4\u0026status=1\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/news?try_platform=4\u0026status=1\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:18 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":526,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2088b7d01971f3060f5e89dd786e6708","sha1":"ff4ad9930dfc4816d23ccf1397be8ac68f980f23","sha256":"b89956652afcb768ec99702b64d1b16416e39819ae8d766d5118cb49924047ef","sha512":"121e28f14b5713a7fd5af02b1ee1cbf41c22b9d3ff225021f4235a0e4a2d93bb11a8e4f858d1d3dd8b7cf0ab6b3d07764db9b90bed921cea4d743b3187950343","ssdeep":"","tlshash":"5cf0c9210a399c29ae8e1c8e004e6315e9fd66d88cec891c91dfee0479c07a48a43336","first_seen":"2025-12-26T18:46:29.852374Z","last_seen":"2026-01-26T09:13:07.223691Z","times_seen":95,"resource_available":false,"data":null}},"time_used":2571,"timings":{"blocked":1091,"dns":367,"connect":205,"send":0,"wait":384,"receive":0,"ssl":519},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6160","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=G-3LRD95F87M\u0026cx=c\u0026gtm=4e6160 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 08 Jan 2026 05:27:17 GMT\r\nexpires: Thu, 08 Jan 2026 05:27:17 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 132814\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":386367,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"0dbd469337215da9fe3b82cd36d54d5a","sha1":"d8f70bf79e09e2579a6323d905f17b041c2fb019","sha256":"5e94b36bbe305643cbec84b2335dad80e8fc31895299aa90d0c2fde1377dbc8b","sha512":"2a1b817f6257746cca736ecaa8a68aae39be9997944d2b62c0c83884c4356935fef2043f6a6f2c56138f3bbb3441530d86d454deb10e40d97b6ac444e6eed5ed","ssdeep":"6144:w8NV1qWCEh2phH4lhueXJjO67YM+TkJfShdl0v8:lnJhwH4nY/Tk8","tlshash":"3a841ace73c670669396a478503f018bb57b6992f45cc895f18acce42e746aa4237f3c","first_seen":"2026-01-08T05:28:13.495783Z","last_seen":"2026-01-08T05:28:13.495783Z","times_seen":1,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/EagleEye.js?1767850034","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/EagleEye.js?1767850034 HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: br\r\nSet-Cookie: E2Token=91799d22-c70f-4ef2-a989-bbaabb6a149e; expires=Tue, 08 Jan 2036 05:27:15 GMT; path= ; samesite = None; secure; httponly\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1438\r\nX-Rate-Limit-Reset: 2026-01-08T05:45:46.0196853Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b98b6625aba33111cf56c03b70e01b72\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":54486,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37140), with CRLF line terminators","md5":"6917b6258fb8090e20de3e940c61e398","sha1":"3163b917655feecf98b910bacf8d1c461943fa3b","sha256":"a681b2271c75b6075d40f063db0e48f1d90d057b3a829968fa29a723adcc101b","sha512":"392185fb23690c00fa2742840973d461257c28e77493891343047ca0e401c306a47803d0b11adf306f61cd44ebbf2e986075f24ba04e4fee33ac8ad980dc81b3","ssdeep":"1536:n6Dk6G1j9Bk/k0q7Mfx5+2I7v7D71Ies9GUWfth7KBbTE21gAWIOuYyR4mr/qDAa:oGW/k0q7Mfx5+2I7v7D77FftlKBbTv1O","tlshash":"5033e71ab2963539c56230765caf9148b33d85a61398505cab0fc5e4783987e83bfff8","first_seen":"2026-01-08T05:28:13.496621Z","last_seen":"2026-01-08T05:28:13.496621Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1939,"timings":{"blocked":738,"dns":322,"connect":1,"send":0,"wait":433,"receive":4,"ssl":439},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/service/verifycode?x=0.8309076040587944","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /service/verifycode?x=0.8309076040587944 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=3D6C66B257468852AB92ECE532F7384A; Path=/; Secure; HttpOnly\n_vcid=3D6C66B257468852AB92ECE532F7384A; Domain=.1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: ba8e194512828a831449ab048e8fbe18\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1104,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"400578bb179531084803dec470435132","sha1":"b870396c4cfbe9f0aba360e7a7d025b91b4abefd","sha256":"be4ac3c1ecc1814a0fc133dbeb8f7d346c5b8d560a527233eb345019565ac2ad","sha512":"5b409af9240c533e44f1aaf2ef45c3bc077e3a86a3148e273d13e7640bcf2d931b921aefed3a52e16cf73dfc710df3153349b6301850bd93da9246ac2de3bb14","ssdeep":"","tlshash":"4111b22be3029e11cf06c7ba2201242a95dfcc87b9905b78296802f6db21cb6814b70c","first_seen":"2026-01-08T05:28:13.497518Z","last_seen":"2026-01-08T05:28:13.497518Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1066,"timings":{"blocked":799,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_1.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_1.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 9153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-23c1\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 16341a2dd5162e7b5b43fb1b2f94fb8c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"35232fc24b2dc1c976d9c5dc6a13c8c8","sha1":"f5003ab920e63450703abae5e6e6be411c04de45","sha256":"e13f9e04322055a0384d1cb68558705c6514711cd65496f8d640537ee6c03247","sha512":"b7ff4fd1576beeef3fb95a7c0a493891e4dfea064b585ad697f4a092dfb54b5f086bf4cfb197d68574db1f634fd6209161408bf83d61a84ec6094d5b108c7fc1","ssdeep":"192:gvmo1b5upO8VQNrg22Q2aRrjnhImlrznwbcLl+IgGT:gvDXMNuqujhIMzkKII/T","tlshash":"de12afad3974c4133b3670a42867c776c8ddc7b08a555c4ab58c4712ba30330951ebeb","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.26105Z","times_seen":832,"resource_available":false,"data":null}},"time_used":2605,"timings":{"blocked":1928,"dns":1,"connect":0,"send":0,"wait":221,"receive":0,"ssl":454},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i202210fdd1e22495f9404b8debf0afdaa416b1.jpg HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284018\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Oct 2022 03:04:35 GMT\r\nETag: \"6344dd43-45572\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 674dd0dd6275868f9d8f1da8f5b39581\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":284018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1005, components 3","md5":"0b9750ad0104aa2243554d5b8007f99c","sha1":"a4fa7203acf5d89e0a8bcf976ed5d7eba62f30e4","sha256":"d234723f8ad984edd04a5dac23778f6832fdd954187461b8b09d46f542dd41e5","sha512":"6cfbf1045d4ca6a956f1bfdbbd39ab5fbbcc01a64612269dbc69b0d663f37ff8b289a657542ad0e00f54e8533e025306c5810ad6fff71782b65f4afeee65ca25","ssdeep":"6144:r+Ywcq6S74AwBaFtWcSnU0aOe+shTOMLO3jpT9a4:r+Ywcqp54aF8pU0cTOMLO3jR9a4","tlshash":"fc54223006e0e7531a7012f36f579fbb5e33a37d68a5da0c69ae168f4c4a35426f204e","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-27T14:49:05.099135Z","times_seen":793,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":180,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/popup?try_platform=4\u0026username=","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/popup?try_platform=4\u0026username= HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:18 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":608,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5acd13875d2165252a6d2447905b531","sha1":"67bb0f449f31898cdfa5b380c0cf33e35a1b818b","sha256":"79f8984a8f637817571895e05939405d428afc6c60f18496a5314366eca137bd","sha512":"376d16581efbe33fa70cb46bf67953d2fdcdb2ae77fdda195254cc6263f49d147445a9f2299f4f397d3caf7620f55d4f0bcbd40c52d06f2b8645e81529860e9d","ssdeep":"","tlshash":"f7f00c05553c98a5abcb5c0d00c3634694b831d8dcc84b9da3e6ed4c6a475a0438f361","first_seen":"2025-12-26T18:46:29.825171Z","last_seen":"2026-01-26T09:13:07.235912Z","times_seen":95,"resource_available":false,"data":null}},"time_used":2460,"timings":{"blocked":1038,"dns":367,"connect":205,"send":0,"wait":378,"receive":0,"ssl":469},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:18.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/6adbf1bd94ca22866f5f1cefb32e40c9.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 106930\r\nlast-modified: Mon, 26 May 2025 12:22:57 GMT\r\nx-amz-server-side-encryption: AES256\r\netag: \"7907a7882ded0237441091b52c3b50ea\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b8f0629d5b2c2ea6f64584efea909a50.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: 1Gemu6WWpiXPI76ec8ptKzcyCG0w2HCh6RoP2LgOWDk9IvUGNWgc8g==\r\nage: 62362\r\nvary: accept-encoding, Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"7907a7882ded0237441091b52c3b50ea","sha1":"209414f453c53fcf4e63f7ea0a97a550d8aeea67","sha256":"df2155b8cffbead53e3e14bcce48b057ed7675416c59fb30a119371e6c3e97e6","sha512":"2bfadbaecc029a20dddf059c4391b947beff06a641016ae6464b11abd7ca41b5d4789f3fcb77c3ec65ddd3538508e47704e682b1d2f1c18f90658dd6c279a546","ssdeep":"3072:kEfWMVC/yIjXMLpQQDhMaQEXn8vTiWzyToWR3YjkC7O:kSD8yWUHhnoTdyFmP7O","tlshash":"c3a31254bda0f6a3d67fe7e9ebc5075d6f9f424a8e59c22c60343528ad2f9c28036170","first_seen":"2025-07-18T11:22:50.671167Z","last_seen":"2026-03-19T10:33:28.684969Z","times_seen":471,"resource_available":false,"data":null}},"time_used":3080,"timings":{"blocked":1037,"dns":370,"connect":204,"send":0,"wait":602,"receive":403,"ssl":456},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/c21119500a71cd1dfad1041285222895.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:18.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/c21119500a71cd1dfad1041285222895.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 91132\r\nlast-modified: Mon, 26 May 2025 12:25:12 GMT\r\netag: \"44c360f70ad7205af7be4b9e72ad8206\"\r\nx-amz-server-side-encryption: AES256\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a4928835578b58615c7294534180db86.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: Xf6iIAEVnCrZL3umu3ULtluMpaps-8nBBw59s_RTrzxEhzE1nDbTvg==\r\nage: 59240\r\nvary: Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91132,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"44c360f70ad7205af7be4b9e72ad8206","sha1":"aef9ac8c9276f5fc208a1bfb2cdf1abf4e2556fa","sha256":"264b1eb2b87680606d9e9de6d96dc31b8825180e5588765252081d2772eb98b5","sha512":"b93e0d07717567f4121e6eb60f35009e85ede4231eabbd57bd5f7ac58e900b84f070732c432354a60caca3e1dd41e964599a39f0bce439dcb93eab74662849f1","ssdeep":"1536:1d8GPhwJdntG/Yn2TCkjtSbZuF9G8HwCl0VZQkEToysVq9py3AUCctpjHQSFP:f/2tCw2VtStmfQXTKyVq9py3AUCcttP","tlshash":"3b931245ec9f3c26622931115d6f6cd38ac991a7e4b7c837a4f3b2be3405586fe28d09","first_seen":"2025-07-18T11:22:50.67008Z","last_seen":"2026-03-19T10:33:28.657026Z","times_seen":470,"resource_available":false,"data":null}},"time_used":2915,"timings":{"blocked":1026,"dns":373,"connect":202,"send":0,"wait":273,"receive":585,"ssl":453},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_08p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_08p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 14696\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3968\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2c51ebd3d4a56d2e628d83b8053bd1f0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"ce8af7d88dfe5a8cc857666523c01fea","sha1":"370b5c460e31540ff1c8685fe2188adfc8fe3641","sha256":"7ba510715c55f7c648e19a82b9690f58ac0136c370be907bcce569c08bf03a74","sha512":"b9764ef8173289fa4b4214274745843e1cbcdfbbb7b1cbd5d1ee9e00beb3e0c0410b714bc466bf7f9bd3ba7515cb562460b1c175e03c25900418ea4bbfb68679","ssdeep":"384:XJXE05RJmFuDKsllhSHwRJ5GotcrxjYvFx:F35TmFuDKsRXurdI","tlshash":"1e62c0bb453095b578e6b81e0cf21a8b37b94fadf54e18665202f0ef60969c38e1852d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.132338Z","times_seen":820,"resource_available":false,"data":null}},"time_used":2364,"timings":{"blocked":2148,"dns":0,"connect":0,"send":0,"wait":214,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.validate.js?2017121201","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.validate.js?2017121201 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-ed9a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f29677b5c46b1394eee6cb9a77baa611\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":60826,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256)","md5":"052b64ec50b11bc14eb24a863d126ba8","sha1":"3a79b1fe2a8e6834cea694d77c57473ebfbc5758","sha256":"169b0287c989c2a6d883dff708c551a726c2a98fd79e66fe747d04228012ac7f","sha512":"70b2cd21b5ab5f5159266a10e6ba06a7c1c50ed3b02a596747f30dc88ba4cb37934b8666f075e5733ed021908bace3c47b8b50ee57aa41130ae0b9920e101099","ssdeep":"1536:4J/cr2I/VHuanmyRhVaNnJRHI9YLbBGvJfDk7E/al:Kumy4NJRHqLkISl","tlshash":"39533c4d3ae710168d2b30beae8ba149b6b5405b6109ed1c7cdd02905fe4db862f5ff8","first_seen":"2025-03-02T07:32:23.125259Z","last_seen":"2026-04-01T17:26:48.402298Z","times_seen":648,"resource_available":true,"data":null}},"time_used":1229,"timings":{"blocked":1011,"dns":0,"connect":0,"send":0,"wait":216,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/btn_close.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/btn_close.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 672\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-2a0\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 18f4dcc7d69bf7c8fe0537c3ee3f952c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit gray+alpha, non-interlaced","md5":"9bb39b9f25e57e73ad06a45b4bb34b6a","sha1":"104fefbe66cf791b1fc1b3a933a16e6606febcf4","sha256":"04082d0d7f70e5f41e4ca58d1712420801b243cdf5a21e7012ad4e70ab05f42e","sha512":"abfbf162af3b2dc40cea4c02d20f2af4e4d5ce586221af4a70b6ee5adefbb4856dbaf44208a3b48efc1149ddd15797fd3fdb650573a2aea78b9e85b20ed3eea3","ssdeep":"","tlshash":"d201d8f775fc213089b0639e9306919adfa703b2811210f8622875754075aaf1d79303","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-04-27T14:49:05.069639Z","times_seen":690,"resource_available":false,"data":null}},"time_used":1612,"timings":{"blocked":1394,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/index.css","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/index.css HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d34-13bc\"\r\nexpires: Thu, 08 Jan 2026 17:27:10 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5052,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"33009c301e789707d7c69505ff50d74c","sha1":"cfae09fd67a040052da9da88e0b6b7184c68a4fc","sha256":"bbef70cb02415d56036f01eed877aca7e946f6ce14f39ce52899b1c19f3360d7","sha512":"54d3eff35b7e2e5b03386955f05ce0bad1aa1d8586ae9f70efe9ba5660ba33a7c18b0840083e190af9bbca26d9ad7d032945a4e5c08439ba7b2f121ef268e2d3","ssdeep":"96:U5KsCmC+sCMCW/rnidi/kisClOC3vyb1CWg1KBscndYYC5xNESG0cCTgfeJ9SXEl:Jj1wDW/ridisisCltqbI9GscdYdxNDjH","tlshash":"d0a13259a7f60604681fc1943dd2a759a239c043a24fcc3df6d2204caeca1db72a7bd6","first_seen":"2025-08-09T14:13:17.039422Z","last_seen":"2026-04-27T14:49:05.0889Z","times_seen":499,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-119765380-3","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=UA-119765380-3 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 08 Jan 2026 05:27:15 GMT\r\nexpires: Thu, 08 Jan 2026 05:27:15 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Thu, 08 Jan 2026 03:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 112176\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":322955,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"9dcf0335ed30477122c0936de2dbd0eb","sha1":"2b9acec2f0e4d0f423b3c39189056b9a9b95c169","sha256":"41f0709567e18db982900875177721852e5c22a27e9800bef9073b03f3b2ec82","sha512":"9e11b41988c0725928e18661b4c0d6ae7860e43b999764bfe4fdebbf2586746a4e811225792945419a73c09bbae34580d17aef0d3e41b9cd6ce423114092e3ee","ssdeep":"3072:xqEsEtrIxV/J4AV0PbKsB67ZKrEv5wtfvvph3rNh8nbzlXJjO67gxMOTkkmhgYvr:4NV/4xEh2phZhYRXJjO67YMOTkLhgYvr","tlshash":"476419cd73da742683a3a474503f018bb17b69d2e84cc895f186d8d42e74aaa4237f7d","first_seen":"2026-01-08T05:28:13.504027Z","last_seen":"2026-01-08T05:28:13.504027Z","times_seen":1,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":1,"connect":20,"send":0,"wait":37,"receive":51,"ssl":189},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/captcha/bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/captcha/bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 3373\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-d2d\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 52aa1511ef513c78d8ad397656a48914\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3373,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 367 x 260, 8-bit colormap, non-interlaced","md5":"2d7a78ffd17b81f4d960f89c341377d1","sha1":"2ecab08e7808a385c9a712ce90beeef668c19156","sha256":"5e3bb47aa455eafd7493541cf6ce550ce84309152943f0295d79a9329879ac62","sha512":"1cdd6e6ef5f98a69379d1bbb70c6605ce05be2000426a78e5fe47a140616e118b1a6ae1b5dd0d2641f48dc0dc20216dd864ccaae690409717351122485312630","ssdeep":"","tlshash":"55612b23aaef0419f2459a3a9582d8adabbbf9138499720ec4bf986147b1d317984214","first_seen":"2023-10-30T15:44:34Z","last_seen":"2026-04-27T14:49:05.14549Z","times_seen":692,"resource_available":false,"data":null}},"time_used":1597,"timings":{"blocked":1381,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/kz/gp/v1/halls?_=1767850036799","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /kz/gp/v1/halls?_=1767850036799 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nX-Powered-By: Express\r\nETag: W/\"23aa-PfXEiqtoYcLLtp5L+364xg\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: e2fb3b7f504f31cb542a94565ae6b74e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":9130,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3df5c48aab6861c2cbb69e4bfb7eb8c6","sha1":"368975e99660237bc61cdba263db1cd12d373882","sha256":"84b54cd53ed7c6b11e6fe2374ce962f31406c29b053602721aba3a2cf6e96b7b","sha512":"6db285f286e46903a1bc018549ff706881e452bfad220094d05d9e493d3d121a060b13e509c91b7c6c5ea9852f3fef45e664cfcb3753b7cdca1fda53adba097a","ssdeep":"192:elqdqzqBDqTOqJJqxqJGqzq/qKqE3qzqcd0qIqwqVqSqAqCqbIuzqlqhq1EqeqZL:eO1N8gC9","tlshash":"9a1275d85f47fc58c95f5d112eab5ba927d8b942f8cd6ed8c2cc4c6000a46d2a30e73a","first_seen":"2025-12-25T22:16:23.962077Z","last_seen":"2026-01-19T13:31:43.450162Z","times_seen":79,"resource_available":false,"data":null}},"time_used":1410,"timings":{"blocked":478,"dns":1,"connect":1,"send":0,"wait":446,"receive":0,"ssl":481},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /css/base.css?20240823 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 31 Jul 2025 05:17:37 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"688afc71-2a29b\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: e6e5c464c8c8fefa3678146b724bf159\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":172699,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (539)","md5":"d8f8a95247ce1dc562e2dd3feecd42d6","sha1":"63d95114640a1e87a615bc1752a54b4d5cb436c8","sha256":"515515e5a85369edffe2903d038c2615153135e91e4d0cabaa85770d5f85568c","sha512":"86b40886f9a7ab2964dc3a7e1336bcb2735311977fc68d9a36892ebc443af3b4575902c65269c2d271c2cf1f9002a465427e8fab1306b0219bc2a901c9e5f95e","ssdeep":"1536:11H5u9h1KDKFfCoYD8B+5yZbosh3kRRHMOFCaIAVUT2sbGVyGeDzb2NcdYqaGN+3:YWDKFfCoYD8B+xDzV7sbGpeDzbi+SX","tlshash":"3cf3dc0ad0ef218b717bd8b530abb6e5e119814ae1124f7d726c73bce1fa65c8132e15","first_seen":"2025-07-31T17:03:23.85244Z","last_seen":"2026-01-19T13:31:43.420571Z","times_seen":448,"resource_available":false,"data":null}},"time_used":2071,"timings":{"blocked":791,"dns":368,"connect":1,"send":0,"wait":397,"receive":73,"ssl":439},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/member/reg.simple.js?20230220","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/member/reg.simple.js?20230220 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 31 May 2024 03:05:12 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"66593e68-2b0c\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ae03c2999709b75f5b257a38f237cf4f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":11020,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"acfbd8efc4aa932d56183ed41666c8bd","sha1":"dada1ef3f25155d81e7d4a9353ce89e7f83b3466","sha256":"736d2a82733a504f010af43ffbc5eae2e40b075b7ae8929065bc880357c1ab48","sha512":"e0f02eb2082790ba636afe476e4a51b095f0161df58ba7f9ca389191bfe5d373d725908996b4ee489b14cc48a77f05b47ce52409bc5d802f364d831eb2501aff","ssdeep":"192:eDY86gShDWhDxhD0hDJGx3DPdy7Uwm1AFtOtHoNNvqtnHzHensyaAS7xM8tY:eDY8gcfejatpsS9q","tlshash":"0a22502aedab42871d3b30695e3f00456956c0136b0cde24fe4ca5d09f85e29b5b6fd8","first_seen":"2025-03-02T07:32:23.111077Z","last_seen":"2026-03-30T14:28:44.913402Z","times_seen":642,"resource_available":true,"data":null}},"time_used":1226,"timings":{"blocked":1010,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3fbfa5ef8c7db57bd55c18c0a263313d\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.198889Z","times_seen":845,"resource_available":false,"data":null}},"time_used":1412,"timings":{"blocked":1189,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"game.gp5trb.com:2053/api/banner","fqdn":"game.gp5trb.com","domain":"gp5trb.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":2053,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"game.gp5trb.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 08 Nov 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FB:31:F3:6C:3E:E1:AB:AB:09:AF:26:D9:02:4C:82:AC:0B:37:03:15","sha256":"E4:06:69:75:8A:68:E3:AB:0C:E6:73:25:3E:79:FA:85:DA:22:7F:B3:2E:5F:C2:E7:F9:F0:DE:CD:94:FF:8B:8B"}}},"request":{"raw":"GET /api/banner HTTP/1.1\r\nHost: game.gp5trb.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:18 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14605,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b3bf2ff393222731c3cd64d277397f09","sha1":"e05d30c6f356fdda5840a428efcdca38c99e1ec3","sha256":"dfb743643d3c3894554c8d390ccbb031ac3940b95e7fda91d617e6a375caaed9","sha512":"25ab8d07fab4f47bf361cd30e30e44c033ee573e5782fdd74713136aed4f4f4d3bc7dd4cf25f4f41a62ed7300bbc82d0581f2f4a940edb911bd0ac2ef8e84c62","ssdeep":"192:IXNVB7UBSvBrBZO3Bn2BQOuB2esBLrmdBMuBY6OJ8:OzB6","tlshash":"ec625a4258a8ec774de07bdc0c0919a675cdb941fc8caa96e700feb812ae161d61f19f","first_seen":"2026-01-08T05:28:13.51013Z","last_seen":"2026-01-08T05:28:13.51013Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2543,"timings":{"blocked":1058,"dns":387,"connect":202,"send":0,"wait":423,"receive":0,"ssl":470},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.eaafacef.com:2053/entrance/api/config?status=1","fqdn":"api.eaafacef.com","domain":"eaafacef.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eaafacef.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 22:38:23 GMT","end":"Sun, 29 Mar 2026 23:37:00 GMT"},"fingerprint":{"sha1":"0C:1F:E1:0A:19:A1:3C:0D:66:32:5C:75:91:E5:F0:18:DA:89:4F:A7","sha256":"37:AD:B7:8F:36:E9:2F:C4:B1:95:35:27:43:02:20:D6:44:9F:2F:0F:07:64:1C:8D:D8:14:9B:B7:2A:57:9F:87"}}},"request":{"raw":"GET /entrance/api/config?status=1 HTTP/1.1\r\nHost: api.eaafacef.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 08 Jan 2026 05:27:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: no-cache, private\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 59\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, Content-Type, Cookie, Accept,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS\r\naccess-control-allow-credentials: false\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mgh5H6CnNeNTFw2soACrRSrFAnYpT9I83oSKS7ceR6aJvHGrZwQgisDMdfPPd03n5%2FBPZm3zoRGS8OCNlnsk1qhjDw1Kw7yqh4aYkjeM\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9ba948ecafdb0b31-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2145,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"48bba055690c8a93789fc9a7216637a1","sha1":"f75535663b93b150b09cd97b00699ada958fdf34","sha256":"0846be2432f4e7445ee478099b0847d558172a32f0477154f5877f03edcad5b6","sha512":"27a8b44141563301c7f5a378c76d571b76614263f0352ff7f809ad8cd5eff74081285bbeca5991ac7030b7b383633b09ac149faff3d15cfd8765110f31a7ebfa","ssdeep":"","tlshash":"9c41cf6613ec76f48b9b52d0881e37dad07d7b23c804eea73e1d6e1c81616b1284903f","first_seen":"2026-01-04T19:15:24.771052Z","last_seen":"2026-01-11T13:44:08.365439Z","times_seen":19,"resource_available":false,"data":null}},"time_used":788,"timings":{"blocked":33,"dns":20,"connect":1,"send":0,"wait":714,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mxx80.net/","fqdn":"mxx80.net","domain":"mxx80.net","tld":"net"},"ip":{"addr":"172.67.185.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-08T05:27:12.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mxx80.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 11:22:27 GMT","end":"Fri, 13 Feb 2026 12:21:08 GMT"},"fingerprint":{"sha1":"E9:19:8D:AD:83:A5:2F:13:E6:C6:C4:35:BB:A7:1B:46:19:C0:07:98","sha256":"4E:E9:6E:DD:70:79:4B:9A:B3:ED:50:FA:FA:35:9B:18:4D:13:0F:09:B8:0A:5D:F1:69:F1:0A:BB:10:C7:F7:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mxx80.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 08 Jan 2026 05:27:12 GMT\r\ncontent-length: 0\r\nlocation: https://cn.1mebetx.com/home/register?code=40516\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aCgMvTTUioGV6XYa9474%2BHZ%2BFG3W%2FJTKBZiIQQGnmdJw%2Foyi7iK4ZzMnzJjjrPsnoQKI6K9HVNNKvUVdPJDvekiX2Vp8xLY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9ba948cccf21b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102696,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":4,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"mxx80.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"mxx80.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/rsa.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/rsa.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-34ca\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 811b006c4752deeb335b4d3129dd9a1e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (5026)","md5":"2e28749b1ce6013a456d4498a447dff3","sha1":"89d8c436922a84f097e86090179d112c3d6e13c2","sha256":"1748bdff25c71702d781b076f961920ef32283e324153b256e963202431a35ba","sha512":"2a675090d740e1600eaca9da2229b34cf764181bf65df4d023bb0e95feea6a7b83f3651a8eb70473e76313cc1fcdd38cd71a72b41fd57fdc34668b7d3b10b62e","ssdeep":"384:B1eJdA6YDf7WA5lK4UYl38uHrKFaY8BpC:bdjfm82aNy","tlshash":"5752a6857ad9302d07a95071055f054b7e35f8be598c04bdb1a0e8e938f198d833ef78","first_seen":"2023-03-07T01:28:09Z","last_seen":"2026-04-27T14:49:05.230861Z","times_seen":1050,"resource_available":true,"data":null}},"time_used":1182,"timings":{"blocked":965,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/close.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/close.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 1148\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-47c\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 04da4353ff0313dc0637a47b7808818f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 21 x 40, 8-bit/color RGBA, non-interlaced","md5":"64ead6c5d9cbfe3e933c97c2cb20dacc","sha1":"b7b034fd70b27180d27daa9c8bacb50ce721f025","sha256":"55aa71e8f5f59bec62fc6361e10bcf106d21af39a087c4009931884fd03b5229","sha512":"869b8e2b2c8d8ee615c302cbff59fd745f0cb1f32afbca0c89a469b4d1ab61bbe01905b0a8ac07527aa4f763fd11dad2141a58706334062f37dc6267f55dda80","ssdeep":"","tlshash":"0221674dfb8068029445c5c75dfa8033ea234984daf0f861b487e4151ea12b549496eb","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-27T14:49:05.302699Z","times_seen":849,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/modal_reminder_logo.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/modal_reminder_logo.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 14074\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-36fa\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ad8911c9cd66365e2b9a369aafb37f24\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 569 x 555, 4-bit colormap, non-interlaced","md5":"3494fbc85e95ef708a1db6668fd2e401","sha1":"b9fbfc60416cd990012546e74b0fdb38bdbebe19","sha256":"3167f9728906a03ceaea850d57533fb5c253a38b94cfd55d245f714d7f18afac","sha512":"78791223a160d4012f76fad660815eb9fa01d4beb0bc98de01288e66b477a3c739a4b8ec0fcae6263fc66aee0eae43780d1abb663dc25b635bb9f702bb0eefff","ssdeep":"384:ZArYvJEV26jJlaWFjf8KvQdlbT3mc1qm+wTR:WcxaJlaOQRN14wV","tlshash":"0d52cf1c0cdd9c4dbd74129169409f8b5c70abfab9f051eb88caf218b6af9402554f23","first_seen":"2024-03-28T04:38:14Z","last_seen":"2026-04-27T14:49:05.369159Z","times_seen":677,"resource_available":false,"data":null}},"time_used":1626,"timings":{"blocked":1410,"dns":0,"connect":0,"send":0,"wait":215,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 3222\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-c96\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 908c589169d1def03146b555ac7d9e0e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"0f7cd96cb7cef4b9217f90e92920ab6e","sha1":"36cc27443ed415c168ef9e700224011fcc56dfc4","sha256":"cd8bbd1b5d1b7309612fe10c894f8c0a3a5ca889331da9a56414f373464501c5","sha512":"c62f01a4b4c4e59533179f7bd4b710964fdf1127a07ac56d7ce0e1908b8b351586dccb548e58ebb9424365894bb70acc33da4c41d3c2399ea78dd17c6c36b804","ssdeep":"","tlshash":"af614d6d6d9f238d11e99491f491b0ca0c31cbef74805d1564f7cc82ee91f5748398e5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.371528Z","times_seen":839,"resource_available":false,"data":null}},"time_used":1154,"timings":{"blocked":939,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file-new.a4hskh.com/activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png","fqdn":"file-new.a4hskh.com","domain":"a4hskh.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:18.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"file-new.a4hskh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"71:57:FF:2E:59:F1:FC:B0:75:58:A9:CD:70:F0:B3:0F:C5:25:29:C7","sha256":"D0:D4:6C:CF:CD:75:20:FF:29:86:02:CA:01:14:08:B1:EA:E9:43:53:16:3F:92:72:7F:E1:AC:54:E7:A7:F5:5F"}}},"request":{"raw":"GET /activity/2025/05/26/35b9d0913c44ce35920430bd8ddfc1eb.png HTTP/1.1\r\nHost: file-new.a4hskh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 91065\r\nlast-modified: Mon, 26 May 2025 12:19:14 GMT\r\nx-amz-server-side-encryption: AES256\r\netag: \"a6f34694a8892178a7e449b0043d1429\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1d7fb40804b60d5a9f4cfe1063c9fa1a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HKG54-P1\r\nx-amz-cf-id: Rl3sGJ9QA8Pg_riOgE-a7LQXgWQ0jva2H1AJPwXB2K_1aahEm5I0lQ==\r\nage: 71247\r\nvary: accept-encoding, Origin\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":91065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 272, 8-bit/color RGBA, non-interlaced","md5":"a6f34694a8892178a7e449b0043d1429","sha1":"33d658afacb80d35cdde497bb530f08e38e23132","sha256":"766f82c583cabf2b73af2e8d6dd0595ab3ce6bd55c4b9841edf555a1639d1263","sha512":"396caa64116ac49e99f11da3c95eaa7b926f4f9eb08ff5b9aec7ca6d43d704fae3a2a2e75178db4e4082381e2480d788d4b31007dc91a091312ed1279681f978","ssdeep":"1536:nRalahFemQUbzfAgaVLBbB1RZNhmSiVdOFf5Z1Uk6VcD1s7aP0HRb9Knism8zu2E:n+abbzCPPRZjYPOFf5Z1U1uO7c0LOiYa","tlshash":"e193024fea06c57f99655c8012609993a8d1b84f0ca3b793eb588e0907dc946fe37d37","first_seen":"2025-07-18T11:22:50.653674Z","last_seen":"2026-04-27T14:49:05.305836Z","times_seen":566,"resource_available":false,"data":null}},"time_used":3050,"timings":{"blocked":1037,"dns":371,"connect":204,"send":0,"wait":603,"receive":372,"ssl":459},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/download.png","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:18.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/download.png HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 456\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\netag: \"68354d34-1c8\"\r\nexpires: Sat, 07 Feb 2026 05:27:11 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit colormap, non-interlaced","md5":"1a89c1b0da2dd8e949b7cbfbf97b0207","sha1":"eb7047b074d6e8ab5453ccd9450d30ff781e9988","sha256":"941720c6f4b421e3b7a1312f8c713c13cd6aa7033a04089795c59b96c5d50a9c","sha512":"97ff9190823f66f21d090c88aacfc49526e42d24127bc465ac9ddf4ced53c2981c14627752f77d57d85d8971752101819b9332480a65ec0c2612e8688b8ad26c","ssdeep":"","tlshash":"12f0c091268c9c1cc3dc5cbba3b69756fd18555141035c40bc79c06c579502979f89bb","first_seen":"2023-05-10T13:44:32Z","last_seen":"2026-04-27T14:49:05.115469Z","times_seen":712,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":346,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/tg_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/tg_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 7233\r\nConnection: keep-alive\r\nLast-Modified: Tue, 13 Aug 2024 02:02:22 GMT\r\nETag: \"66babeae-1c41\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 918bac2ea210270be9409e147f62f3b6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":7233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6f828495b8948381356d8f958e0e3816","sha1":"8a776df06f7f07a71a8811311450b978399117e9","sha256":"fe6c74efa40b05488d4e4944a45f32d22a8b13e60637ce57bbc04b5b8323663b","sha512":"5a64ed664f2bf2d934d7c0a41a51a5b95ef998087f3badfef552d3a898648fef2b561d3a09ccd64188d55f598fa3c62d98f3d3052c28f7a17bc1d887acf9b398","ssdeep":"192:5OC/PcLhB496ikdrltIH7XTYtHSEskZNpjZf1GqsiR4KM:3k3BiGrltO7Utrp3GURxM","tlshash":"a4e1a0ebf811dcc2f508a74bc452d10286ad59074774f5ae7f9eb5c3ac2098547ef44a","first_seen":"2024-08-15T14:53:49Z","last_seen":"2026-04-27T14:49:05.187078Z","times_seen":630,"resource_available":false,"data":null}},"time_used":2131,"timings":{"blocked":1915,"dns":0,"connect":0,"send":0,"wait":215,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/modal_reminder_deco.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/modal_reminder_deco.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 1119\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-45f\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a4431511464a5a973df8b3572e1be35b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 12, 8-bit/color RGBA, non-interlaced","md5":"3f99b65d5f4c689ea127400c44026e81","sha1":"60f91d0531242fed70f77991419d8c0442ae4299","sha256":"581ca9e4c82ad7b55ba31fa2033aae45ec122c4be965c2c0eb465da2cbe13dee","sha512":"5cb9d5f09e1877bbf50b680e2e79bdeb17403380db0830e398f3582f2d30207b3925007d19f1416d6e0e9b1aed11b735337a0437ebdb35d70479f2d9f65d3fe2","ssdeep":"","tlshash":"4221038df6115c42925ef99238fa0562e9120c81c7e0e4677dcbc4c648316ba886d9c7","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-27T14:49:05.122827Z","times_seen":688,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=7489E7AA7D4F9196\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=665864037\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=43413\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.1mebetx.com%2Fhome%2Fregister%3Fcode%3D40516\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:18.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=7489E7AA7D4F9196\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=665864037\u0026si=86b8712c72cab4f521c0b5cd56dfa69f\u0026v=1.3.2\u0026lv=1\u0026sn=43413\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcn.1mebetx.com%2Fhome%2Fregister%3Fcode%3D40516\u0026tt=ManBetX(%E4%B8%87%E5%8D%9A%E4%BD%93%E8%82%B2)%E5%AE%98%E7%BD%91%7C%E8%8B%B1%E8%B6%85%E7%8B%BC%E9%98%9F%E5%92%8C%E6%B0%B4%E6%99%B6%E5%AE%AB%E5%85%A8%E7%90%83%E8%B5%9E%E5%8A%A9%E4%BC%99%E4%BC%B4 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Thu, 08 Jan 2026 05:27:19 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=F844F3966A91199C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-28T16:07:35.231211Z","times_seen":342302,"resource_available":true,"data":null}},"time_used":1033,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1033,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Nov 2024 05:04:35 GMT\r\nETag: \"673584e3-960\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 61fd33ac2aa472024ebca616e674c6b2\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":2400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced","md5":"da69e30e16cfe1ddbf85e3aa3642b21a","sha1":"8530f19327891df0e585355279ce85507e3ffda4","sha256":"c74d62e601ba04d4d92df4ef116934762c23316bca9f65dbd2c2b4b6e73fd431","sha512":"3bf68ecba7a87746a369e9e3d69422cdca616c6952716c27ae50528aaed987ce69a1a8d81b2d327be14914cd7f567dd0c2bef5075eff527cac9e9fd7cd091bfd","ssdeep":"","tlshash":"17411a95bbdb6a13120982a620fe6002ad210800d9f2bd6538db4c733ce07f21964fed","first_seen":"2024-12-13T19:22:27.987299Z","last_seen":"2026-04-27T14:49:05.415961Z","times_seen":598,"resource_available":false,"data":null}},"time_used":1414,"timings":{"blocked":1198,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 6153\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-1809\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 91333bb3c9778cb724b53132f0a24361\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6153,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"89203da3a7f6cd69c626446854368222","sha1":"0a861d62cd091a150ce253ecedf0dff49c80b3f0","sha256":"ae58de0a439617b67724ced1eee3bc04d8103d1a8f34a9ac362d1a842e06d2e7","sha512":"37b0293f4c467a53f8b4527c40345e89d407811a4e7894263663847ecc5406c8d101c2dd9711f4fd099ec325b9013d1337154600b0f87b8fc3e5252a771993c5","ssdeep":"96:tnCr4K+CdLuWy5kOy2k17lRtUsvqI8ydwBlz2gcwNkABBbbk/eH+Tm4Mi0UPftR7:tnCr40dKOOytRhFNaNTDbsxCdixHtUQ","tlshash":"5dc1aef06ab50164f022342747b70504a4167fd89974bc9063bf9f8defe6743e868ad1","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.202525Z","times_seen":843,"resource_available":false,"data":null}},"time_used":1149,"timings":{"blocked":934,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.min.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.min.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-176bb\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3c2bb1957916743c7d097c4f8413bfc7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95931,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"5790ead7ad3ba27397aedfa3d263b867","sha1":"8130544c215fe5d1ec081d83461bf4a711e74882","sha256":"2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0","sha512":"781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB","tlshash":"7793d8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-28T16:00:59.354135Z","times_seen":17483,"resource_available":true,"data":null}},"time_used":1889,"timings":{"blocked":821,"dns":361,"connect":5,"send":0,"wait":216,"receive":6,"ssl":471},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/service/verifycode","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /service/verifycode HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=2DFCC17C45915D4D0E0F1724AD35850A; Path=/; Secure; HttpOnly\n_vcid=2DFCC17C45915D4D0E0F1724AD35850A; Domain=.1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 4d9dea5863df673afb1945df562f2af7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1375,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"89e8ae944230ca6ce51d39b206c54b14","sha1":"3c4fa6ece6c4eafa4f1f5aab59ca7436ffd8bad1","sha256":"1c8b7c99e60c57103c41fa42ea974b357931b4786298eb82f9d99d08f11f17fd","sha512":"af65c11e491524cda8eb44a85632b0dca07221dea3bb4e93c82a1ec9847467bc27563931a5f744ba995cc2b32a7ecbd850c984c2fd039be9c941cba0b060481c","ssdeep":"","tlshash":"1621a5252b1a98409f1383f85c4636f661cf84c27ec4ab326e605bb7c030dba458c9ea","first_seen":"2026-01-08T05:28:13.530058Z","last_seen":"2026-01-08T05:28:13.530058Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2659,"timings":{"blocked":1917,"dns":0,"connect":5,"send":0,"wait":290,"receive":1,"ssl":444},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/kz.js?20250807","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/kz.js?20250807 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 09 Dec 2025 02:53:07 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69378f13-10cb3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 0d9daefe84d60a49494674a7ca94fcf0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":68787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6882ef21046c02724770578afb0e9389","sha1":"5a3e91dbc206c7a6abf2196adc0cd68d6e5f7dd5","sha256":"f3967945aa4c64b4cb943ff02fd4ff56354cac19f0e8ba9cb8a95017707265c9","sha512":"4aa7833f286b2d53677335d60783d6edd2038d0e9fbbc75d0568debe17bf0cee5cd56c7beb3c608a2c135881edefca03d1cf0edef0c2d491e65c9ac6126697a8","ssdeep":"384:JsOCzLl8jM9Cxvqd2ACJOOX6QMvmN2iB9eOyjX993YH:q84sTwDEH","tlshash":"f963732ae9fb52551c3b70391f7f4001e729c407b50cee197e2caac05f44669a6b6fe8","first_seen":"2025-08-24T13:27:11.237239Z","last_seen":"2026-03-29T16:47:31.772793Z","times_seen":494,"resource_available":true,"data":null}},"time_used":1225,"timings":{"blocked":1006,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/getGeo","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"POST /home/getGeo HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://cn.1mebetx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: application/json;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: a89365fd058df0022cceb2aad1037677\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"675ca17e5b94ef20fd620c6792e6bbca","sha1":"7986d1ad507a7e06f21eebc12271d103c3135c53","sha256":"2b69251e2e6dd2e6475932ef63301c416e89db4b6821de01ce67a10b58206889","sha512":"303081d0e5a51eb633249e5b65d79c671aabe7dc8462cab5f6f5c57f9330dec42366509fdf3fb605a735c36d23d32865820fceb1f6eef510b36fe04945b30fb0","ssdeep":"","tlshash":"74c04c6e15d04538e9f683cead0bbf271aea4910a256055da9c8a784bb111ec9281117","first_seen":"2025-08-24T13:27:11.203711Z","last_seen":"2026-04-27T14:49:05.442586Z","times_seen":549,"resource_available":false,"data":null}},"time_used":801,"timings":{"blocked":287,"dns":0,"connect":0,"send":0,"wait":514,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-j.wb27jlt6u066.com:9587/fimg/202505/1a9924b67880434fb3771e34217f417e.png","fqdn":"static-content-j.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-j.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:63:CC:0F:0F:5F:80:F6:C9:7C:9F:46:F2:18:BB:F0:81:76:AB:57","sha256":"6F:3D:C2:F9:AF:3C:86:73:A1:D2:80:61:D4:B6:17:22:DA:26:77:B7:DD:45:E4:48:70:54:B5:A0:02:F4:69:D8"}}},"request":{"raw":"GET /fimg/202505/1a9924b67880434fb3771e34217f417e.png HTTP/1.1\r\nHost: static-content-j.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 6259\r\nConnection: keep-alive\r\nLast-Modified: Sun, 11 May 2025 06:29:47 GMT\r\nETag: \"682043db-1873\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: eff9fc626c0d0923ad0f9fdab9d2076a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":6259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 292 x 80, 8-bit colormap, non-interlaced","md5":"8c4532aea4471647fef42bbfb068a07b","sha1":"817cd77579876f295d130b198b0619210681035c","sha256":"62278a2db166030d1157dd13ad3e3cd3564df80fa8acf4b8f0396de467ca330e","sha512":"23dec8e31d8dbf92568525198d09b0fe91e6aef5aee59a4b4d55e655aeff0f0f28a404490524f0907eb19522033af6754bfbf5c7f810a2013fc92b101e17d1c7","ssdeep":"192:ddxAOgq6/irKvADndSJhpg2o6GOHFLWH5i9cY:d3gvieIR2o6bFLAkOY","tlshash":"b7d1ae6ea1fdb53e5628e1d5e40dd714444b3ec4922c1ca7c7f129d46b7087be583a8c","first_seen":"2025-08-07T15:42:17.356378Z","last_seen":"2026-04-27T14:49:05.323296Z","times_seen":571,"resource_available":false,"data":null}},"time_used":2646,"timings":{"blocked":1934,"dns":1,"connect":5,"send":0,"wait":221,"receive":0,"ssl":479},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/nav/promo_sponsor.png?1","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/nav/promo_sponsor.png?1 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 45701\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-b285\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2a3e89fe749cc4e5bffd144c98023a6b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":45701,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 183 x 110, 8-bit/color RGBA, non-interlaced","md5":"4392b15e336dc870834d64c829f8c150","sha1":"af6de84ddea52908d6434951bd12c2bfbaff3b7e","sha256":"ff63b8ecd5b681b2e0a3d2cff1a1d327145839ae919ac0f7d025857d61656992","sha512":"1333809c4c3e8fc3270763dc4fbecb8f5f808ca657a9518428535a48639468581e05740782ee9af1e0b6db0ac359bf9e89a967cf941d919a94ad9be95a2dc071","ssdeep":"768:9PTkysWeomEy3WouE7U2vCRilIf/QODRMbZA0M3e3TZWeYEG6A6NAHL:9PTfPymLyARJhVAA0MO3TZXYBHL","tlshash":"ed23f12eaf46e09b6913de65cdf10081c417d6c7d49c2c35fc9e8c39a6355b4d8aab0e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.063403Z","times_seen":807,"resource_available":false,"data":null}},"time_used":4028,"timings":{"blocked":3802,"dns":0,"connect":0,"send":0,"wait":218,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/jquery/jquery.carousel.js","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/jquery/jquery.carousel.js HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd8-5e3a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b54615f5e922114e1c1530ddab78078c\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":24122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1552106a3e80457c7c75722b7372d303","sha1":"32ba62ff7b3590d3325d159141aa50a1db5802aa","sha256":"52947c9e6ac3e2f45c2b2a19802a91eeb75dc70902bf4bd87419a6386300848c","sha512":"e6b3f5bcdb5cea57241c6ca4f3c235a8ec04fe3d4baf75e2e33d67fa1ae4e094c08072772e3bc6a87dafb81e94a6ab81f38c670394f4f2a533ca5090e5879630","ssdeep":"384:MnvnA+MrUQ5x1jcvHGmUYnkrVdINO4XmfFmKK2vif3UE:Mn4+MrUk1j0UwNO4XmfF7K2vAv","tlshash":"50b2941b31a32172597b72298b9f5109333190979208ee507cbf8b147f9527897f2fea","first_seen":"2023-03-07T13:00:36Z","last_seen":"2026-04-27T14:49:05.353924Z","times_seen":726,"resource_available":true,"data":null}},"time_used":1006,"timings":{"blocked":-1,"dns":349,"connect":5,"send":0,"wait":215,"receive":0,"ssl":433},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/kz/verifycode","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /kz/verifycode HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/jpeg;charset=UTF-8\r\nContent-Length: 1397\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=7F654E93150EB455D993CA69CDA8B66E; Path=/; HttpOnly\nVERIFYCODEID=7F654E93150EB455D993CA69CDA8B66E; Domain=1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 92d1ed7faabefa0a8658d11ad4344a22\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":1397,"size_decoded":0,"mime_type":"image/jpeg; charset=UTF-8","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"08a17ef0018766feebef2d4dbddf966d","sha1":"3222005ecd5a60460bd71ea11376d032ae82fb6a","sha256":"915e9534d566af4f77b3b94fadcf8e0229340a31a66e03e3bfc0b494b12a0830","sha512":"56ce45ef4de37c8e648fbaa77894bfe5159d4f1685ed4a17f00a627a039f0e7fd6921f82066f297f7d9b7cf6e7cce906d7cbbb90e25004ce3416f91bb14d4514","ssdeep":"","tlshash":"1a21d5172b569931cf0a04fd917c2a9bb0c29d907aaceab0691096e2c260df0c86c706","first_seen":"2026-01-08T05:28:13.533293Z","last_seen":"2026-01-08T05:28:13.533293Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2674,"timings":{"blocked":1917,"dns":0,"connect":5,"send":0,"wait":267,"receive":0,"ssl":482},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/service/verifycode?x=0.45714567237456816","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /service/verifycode?x=0.45714567237456816 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: JSESSIONID=0463593108EFFD8CE80F50B01D7A083A; Path=/; Secure; HttpOnly\n_vcid=0463593108EFFD8CE80F50B01D7A083A; Domain=.1mebetx.com; Path=/; HttpOnly\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: f620f5a1dd79f4480c86e7ec8c6ee0e8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":1205,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x28, components 3","md5":"4563bbc1a4efbcef8a4f1090f23a7299","sha1":"9d1f9970495f543763c870d538b7b5bf029d0520","sha256":"0198c5dd152e2f6529bb33b9117729f20aa1c35208b5a883f706c821b9b1d201","sha512":"17b57b73378653db695b5d07a4dd912863daaa0f7229e2a406ce63d9539e86af1300806973cee4df7ded828d9beeac75ded3e3cc16d7397c0a9ebd9652d61e98","ssdeep":"","tlshash":"6321c64d8f2baa80ef52e1f630e22177e38b88467d853ab53710f0b4c840df29009649","first_seen":"2026-01-08T05:28:13.534286Z","last_seen":"2026-01-08T05:28:13.534286Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1100,"timings":{"blocked":800,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_keno.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_keno.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 21322\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-534a\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2caf2b32c757e03595ad46a354012a2a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"f3d3231964cd6c0b98aceaa07e9626b6","sha1":"2fdcca8cdf610057e37e86e9c679f87d959a1821","sha256":"3075e79d3c7ef852ed0a95aa56324509b499446a6d8a454fed94f1fdd102fd90","sha512":"78837a1effb6ae7ef05256cac78af4982ceb76f36f77362f29caf29fff7f2ae6ec01d11c89ec4c87c7ffb2a9ec9ad7a6d2ccab97b5b0145c649672baf097858c","ssdeep":"384:yW63kJiUaadwYIM4oZt3zpqdyaNJQMqr3t5LwR2hD83hZTf2xL:96UJNlwSVtqdyPtZwW83HqxL","tlshash":"20a2e1c5ded60df36e6a639225e06525854ccbc29ebdd24a00e2b3d83a903c773dd3a5","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.280195Z","times_seen":820,"resource_available":false,"data":null}},"time_used":2605,"timings":{"blocked":1929,"dns":1,"connect":1,"send":0,"wait":215,"receive":4,"ssl":453},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icons_login.png?2","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icons_login.png?2 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 4053\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-fd5\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 780cf3b2d55ab95e2ccf8621105b42af\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":4053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 330, 8-bit/color RGBA, non-interlaced","md5":"405c7bc8638bddb314e549e4eebec2e3","sha1":"75f6a3b0b6ffdeed31bff28f8ae1f1a3e481260c","sha256":"cd98cf8ee2f82e9903fb28490a4fc9f318fb60f0f8f0c1f080cee3dce0d6c9b9","sha512":"3a1991dfba0851c6d1d212102ab1fa3585b5970358f75488770ffaaa0467e4cbb755e07dc9db44e102da13fd7510e6b14506e2a2e4188c6461ba652e9fcaa69e","ssdeep":"","tlshash":"3d814c4bbcd228093058e4c372f9822bd946c2d5d6b0557396ce88bb15a8879490c2ce","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.198889Z","times_seen":845,"resource_available":false,"data":null}},"time_used":1607,"timings":{"blocked":1392,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/register/form_bg.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/register/form_bg.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 20040\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-4e48\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 3e54c52966b1f4c3b32b1809089d0101\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 800, 8-bit/color RGBA, non-interlaced","md5":"86baccc2262d17c30a1554f6b346b1c8","sha1":"696ce785c5c17611fecb6dd78d9662c141deffd4","sha256":"dfe93dfcc0d88efa36f759f6b0e758a0b37bd91aa65bfa7936763eda17ea6f9f","sha512":"858d5d94817390043018ef671701f57776bbf7f566ded8fe30966a65fcadb9feade8d3c1677f677b9c69b59eaa4d5e818af5e39ec08cccc9281c1dc4517a18d0","ssdeep":"384:ApJHP0rldn8i5UqqXdb3WGGNBIUbj43bXDrzctPOmWRh:Ap90rlddaqqXdM/IUHIr4VOmWRh","tlshash":"53928e946c68e9c1c97a840e246b1f7555a0f1c8edf2f3f06b93e0595c0b868ae90ded","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.239389Z","times_seen":837,"resource_available":false,"data":null}},"time_used":1372,"timings":{"blocked":1155,"dns":0,"connect":0,"send":0,"wait":215,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/icon_eye.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/icon_eye.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 388\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-184\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: b79f9a948f3b77513cf58f2aed8ddf82\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"25caaed99359f8457952ec929497c610","sha1":"d79b842381cc35b013b72e8eee86aaff32cc68b1","sha256":"ae84f234ff196c67c9d72336ace3a039460ef08dbd54bf288de428d8dfd4365e","sha512":"626735e0ad18bf56854307da6e5a63b269f014ff6b915ca132c17f951e882beef470b275b664693b25a6be6853ae0c0677e6696f3d4678b3eaa4a612dff2de5c","ssdeep":"","tlshash":"6fe0c0d31b1dbd30cf5801373e9157143962b2846283b108b7845102d8c63593cf7fa8","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.243574Z","times_seen":838,"resource_available":false,"data":null}},"time_used":1369,"timings":{"blocked":1155,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/js/game/Game.js?20220202","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /js/game/Game.js?20220202 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 Aug 2025 05:10:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"689d6fb8-f55f\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: bf18156748409e730a7d14adeb93deb7\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":62815,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"31b26fa8e3e5d0f8b9100e4d8993570b","sha1":"4901272b99be40960a7016bd4a60fb686ceba5d7","sha256":"fa72c387b16598179ba3e7406e6d29e5f464cf7876cdf39d43a1cfadc91211df","sha512":"1332c670e7103b8d25e706e773ac1aef68e69176c945d8450385e8876b5a718c113c2066e47719d9943df9a108fc2c27d46c535bb09b27930c22e414b3375364","ssdeep":"384:AURoUkVbztM3nigTG7SG4lznSVs5Lq/vtQEttGsOSVD:AURoUcztwJou50QEttGsO2","tlshash":"0753254caea318e35a3654348b7f31956d5166032508dd1c3e0cd3a3df9a0be66b1efa","first_seen":"2025-08-14T09:17:18.772148Z","last_seen":"2026-04-06T22:25:54.033063Z","times_seen":544,"resource_available":true,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":338,"connect":5,"send":0,"wait":218,"receive":1,"ssl":435},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/main.css?20250825 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 26 Aug 2025 02:00:57 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68ad1559-f1c3\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: d1c277afe2c62afd24c993304cc26f4f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61891,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (449), with LF, NEL line terminators","md5":"259c7131b5fa30ff2e0a12dff9a9a9f7","sha1":"bc05dc69f5e3b192af117c55f78c85dfd41d9574","sha256":"cafa631da4221208d39f2c79862a6dec1867437b9c55d304f33a793f332122a4","sha512":"687b61607fe2d4cdd8ab3652f766443a9923d57c1478aa5bc5e85a9446f7ab96b8fb1cdcc088ff74ec91a0f4c5f326189a6beef48278d1f49be9385fb23c45e9","ssdeep":"1536:ZoNrfbP93Ytk3pZcG1cF3NE9GG0gYAajgHwEUVtrydv4ffiSFqyPouR7f++J14SB:ZcP93Ytk3pZcG1cF3NE9GGMEUVtryCrX","tlshash":"5b53a821eab9220ab03bd562b4e15faa22398017d1171fbc657d367de6cf0d81177fa0","first_seen":"2025-11-04T22:00:59.684045Z","last_seen":"2026-01-08T05:28:13.556548Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3482,"timings":{"blocked":1517,"dns":618,"connect":1,"send":0,"wait":390,"receive":36,"ssl":917},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_event.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_event.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 33820\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-841c\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 4bb56aaf1db408f63f6b386ad240e6fd\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":33820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 231 x 184, 8-bit/color RGBA, non-interlaced","md5":"4590b5333179fefe5ea8e8f1a3638da3","sha1":"a0a932f3ca433bc1ea5f788e09eddfa617a4c69e","sha256":"0b3af6b7e8676050661aedd1b94b28045c7a9c905424cbde85f95f7faaf1ea43","sha512":"7ad8e92d6797b8c8c094e8651b566ea510b0bbaf998f9456d1fa1216e33b9bd8afc3840c6a3203fddb0f98e583070113a2329b34ff371dfbbc988a30ee41c425","ssdeep":"384:vdYFfWN0DI5+xe/+sRdXI/nTNAHfs2QZ4ldgeP94lYVIPR22M/96yNtHD9eDk0d4:y0gF/TNF2JSeFLIPR22M/9b/elbPs","tlshash":"7de2f1d07fa4e82156b397c770463aee708dc0ba5b43f5c6131a316b9b24b3c684799e","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.139206Z","times_seen":831,"resource_available":false,"data":null}},"time_used":2147,"timings":{"blocked":1926,"dns":0,"connect":0,"send":0,"wait":217,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/home/luban_icon.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/home/luban_icon.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 27141\r\nConnection: keep-alive\r\nLast-Modified: Tue, 26 Aug 2025 02:01:04 GMT\r\nETag: \"68ad1560-6a05\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f929238c593c45803ab266d17c09c2f1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":27141,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 123 x 283, 8-bit/color RGBA, non-interlaced","md5":"7496171e549953127295b170e658bb3e","sha1":"d0fd1a644338a3c6eae07b1a726203360bd34285","sha256":"a7ace7e87d773fff86238e57ad2c30a514ed31c7a90baa736135c57483cb7389","sha512":"5be0c262fa1af9bad269c7b61d3c123d6b594cfd5a6f74679e54eeea7c8c4289731a9bb92e5509f1922321dfc63417bdb7cab042ec4f53439aae3b9541deb5a1","ssdeep":"384:xREdTUsNSchzyAohwxegbULB+KvvNFdUizKhuNUi/QXMaUV/EC9dGgkj:xKxmjgoNvvbdxuhuRMMai4","tlshash":"20c2f13de93d11212055fe80ed9eb596b2bf2e120d93c5e8114cd4cd220ef73a55ae97","first_seen":"2024-12-10T08:27:59.944336Z","last_seen":"2026-03-01T19:24:36.816574Z","times_seen":452,"resource_available":false,"data":null}},"time_used":2628,"timings":{"blocked":1915,"dns":1,"connect":5,"send":0,"wait":224,"receive":1,"ssl":475},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/js/jquery-ui.js","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-7f20a\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 83135fe713c4a837c9cda7e825afd774\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":520714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1002)","md5":"ab5284de5e3d221e53647fd348e5644b","sha1":"75c20acdc6cbc6334fe2b918ab7afeec007f969e","sha256":"4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d","sha512":"2462acc237c0063263b52527cfecbc5d4063065c0cd541cd966d9924dec0d9af475184f732c92af9269cb08df993896893eff37ad4b18598ca4b7af7b5f02742","ssdeep":"12288:1vemHFgymzYDdHCcmM2/W/CCeS/QRzbrVDDdRO2:vDdHCcmM2/W/CCeSIVDDdRO2","tlshash":"f3b4a6c9f39c266a867a32595c2e42cdb23c8075d600587fbc5d59dc29a883c43bbf79","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-28T15:28:18.098448Z","times_seen":14459,"resource_available":true,"data":null}},"time_used":1722,"timings":{"blocked":-1,"dns":596,"connect":3,"send":0,"wait":215,"receive":25,"ssl":883},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_live_channel.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_live_channel.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: gocache\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":1451,"timings":{"blocked":1201,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?86b8712c72cab4f521c0b5cd56dfa69f","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?86b8712c72cab4f521c0b5cd56dfa69f HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11299\r\nContent-Type: application/javascript\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nEtag: b9155b8b4abe280a91787edccb105ccb\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=7489E7AA7D4F9196; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"0c9a5311ca803f4ad6c8f6f363e43033","sha1":"8b96508dbe3e154b35d4878052e1b694b0327bdc","sha256":"f95123c8b72f74901d34a182a4b7ff0d1e2b94170d274954f1ccdbf6c148033c","sha512":"d224720aeb7baac3c800e2ef89834b9c57f2ef637cdba8670864b3f6ec8acf0b8d538dabf3f0d85bb978bb2178de2c26a7c8357709996ab926738ffb985d9c91","ssdeep":"384:d4JSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:d44VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"89d2d9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-01-08T05:28:13.567956Z","last_seen":"2026-01-08T05:28:13.567956Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1975,"timings":{"blocked":817,"dns":1,"connect":272,"send":0,"wait":332,"receive":1,"ssl":550},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.vrfpshbc.com:2053/global-activity-entry/css/style.css","fqdn":"www.vrfpshbc.com","domain":"vrfpshbc.com","tld":"com"},"ip":{"addr":"104.21.68.47","port":2053,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrfpshbc.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 18:43:15 GMT","end":"Thu, 05 Mar 2026 19:40:25 GMT"},"fingerprint":{"sha1":"5B:66:65:98:81:FC:02:12:BE:8A:3E:A2:CB:B6:CB:92:E0:EE:1E:8F","sha256":"92:B0:5D:3B:74:26:24:9C:EB:E0:D4:B8:0C:B5:59:29:8E:E9:4E:87:C7:F8:CA:6B:F2:E6:75:FB:37:AC:C2:C9"}}},"request":{"raw":"GET /global-activity-entry/css/style.css HTTP/1.1\r\nHost: www.vrfpshbc.com:2053\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 08 Jan 2026 05:27:17 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Jun 2021 18:06:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60ca3dbf-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xjOZzkTZ3fBze4uOg5fpYyo7Au4nFQm8MntU9qh%2F%2FuwFgxsWiIOpolKw2JORHpqSv6H7uWbaBnKqowVPT%2BaZCBc4Q5H4LjJHAIDyUPJV\"}]}\r\ncf-ray: 9ba948ece86bb521-OSL\r\nalt-svc: h3=\":2053\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"0c6d034e188bab046fdc5e2bf379985a","sha1":"2d488cf25911a2fc18a528d7cc379ccf0cfe81b9","sha256":"4d22d7a96ba44fa03ada1e71245b3ee64e1e91a1bbe9287957429ab8a1ab0f5d","sha512":"cb7466d46ac336aa2c569e1c8ff81e4576d7b4882259a8e7b278e89158345eaed5e71567878a6e78a3ec54fdf339e86857695fadd6c84194c0a54de40240dcb4","ssdeep":"48:FLYxjPtWs2MYEuZh/Vzlj2TTc4JnAWXorJfNlfUstDTj54JI74koECOH8WzurfYh:FLC2f1YYDO+h0HfYNsu+zjfrQ","tlshash":"9991cc7d4b0722044637d6587bd54b668638d063bb0729de7bd506ce0b91fdc02b1aab","first_seen":"2023-05-05T17:24:19Z","last_seen":"2026-04-27T14:49:05.091955Z","times_seen":604,"resource_available":false,"data":null}},"time_used":889,"timings":{"blocked":74,"dns":57,"connect":1,"send":0,"wait":733,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/style/css.css?20250825","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /style/css.css?20250825 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 27 Aug 2025 02:25:14 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68ae6c8a-1f81d\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: c2e9ca5413366ea03ac1583201f303d0\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":129053,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (525)","md5":"6d309b5decfdd6c11a3e166778e74ac9","sha1":"fcfe8f12146ca6bd710879db511b1da04d466b93","sha256":"d6a7d65adb81f14e7da94b69d28fb6b0b6635325589b500067e71d1b5dabad92","sha512":"66b3bedd9f1482c7bdf757e45d1be0aac78f078b8334a62fa47900658130395820d528209d6c8a24f3c6b8b03ff83830bf7eb1c3c048b73619f5734268939b0d","ssdeep":"3072:qNlIZVV0wv2kohJeqCfVkY2t1cicY270HaLMZ9R1oF:qNlsP0wPohJeqCfVkY2t1cicY270HaLP","tlshash":"cbc3f8239252204bb137c6557a9da7b86369c003d6436ffe72eebadad16e19403337d0","first_seen":"2025-08-27T08:27:48.75255Z","last_seen":"2026-01-19T13:31:43.42604Z","times_seen":393,"resource_available":false,"data":null}},"time_used":2772,"timings":{"blocked":1265,"dns":617,"connect":3,"send":0,"wait":217,"receive":3,"ssl":662},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/fimg/i202506274933fa50064c8d94db51e297e3b319.png","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /fimg/i202506274933fa50064c8d94db51e297e3b319.png HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/home/register?code=40516\r\nCookie: PHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; _code_cookie=40516-\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 591\r\nConnection: keep-alive\r\nLast-Modified: Sun, 15 Jun 2025 05:27:25 GMT\r\nETag: \"684e59bd-24f\"\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 7a5f3861550013c41b2f2c6ec2c3a668\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 1-bit colormap, non-interlaced","md5":"d390244b30c22d100a24ac05d9e4e979","sha1":"978cd2d10293408b8ad2b62d647ba17ce7f1b07f","sha256":"38d18e132913c6fc5636d430c1226ecdbc29ad80b55faa4a7aad46cd084c44ea","sha512":"27e7300242911590b438a1f533420319984bf694f46a03cf96a5af250d4f74b46e78180a18f7adeda216e95e11b305f65317e604c2aa7fa7a1619a2379e4ef67","ssdeep":"","tlshash":"96f062d55151be10901011012d46e893807030eeebf30b1d450b413270b824ee7296e2","first_seen":"2025-08-07T15:42:17.327108Z","last_seen":"2026-04-27T14:49:05.317406Z","times_seen":576,"resource_available":false,"data":null}},"time_used":2196,"timings":{"blocked":1926,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/error.js?2025092501","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/error.js?2025092501 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 01 Oct 2025 02:03:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"68dc8c09-28a5\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: ce8870a1a443babe98d1e9e0d206873a\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":10405,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"f61145ebd6cd0164a855517ddd32d102","sha1":"d9f3f365c0aec1f9a4bf5cf85d4c8b1c44770125","sha256":"b433018b4e4006c56084fd4cbf35d3d1e2ea33aafccfd6109db3d0b696c2c2b2","sha512":"e0e7101c13848ec60f775f9ab092b5a52de41a67f3792a18c186cc42cd140c7bfcb405c607783e5b3240aab3f57dd88c50f744410b94cc99beef8b1a1f61ade0","ssdeep":"192:MTu94QOQzfKG3jChyTRmbxDeDWiYXYyC3SfZVYvxwYXPFj6vJRQ+lcQrdQr:MTu94wzj3jChQgF+eXUeu","tlshash":"292285b608f58b8a100df980c10b41293448744b8e1cba6a7bdfa5465fcd65f4bff99d","first_seen":"2025-10-02T21:45:10.771862Z","last_seen":"2026-04-27T14:49:05.399697Z","times_seen":467,"resource_available":true,"data":null}},"time_used":1183,"timings":{"blocked":968,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_supports_hover.png?9","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_supports_hover.png?9 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 7362\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1cc2\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: dd5fc7a39a6c6bed022c181d174bc3d6\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 174, 8-bit/color RGBA, non-interlaced","md5":"450da5e1024050be47083963bfeef8a1","sha1":"498dc30e72d3f82ddc7d12b8a8cfdb2fa1aa4323","sha256":"b8eb162ba4dd5f1752300b9625aa98f924eb55d937826b2a227f86ffb51f05cc","sha512":"af4c3f1367a37f623dbe211a17f3d55c9211e388d879d22a286b23ea5ab353adbedb3375199b7a50a8a1e391b9027f22d0102baa7c719533570c3b86a8f04bd2","ssdeep":"96:GY2gCFi+8zRv9iku2V0zRWTFatQL8R2zRPJWs1Y4v/iP0TnRiNXoHAY334hrK31Z:GQVsklKrt0wKE4ugnANYgY3blMu4xG","tlshash":"c8e1ae64bdf180d5d29dbc8d7fd6d063e82b8fd78180722658aec40a55a40b1e8a0a6f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.083591Z","times_seen":844,"resource_available":false,"data":null}},"time_used":1158,"timings":{"blocked":934,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/footer_football.png?5","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/footer_football.png?5 HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 20588\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-506c\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 9191934e615a1ea8ca48b0287a1b994b\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":20588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 1057, 8-bit/color RGBA, non-interlaced","md5":"1070cd5b06840cf7f154e66c09ac305e","sha1":"8864ddecf4ae0db0790bb5c901da76bc0b31c84a","sha256":"c76aa339cc81f581354af830b7ac9984cafbd3836e2f1e53762b7baa720cb43e","sha512":"cf434b41eca22162d4aa5377e62103bb0966b4dd4974599bc19f45ddf801e84aca49fd57a2d2a756b7edbd36e5fbf49195c5bc593100cc69e6b8caaa3f6733c3","ssdeep":"384:JEgvqB07FQV4hlkvWknpVtQCdWUKxk76w27R/9ThToBdAm/:JExBu2gb29nKqc7R/vMH/","tlshash":"df92d046d332f232e578f5229567c5de221f2d07099b0f1a489df013ace56bae189e0f","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.419628Z","times_seen":841,"resource_available":false,"data":null}},"time_used":1151,"timings":{"blocked":932,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/messenger.css","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/messenger.css HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"62d84dd9-2410\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 8ede467b94ca4e6e1341d377a849a747\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":9232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (538)","md5":"26f774e67203df0b4387b8fdee38643c","sha1":"d46d750b7882c8c3aff3690472c6ad6c5c32d546","sha256":"3d3b344953f5a8668a3a045c902c84e530407997885301cfffd4a1724b6b37f8","sha512":"d2fbe717e58dbc07551690f0d18256cbef2b33adce004da7d83adb34866764ec94ea6ec5d91a9a65754f0239cc98dfc4b7caefb1a1b427a7e5818671c03288c2","ssdeep":"192:Qi0KrdIJjkB1IbXwdRoqXaS3TIFTKC32XifM1N:QiBrdIJnbXwdPC32XeKN","tlshash":"a812f022c5c51927133fcb53add557584f238b03aa1ed4ad66deec4fc70ae6812e630a","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.25005Z","times_seen":989,"resource_available":false,"data":null}},"time_used":1885,"timings":{"blocked":823,"dns":362,"connect":1,"send":0,"wait":215,"receive":0,"ssl":479},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/nav/promo_12p.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/nav/promo_12p.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 13381\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-3445\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:16 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 51f93dd541649fc36976a3b02eacb79e\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":13381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"771df357a82b3f121039b605126d9031","sha1":"49ac1b1ce8829f54c43e4012c0b21f2fffc6fea7","sha256":"7020ab66168f898a06e3743b3793745da0a9d6017bae2934e842e6ec4addc094","sha512":"acb489f3f721c83653262e26fc5831cff21e293becedd745153219f0300318977a485df8717b9195639e7a4a8760c2a988dc1b18a8a4bf5b907da84674cc4c5f","ssdeep":"384:XJXE05gzzzzzzzzz2Qz9IcDmF/COICUtw6ei/CXd:F35gzzzzzzzzz3xydLZUtAt","tlshash":"4052e14f486980fb060929e40fa043559e9667ff4f65ae34c0d27db7942de5b2fa8423","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.13516Z","times_seen":831,"resource_available":false,"data":null}},"time_used":2149,"timings":{"blocked":1931,"dns":0,"connect":0,"send":0,"wait":217,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.v1c2h.com:51300/global-activity-entry/js/rain-icon.js","fqdn":"www.v1c2h.com","domain":"v1c2h.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":51300,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.v1c2h.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 24 Nov 2025 00:00:00 GMT","end":"Sun, 22 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CD:6D:E0:A1:66:7B:5E:B3:2E:19:D0:11:AC:CD:40:B4:59:22:7F:07","sha256":"E4:D1:A7:36:92:4F:7F:18:A6:94:52:A2:59:76:61:AE:5E:4E:3D:18:E5:B7:D9:B4:96:BA:01:7A:63:6C:DF:2A"}}},"request":{"raw":"GET /global-activity-entry/js/rain-icon.js HTTP/1.1\r\nHost: www.v1c2h.com:51300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 09 Nov 2023 07:48:05 GMT\r\nvary: Accept-Encoding\r\netag: W/\"654c8eb5-88a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\npsc-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34985,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"59767c53c4cb277425bce5c5e7ea9d41","sha1":"36ee5b49ceb915d4369fe92ca49dbd8bba702c96","sha256":"5b43bfa813b9f48656d868fbdacd693bf7fc0f4324d5b815db42ceb80c5a4a27","sha512":"f56b905cc921ab836e06c2c2f1e9dab1033056b68043b6fc1a24f78446dfcfeed89d1408b26ddd176540761784e7652fe2b4d1e5103f07f510bf3e886267e967","ssdeep":"768:kCcZeOuOBMThTlp0Ef7X879b7zT2MSVHyDP:kRDQt0FSVHk","tlshash":"42f2632e5afa10516a0370654f6f91087675a02b160bdc183e5e93d8df806b846fafff","first_seen":"2025-03-02T07:32:23.132184Z","last_seen":"2026-04-27T14:49:05.334062Z","times_seen":725,"resource_available":true,"data":null}},"time_used":1238,"timings":{"blocked":-1,"dns":366,"connect":203,"send":0,"wait":245,"receive":0,"ssl":425},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/util/all.js?20231116","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /util/all.js?20231116 HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:15 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Sep 2023 03:06:14 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65012726-13044\"\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:15 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 2b2a227dc4a334024bfef7123070123f\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77892,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5480)","md5":"f5aa16a242596257e153e33c5b8fb232","sha1":"804252d4387c4fda0141e9bf4fd2a05bb3c7068a","sha256":"c21ffeeff6782e69216ce2fdf3fd54289af1d7b4a8bc2af9b83c0679c5969782","sha512":"1ae9de5c195af57a93c2bbc30c0597c8f7f2e96e98af1c1a514d21d170b54c4bafc882689096e117cd36f25570474bd059edfb8bf9023571ff7531ace1491c59","ssdeep":"1536:rfee/RrYiHhJ9Q0f16d9zeDN5qW4wTW3Jny+aSsG+Kjbd2m43ftShEhJ+7Rh0Om:rfD/miHhJ9Q0fd5B8jYhi0t","tlshash":"6273f88c7591306a4aef31b7782b224f73769a69500e5068f0b8d4e53ebce857167f38","first_seen":"2023-09-15T15:49:20Z","last_seen":"2026-04-27T14:49:05.151977Z","times_seen":950,"resource_available":true,"data":null}},"time_used":1041,"timings":{"blocked":-1,"dns":336,"connect":5,"send":0,"wait":217,"receive":4,"ssl":479},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f4bzyrz92us3.com/E2/logo.js","fqdn":"www.f4bzyrz92us3.com","domain":"f4bzyrz92us3.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:16.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.f4bzyrz92us3.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 22 Aug 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:00:56:9E:E0:4A:BC:C5:AC:93:01:37:D0:1D:2F:CC:2E:D9:BE:F3","sha256":"28:AA:7B:7C:23:E5:90:7B:6C:F4:48:23:DD:56:A2:3C:AD:E6:2B:47:66:7E:A7:DA:53:31:F6:3C:E3:FC:9E:30"}}},"request":{"raw":"GET /E2/logo.js HTTP/1.1\r\nHost: www.f4bzyrz92us3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nCookie: E2Token=91799d22-c70f-4ef2-a989-bbaabb6a149e\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=86400\r\nContent-Encoding: br\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 1d\r\nX-Rate-Limit-Remaining: 1439\r\nX-Rate-Limit-Reset: 2026-01-09T05:27:16.9987895Z\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nServer: gocache\r\nc-Type: st\r\nrid: 0f64131966a80316c09b67e67867d4ab\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":98,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"e5a0fa4eef16d69c6b9dee35c25d26d8","sha1":"e8635305ef3b8d12872017b4fb281af70c777426","sha256":"777b8446c3d8bf1de5e4511d0f9cf79303a0ee4ffe58b52ae23685d92a596c01","sha512":"ef1fbfc9f3285c6c7070ef739d8e06483126e53a752fff23a5bb56720038cdcf41b53a53f23043085b9595f62024651c741c5887e742b9babb2941b0d638658a","ssdeep":"","tlshash":"aab01211110d2000f091307f84905e4407140c245d23c1d35590053310ec4604df832b","first_seen":"2026-01-08T05:28:13.577718Z","last_seen":"2026-01-08T05:28:13.577718Z","times_seen":1,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/d11_images/icon_mobile.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /d11_images/icon_mobile.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 300\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:45:39 GMT\r\nETag: \"62d84d53-12c\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a333c149bd1addb2855748d49c9cea85\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":300,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced","md5":"87b9952aa4def5ac2d4dce81528ecae3","sha1":"e34496b167df036229e923d8686858c0a306c1e2","sha256":"7aa81a942fe7f67e5b132b047c4db23993d6ffff8eaafd3692a6824236e11def","sha512":"0fbb21285e5fe2e16acb97529fe973d055261ea7e787fdfc0d4f381f9fd2c00a981dd5861a08a4d1ee0b62d0f145044678b8cc87297e62af85d5f758a826a508","ssdeep":"","tlshash":"c9e0eb4323a20d3ac3c85633a11b13308c304248b484a50d5e442a30cc8a34c2ebd623","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.285883Z","times_seen":850,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-cn.wb27jlt6u066.com:9587/images/common_spirits.png","fqdn":"static-content-cn.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-cn.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"98:64:EC:0B:9A:00:5F:60:12:4A:12:B9:EB:5A:44:98:12:1A:7C:FF","sha256":"A1:E0:99:A3:B2:54:C9:50:DB:24:16:EA:A7:44:3A:5D:57:F0:7C:CE:B2:E7:66:31:49:50:98:44:92:F2:50:84"}}},"request":{"raw":"GET /images/common_spirits.png HTTP/1.1\r\nHost: static-content-cn.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-cn.wb27jlt6u066.com:9587/css/base.css?20240823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 8399\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:52 GMT\r\nETag: \"62d84dd8-20cf\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:17 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: 71e6a00bb718a7bbf9fbf713ce341a16\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":8399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 853, 8-bit/color RGBA, non-interlaced","md5":"44540d8c4a0f15ac3c79ec50c38068ba","sha1":"09a60fef078669da7113fbc9f9129b3a238e1b10","sha256":"d963d332fe095e110da648b267af4941bcb3d0b3988459d5f2039ebcadf4c2f0","sha512":"d67fb563e9db8d886bf09cd391361411e19aefeb2a60a37bf11eb38d985dc1c568281bae50aa71b504efb6a7bc6026340f809e797356816a430118e4f92f82e5","ssdeep":"96:1PodqmMbZJnxtCv2QIo3WG/INSvX3pwN0lu/hpSj8hj4LeQtJmzpwYFE1+m30tBY:1PqgnT8n5DluZph4y64zpx8aM3DJl","tlshash":"51028ed002b9316ed9643b22abbf39680ee289aaf4bec33448d4173731694d0457ce5f","first_seen":"2024-03-28T04:38:13Z","last_seen":"2026-04-27T14:49:05.440475Z","times_seen":690,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/icon_return.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/icon_return.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 778\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-30a\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: f1efd73b6e584991e66de3644aae05b8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, interlaced","md5":"fabab84476aede515f6619fb53cec396","sha1":"84650df8e118c2c101bc0bf6e20d9c76d4303b06","sha256":"8141cf949879defeb74a01e369563041075c8417c2f3e8789bd07fcdb6499552","sha512":"99f267bd6c596ca4ccf617f05a2c86edb2ae6a805fdd5ff3458c66853e87760d215225373e71cbdae688936cbcb88441bc3138eadbad694364fcfc7490eb50c7","ssdeep":"","tlshash":"d70120c5d7761db0c2c161b7163f9a8b1a0b8516a805a10d2e8634b39945f842d8679d","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.237057Z","times_seen":841,"resource_available":false,"data":null}},"time_used":1606,"timings":{"blocked":1389,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static-content-t.wb27jlt6u066.com:9587/images/register/tick.png","fqdn":"static-content-t.wb27jlt6u066.com","domain":"wb27jlt6u066.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":9587,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:17.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static-content-t.wb27jlt6u066.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Oct 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"08:10:09:15:B6:C8:9C:9A:CE:31:40:C9:26:D7:9E:BE:2C:9A:62:2B","sha256":"D6:55:F3:9B:55:F2:ED:CC:B3:54:8B:1E:F9:15:FB:47:0C:75:02:1A:64:4B:3C:C2:FA:75:18:9C:F0:11:EE:83"}}},"request":{"raw":"GET /images/register/tick.png HTTP/1.1\r\nHost: static-content-t.wb27jlt6u066.com:9587\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static-content-t.wb27jlt6u066.com:9587/style/main.css?20250825\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 444\r\nConnection: keep-alive\r\nLast-Modified: Wed, 20 Jul 2022 18:47:53 GMT\r\nETag: \"62d84dd9-1bc\"\r\nServer: gocache\r\nExpires: Fri, 09 Jan 2026 05:27:18 GMT\r\nCache-Control: max-age=86400\r\nc-Type: st\r\nrid: a91b53e3f8ee222c0a7da43f35578663\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]}],"data":{"size":444,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced","md5":"077cd6729828909df9e8d387b91bdaa9","sha1":"e18a6a43471158c5af525d6fce505a5695a87e49","sha256":"c3dd497f34d2204de6f86a554ca97321a269d2d35482c4b79249a2cd95476783","sha512":"fca1c13107960e24c1fe4e2d26da0953e9fe707dc8a7f5127c349afecac92bfaa98d551d9c031fd1c3b71eb3ede634ced3ac7e5e971ed23a2b21562e28798f0d","ssdeep":"","tlshash":"60f05c52ab957d1dde5895721b8d025908b24204252a0b4cc00cf0765ab9bc17e51079","first_seen":"2023-05-05T14:06:31Z","last_seen":"2026-04-27T14:49:05.07972Z","times_seen":840,"resource_available":false,"data":null}},"time_used":1150,"timings":{"blocked":935,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cn.1mebetx.com/home/register?code=40516","fqdn":"cn.1mebetx.com","domain":"1mebetx.com","tld":"com"},"ip":{"addr":"172.65.201.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-08T05:27:12.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cn.1mebetx.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B1:9C:1C:29:59:A8:2F:22:BB:FA:01:51:20:84:07:9D:ED:D9:D8:7A","sha256":"21:4B:55:27:26:B6:EF:96:E2:ED:28:FE:00:D0:57:72:9D:29:6A:4E:DE:36:40:A2:7D:07:26:CC:31:8C:F2:1D"}}},"request":{"raw":"GET /home/register?code=40516 HTTP/1.1\r\nHost: cn.1mebetx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 08 Jan 2026 05:27:14 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nSet-Cookie: ccd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nvcd11=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=1mebetx.com\nPHPSESSID=pvfn2qbqj41s51t96fj5pjvus5; path=/\n_code_cookie=40516-; path=/; domain=1mebetx.com\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 86400\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\nServer: gocache\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nc-Type: df\r\nrid: 78e5a5d04bf7442f94fa36e49b6617e8\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}],"data":{"size":102696,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (369)","md5":"b5b64bdc3a226f916f7e1248ebd6c9c6","sha1":"a282f8ca796f36d0046e3f3d294e96d2195fe4c8","sha256":"833c80db4b083a7e29a930f4625a43c979951723e5e9be63110f44bcdcb520f8","sha512":"406a06c4a6dfbdb863a95e5bcb28fc4b63e365008da883bde975e9450f8f7e0f8a7f14ebd23de2a392136e9adc7465f6984450334270691823efd3af3e0ee65d","ssdeep":"1536:6qWYvShCVRbY2ut/n6nAIkqWsVd2hzmaDQCLL8sbkstgcdbJaOjQvvvuvKvrwvjQ:cOq2g8hCBMp/WbJaZXWyzwb9WL","tlshash":"0aa3e610a8f94577017390d6b5bbaf1a7eaa8037d2068c1076fe4fc45fc2e82895776e","first_seen":"2026-01-08T05:28:13.582051Z","last_seen":"2026-01-08T05:28:13.582051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3382,"timings":{"blocked":876,"dns":436,"connect":1,"send":0,"wait":1595,"receive":35,"ssl":435},"alerts":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-06-19","alert":"Phishing - Other","trigger":"cn.1mebetx.com/home/register?code=40516","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-08","alert":"Phishing Block","trigger":"cn.1mebetx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"cn.1mebetx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"banner-notice.6dqr2n.com/mxstatic/banner-notice.js","fqdn":"banner-notice.6dqr2n.com","domain":"6dqr2n.com","tld":"com"},"ip":{"addr":"52.184.67.179","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cn.1mebetx.com/home/register?code=40516","date":"2026-01-08T05:27:14.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"banner-notice.6dqr2n.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 19 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"99:09:F8:08:0E:12:67:90:CD:CF:6F:BB:FD:A4:24:0B:CE:22:68:BC","sha256":"8D:09:C8:8D:E9:B1:66:60:30:60:D8:0C:95:30:0A:E9:BC:A6:D5:11:A9:28:82:AB:A7:90:99:A8:C5:E8:62:E8"}}},"request":{"raw":"GET /mxstatic/banner-notice.js HTTP/1.1\r\nHost: banner-notice.6dqr2n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cn.1mebetx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 05:27:16 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 27 May 2025 05:27:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68354d34-4951\"\r\nexpires: Thu, 08 Jan 2026 17:28:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18769,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"fde6491fa4c8e8adaf2844d6d09e2a2f","sha1":"51174631e2149efc853eacf33e39fa8dc66840b8","sha256":"a402e491cde441e33c89c38bb10c84d7473a88700ba4fd76e0bb1bf2c2f61143","sha512":"25d3915f3e441b65f447c65aafc287b5c4b9afc8fd34b54a428bd58a6bd1c58bca7012eef8fd44d9134fa1c375dcdb62aeaaa912a09b15895872e2f678cd10d2","ssdeep":"192:AJKwJ/y23c23qtY8SCUcWbm1iRSube/Hf+DoQPoEHdizniKOnK6t5Enx4tRL1VeV:oKGbDK6czdOnXH3qBmlc","tlshash":"ed82b81875fa0061542330b88e9a618c7f26950f920a5d08bd6d47e8afcad7199d2ffb","first_seen":"2025-05-30T16:57:45.431693Z","last_seen":"2026-03-14T23:55:48.120104Z","times_seen":483,"resource_available":true,"data":null}},"time_used":1348,"timings":{"blocked":-1,"dns":354,"connect":203,"send":0,"wait":362,"receive":0,"ssl":428},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}