{"report_id":"2443bfae-c74f-440e-8e64-6cf41d97d3e4","version":6,"status":"done","tags":[],"date":"2026-04-12T09:22:59Z","url":{"schema":"http","addr":"wwwdfl40.vip/","fqdn":"wwwdfl40.vip","domain":"wwwdfl40.vip","tld":"vip"},"ip":{"addr":"143.92.53.221","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/home","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"title":"爱爱网","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wwwdfl40.vip/","fqdn":"wwwdfl40.vip","domain":"wwwdfl40.vip","tld":"vip"},"ip":{"addr":"143.92.53.221","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-17T09:22:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-12T09:22:49Z","timestamp":1775985769,"ip_dst":{"addr":"Client IP","port":52074,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2026-04-12T09:22:49.825328+0000\",\"flow_id\":2089187594054245,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.155.103\",\"src_port\":3669,\"dest_ip\":\"172.18.0.22\",\"dest_port\":52074,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-12T09:22:49.567909+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-12","alert":"Hunting_JS_WebAssembly","trigger":"www.hairwwwtoppd410.com:3669/assets/index-71f5a5dd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-12","alert":"Hunting_JS_WebAssembly","trigger":"www.hairwwwtoppd410.com:3669/assets/worker-d3bc0bde.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"wwwdfl40.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"aawapi-v3.meiwenxiu.com","ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2021-02-08","domain_rank":0,"first_seen":"2026-04-08T22:56:52.063025Z","last_seen":"2026-04-08T22:56:52.063025Z","alert_count":0,"request_count":10,"received_data":111000,"sent_data":5647,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"www.hairwwwtoppd410.com","ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":20,"received_data":1862859,"sent_data":12603,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]}]},{"fqdn":"wwwdfl40.vip","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-08-30","domain_rank":0,"first_seen":"2026-04-12T09:23:01.557589Z","last_seen":"2026-04-12T09:23:01.557589Z","alert_count":3,"request_count":3,"received_data":56642,"sent_data":1227,"comment":"","tags":null,"fingerprints":null},{"fqdn":"jj.sofsxz.com","ip":{"addr":"47.245.53.14","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Japan","country_code":"JP"},"domain_registered":"2025-09-04","domain_rank":0,"first_seen":"2025-12-05T06:19:25.950415Z","last_seen":"2026-04-08T20:10:35.022888Z","alert_count":0,"request_count":1,"received_data":146,"sent_data":422,"comment":"","tags":null,"fingerprints":null},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-04-06T05:04:06.615629Z","alert_count":0,"request_count":1,"received_data":373,"sent_data":449,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/ColVideoItem-07d4d17c.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"importedModule","is_inline":false,"md5":"27e823cf714c440233d07fcdb555fc94","sha1":"998b200ba427e1f517123ff44eb548ac1a1db4f0","sha256":"b5bfac832635df53c63ed89e83e221b1a781a214f15ea080cd66bb095855902c","sha512":"17456a8239ab3899b80420c5c13bd53f64eed66c0ddbcd333b6b03c6675fc2bbcb3cc7e025222c5339053dcedcf231caec2aaee9053b167fda4a90420a0d3a40","ssdeep":"","tlshash":"4671d75430094ebea2a35a49145d08426a0c1f6ee53c92c1e1ff98263b52df06afe37d","size":3821,"data":"","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.128809Z","times_seen":623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"c40c795766ac149e58313b97448db5fd","sha1":"56b930c10139ab808901d5a4960f33a4a6f49660","sha256":"50b77530bd4cbe8dba264cdbe10ab7881308d29b069e2bfdc948423e3d57d492","sha512":"841c1204d0fa3a44be80e0315379d14dcf4d37bd44878d173fbeba58f59fa1d5e364e8f2dcc2560b4d623cb57fe29009f08b60c8bb2c48a5229e8ffdcc52b74b","ssdeep":"","tlshash":"acc02b347b21063001002077313ec705757235382cadc210006ecc2c28a0e9640c2814","size":140,"data":"","first_seen":"2025-12-31T03:21:21.372845Z","last_seen":"2026-04-12T10:43:16.890911Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webapi.amap.com/maps?callback=___onAPILoaded\u0026v=2.0\u0026key=0f3e523aa49b944f6ae53c488cbae6c3\u0026plugin=","fqdn":"webapi.amap.com","domain":"amap.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a39b7659f2d799ecdbc2c9982c9660c4","sha1":"5b02c7f22ee5638ef73add7ee34555b2ec2e65eb","sha256":"81e8943ef407b5f3345749eb1a8e6fb7b4e1a66390b41811d55191555946b242","sha512":"4ed640f13335480a57bf997d16fa48fb0b801eff3e1cc4292edec02659b3b8a591d2686ebe8aa2bf2ed240d126ef27debbfd4de288f8677603d0bddfffba9d7e","ssdeep":"","tlshash":"43d0230c59db1c6206c37c34c14641f21b683594a04c8de404ada76009cc676d14413f","size":215,"data":"","first_seen":"2025-10-21T08:06:21.93442Z","last_seen":"2026-04-12T10:40:57.143527Z","times_seen":321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"9ef8252ce15ee2e3486bc06fc825025f","sha1":"e42522baa9cd743f3887c392c87e07ed37e9224b","sha256":"23737c09e679f2c2816abe41664783012b3cee3c9baa4c48a1316a906de8e5bb","sha512":"6d00a2bf1b8c032215901fea53607a6b9b47bce550c4b330fcf46ffbd57a724cc01da81df6f458a9913b4856433a8078140ee9f651810599af4a1ce257925c42","ssdeep":"","tlshash":"5ff0ebee1c8222281ea2f4b8df2bc90ad9a901645184840a19ced4c87d38f58ce35e4c","size":570,"data":"","first_seen":"2025-03-04T20:45:39.349027Z","last_seen":"2026-04-12T10:40:57.142283Z","times_seen":585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/console-ban.min.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"65c1e75acb0957a38c8b8e3a35508923","sha1":"49ae0b214c80ef020a5b4e3a705c6e061f605d3a","sha256":"fbcb5e8a75d32b03b1ef29f1de74fc2d073bd060de674fcb723b58a5c4592c63","sha512":"6d5270b02666343a152b8ae0c21f132a62f804d3f78a1d74a7ca27130e0487f2bbb64734fb2b6ee7c52fcd9b80c2dc544bad9f0676b6fa916951cdb464a0509f","ssdeep":"96:1/sn2B4C9bri4YdJv1pdi2uriza02goz3YMcXKfcqsFRiqsUVJZaq1ilcrQQd:yn9CxiPdJv1pdi2Aiza3goVuzriafZa0","tlshash":"7eb15759abf420a0b713b0a28c2fa5057562441f0a8dde547c4ce3e48f5853d4bbeeec","size":5229,"data":"","first_seen":"2024-06-10T20:16:48Z","last_seen":"2026-04-12T10:40:57.129447Z","times_seen":700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/Home-52354fe8.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"b52ffa8b8bb744fc355494eaa7d7f15c","sha1":"668e8d9813d2cf4eb331f8e7edcd9fd049438bb3","sha256":"3f710078df7245b57c51581acbd53bc29b4954614ced17873f86f3fba0d97f18","sha512":"c8209388c36046686823964552a168830917a9f892d57b7595ace7675a7f233e10d6f1dac86579e1982a4c9788fd975fb276d4845e627faecd2638cc068eea94","ssdeep":"","tlshash":"67717245742e9f7cb777004054a8440af7897ee6b368c15260bc7e2b2b6adf059bc7ac","size":3635,"data":"","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.130063Z","times_seen":623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/SwiperBanner-530f3655.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"importedModule","is_inline":false,"md5":"a4793306b4694ac881b6f9e502730b84","sha1":"a9d80e7a2dbf9f05a6e0f2dd9979294feaded049","sha256":"5857ff646efe60ea518b4d937949a4ec33be71d327cc6405495f5cda094dde6d","sha512":"2dc010e6b4ed14dcfce0c3d6be25385bb11d71c8a755b23dcc3b74d9f9caf46d43302aecb9df208951d2353221d2fae856003e60ac30d994f2aac7e080cd8781","ssdeep":"192:JeX8ptP0LopLaXjM1EefEcd9SD7EHvhZcqtrrt+qVcR5k8i1M7nZgZ3EX0gESeXb:IX8pAXjgE89SnEHvhZkqGnk8i1M7nZgv","tlshash":"02322a5d31aaa837f7b3a549c0e4484053282fad8211d5c8b0ff5e2816a7c6462ff77e","size":11440,"data":"","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.135012Z","times_seen":623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"604f569f6e783209029579f243e9351e","sha1":"754aa740cfb3918f93991bcc8d59e5f4841d65ec","sha256":"334fbfebcbd68b2f89b9e140acbb387196a44b7c381b6919c223a95e07100999","sha512":"38a67d378143ef92d84fb127dd2d848cd2e9f769f6c70e76b2fc81999c6d59f74af477605bfc10378639504a9631136768ab1960b8eec6baeb84bb7c8fe23625","ssdeep":"","tlshash":"bfd0a75f6c051d781fa911ba627deadcf461115cb5aac81288ced8498f30eee982664c","size":237,"data":"","first_seen":"2025-03-04T20:45:39.350265Z","last_seen":"2026-04-12T10:40:57.143031Z","times_seen":585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/wasm_exec.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e943d64fb2d2fda876bc7cfd460a6b0","sha1":"765694803ad13a61785fa9a46d5c7716fbb21be1","sha256":"d5d090342f73e9fde68dce9ff64638a40bae9c347f5e61daffa2b43543821f31","sha512":"63f51493987119d6fe1e5e0988f7019e2bb95a50597d7a1081249afee3e7dbc4bc62abd79b99eb04b13c858f0322cdec70f80755a81bd1c052c56c0cbe06226a","ssdeep":"384:gger3+Y4sN0TfuDfOPgoDXdt8tCyC/ZzFOLQPpG65Moc9EKR3mvbhOx42cwGDocn:cOZzmQPs65Moc9EKR36Ox05Doc+ksvV2","tlshash":"4f925e8907f7011685b7713f0f5ba202622aa05f195ceee87e5c43940f8a638d6e1ff9","size":20181,"data":"","first_seen":"2024-06-10T20:16:48Z","last_seen":"2026-04-12T10:40:57.140844Z","times_seen":701,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"importedModule","is_inline":false,"md5":"ab759e1df532278977f31454bceb34c4","sha1":"48aff42993955dc217357b06beeeebe5c6dd842c","sha256":"41e7ea0e34a5d76ee733e06fef8f298d69ae069e68d2e57e4ca08db59386a5e4","sha512":"f373ab8f9a1512032192f69247cf7d7aecb942138c1ba1606fada337468ba0fe86c9e63def557aaf842d8b3065c25a2a6f6236774350235a96a4be65283f30df","ssdeep":"","tlshash":"7031968fa42941bc6a061568f41ca84bb14977ddc718814df576fe6c2581de057ac325","size":1753,"data":"","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.141786Z","times_seen":622,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"3892e89b3b8b2cb925c33b24f58a09b4","sha1":"32196beaf294b09681e0c6c2c681cabdb3be9147","sha256":"862e314b7a47ab5ff77184263ae1b1826788a2cfde28ed5ef84fdccc6766e6bc","sha512":"535fd5fbb990160c6b033fe493494931dadc19209a761ba1234fab479d9e95b0b4bec338bbf796ce5343b5eb2083ecb373aaaeb39056215ceb61d111d21d600d","ssdeep":"","tlshash":"3ee02608e8e72b0693931cdeb491201973b8f4acf91d8e51b1ad8ec5381f12d4267caf","size":345,"data":"","first_seen":"2025-03-04T20:45:39.352755Z","last_seen":"2026-04-12T10:40:57.144014Z","times_seen":585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"e346d60a70efd88aa5e78993e1b696c2","sha1":"343b1aef2e3d157cef2ed59851a1b2960dccf714","sha256":"c22a7f5c78c8571c513c6453805119dd86fcf7d4a50ed5a9872b184b41fee2b5","sha512":"572a3bcbc423faaea81143023a684bf27da02a6bf1afca45136fe7d1d7872eff6e5dd451fac4331d2724f901fd9da29c9000d5ba1e490ba8c0cd57b7c05dc79c","ssdeep":"","tlshash":"83d0226846e28c13ae0a18306f4f20c520735403470cee1b740f37780f0ca300006ecb","size":211,"data":"","first_seen":"2025-03-04T20:45:39.355753Z","last_seen":"2026-04-12T10:40:57.144999Z","times_seen":581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-12T12:08:21.034627Z","times_seen":83796,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/index-71f5a5dd.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"39190e7cec149abec76b032acc674a87","sha1":"5e425d28e5912eb420cee6f36f95d1e77de5b140","sha256":"a90dc2ec9faf08ebd6f2a35e151c9b336d910f9e063f9edff044bc729fa6ff01","sha512":"c431ff9d411e67c80fb8b2316e41827e4cbd73da345a02925e6249222906bb9d9f7be3a9c98439dd87e0f13c005f66c3791e207208d3e069a55a71465ca64f60","ssdeep":"24576:JnSFoAhs6auznK/X+oIr1KCqnLKxR/hJrzZ:JnSFoAhs6auznK/Xyr1cLKxRZ3","tlshash":"a9257cd07182b47543f705e5207f1005b23d1a88b448d498f1bdd9da3abad9aa2bbf7c","size":1051734,"data":"","first_seen":"2026-04-08T22:56:58.846105Z","last_seen":"2026-04-12T10:40:57.137442Z","times_seen":11,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-12","alert":"Hunting_JS_WebAssembly","trigger":"www.hairwwwtoppd410.com:3669/assets/index-71f5a5dd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/category","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"OPTIONS /msg_demo/v/pc/video/category HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,operationid\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 18\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache37.l2hk11[5,0], ens-cache17.nl4[191,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a517759857752714339e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":18,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"16fc9d5cca47188c8ed7e3832ec71642","sha1":"34855445c3eed269c3f7bdde0cdf916c2b6289a7","sha256":"37baffe577d0b784b02293063d5e490597337e8cfeaf07f3bf80b1beca9b447f","sha512":"fa71ac467176ef285c411eb5011c3c2957c6f3e361fd2c5b508fb64128e70b686bc88a81772abc14267addc2c0e34e79a94daecccc1723426ebe2537c4cb6c8c","ssdeep":"","tlshash":"607000020080220880a3000aa802820000208222300200332002c0800000000a00200a","first_seen":"2023-07-26T01:44:31Z","last_seen":"2026-04-12T10:40:57.131215Z","times_seen":615,"resource_available":false,"data":null}},"time_used":1911,"timings":{"blocked":842,"dns":374,"connect":23,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/worker-d3bc0bde.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:52.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/worker-d3bc0bde.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:52 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 08 Apr 2026 02:42:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d5c0a9-32d62\"\r\nexpires: Sun, 12 Apr 2026 21:22:52 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":208226,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (56834)","md5":"6383d5559e74338925e7a1690dd758b7","sha1":"b54418a9560a05649a392c02685910aed3915fd6","sha256":"d78f8e2b51bdb6507c4db7c0b65bb91b3b08013f91e1da8e9a8e108a62884de7","sha512":"90165ac6513b3605718503706c88eedc2c50694114c0e175bc9756464e61d6d9bc1f76396ed07161ed2ae04a17ab669a2240a28e1cd6ac5ee6c8ad46a04c1f9d","ssdeep":"6144:9Qz+3tPV3RrHsTimHuZjeqghABa0sxcb29LuxVgvVDUjF8lfFJF2zWsq:maWsq","tlshash":"2314e78576e670a243e260b0847f110af23a6952740cd468f17ce5e63f79e4e94b7fb8","first_seen":"2026-04-08T22:56:58.856987Z","last_seen":"2026-04-12T10:40:57.130634Z","times_seen":11,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-12","alert":"Hunting_JS_WebAssembly","trigger":"www.hairwwwtoppd410.com:3669/assets/worker-d3bc0bde.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/SwiperBanner-530f3655.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/SwiperBanner-530f3655.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-2cb0\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11440,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (11439)","md5":"a4793306b4694ac881b6f9e502730b84","sha1":"a9d80e7a2dbf9f05a6e0f2dd9979294feaded049","sha256":"5857ff646efe60ea518b4d937949a4ec33be71d327cc6405495f5cda094dde6d","sha512":"2dc010e6b4ed14dcfce0c3d6be25385bb11d71c8a755b23dcc3b74d9f9caf46d43302aecb9df208951d2353221d2fae856003e60ac30d994f2aac7e080cd8781","ssdeep":"192:JeX8ptP0LopLaXjM1EefEcd9SD7EHvhZcqtrrt+qVcR5k8i1M7nZgZ3EX0gESeXb:IX8pAXjgE89SnEHvhZkqGnk8i1M7nZgv","tlshash":"02322a5d31aaa837f7b3a549c0e4484053282fad8211d5c8b0ff5e2816a7c6462ff77e","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.135012Z","times_seen":623,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/console-ban.min.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:50.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /console-ban.min.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 12 Jul 2024 05:38:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6690c157-146d\"\r\nexpires: Sun, 12 Apr 2026 21:22:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5229,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"65c1e75acb0957a38c8b8e3a35508923","sha1":"49ae0b214c80ef020a5b4e3a705c6e061f605d3a","sha256":"fbcb5e8a75d32b03b1ef29f1de74fc2d073bd060de674fcb723b58a5c4592c63","sha512":"6d5270b02666343a152b8ae0c21f132a62f804d3f78a1d74a7ca27130e0487f2bbb64734fb2b6ee7c52fcd9b80c2dc544bad9f0676b6fa916951cdb464a0509f","ssdeep":"96:1/sn2B4C9bri4YdJv1pdi2uriza02goz3YMcXKfcqsFRiqsUVJZaq1ilcrQQd:yn9CxiPdJv1pdi2Aiza3goVuzriafZa0","tlshash":"7eb15759abf420a0b713b0a28c2fa5057562441f0a8dde547c4ce3e48f5853d4bbeeec","first_seen":"2024-06-10T20:16:48Z","last_seen":"2026-04-12T10:40:57.129447Z","times_seen":700,"resource_available":true,"data":null}},"time_used":1071,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1071,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wwwdfl40.vip/","fqdn":"wwwdfl40.vip","domain":"wwwdfl40.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T09:22:37.058Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wwwdfl40.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T11:56:00.075434Z","times_seen":13660596,"resource_available":true,"data":null}},"time_used":2303,"timings":{"blocked":2303,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"wwwdfl40.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/logo-b4e095e7.png","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/logo-b4e095e7.png HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 10 Mar 2025 14:06:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67cef1fe-349d\"\r\nexpires: Tue, 12 May 2026 09:22:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13469,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 241 x 83, 8-bit/color RGBA, non-interlaced","md5":"ce7374f419ace637c1e139f663adf86b","sha1":"4774d5dee332cd29ac58f278b209201a4ba90f7d","sha256":"06fec954fd4e7fb5ddfe8d40ac2a78f9df1964d63fa8f985257daa0449f46d09","sha512":"ad41dfe1cac70b4a0ec9a4cc68cb11c58b1a912fe281c86be66cbef9695bf70e5795146e4a56b6a9152e59bf9f3ddeb768c71023a83db6065a8a842c87102efe","ssdeep":"384:MYSjG3dcK+OpqwdukczIcK9kg7p9tos/WvY4457SW3:2G3daOpqZNzWtHOY44hSW3","tlshash":"cc52c0a237b43bb2642edd0d10252350b328b81be60be58ba97796de0d7cff5467c418","first_seen":"2025-03-14T04:49:08.775562Z","last_seen":"2026-04-12T10:40:57.140333Z","times_seen":486,"resource_available":false,"data":null}},"time_used":1396,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wwwdfl40.vip/favicon.ico","fqdn":"wwwdfl40.vip","domain":"wwwdfl40.vip","tld":"vip"},"ip":{"addr":"143.92.53.221","port":80,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wwwdfl40.vip/","date":"2026-04-12T09:22:46.053Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: wwwdfl40.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wwwdfl40.vip/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: simple server\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: max-age=86400\r\nContent-Length: 28167\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28167,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16387)","md5":"7077bc351258a29d86ba7a049c1feacf","sha1":"672a3657ca91d7e21da033d33383e13e90b336d5","sha256":"590c74716c3da29927691e8db9ea330442a6486b56f36fdf104e87897068aa94","sha512":"000cccf0e4fd85a8d5ed7b0b7e50d7980df29a72c2ba371577072ec1e2d6da2c7ddfda8c8d097393e449d004b5b44d5803ef0fa7aeae7c8fa987aa1b47a83ed4","ssdeep":"768:eKEi0jlTrftCX49KGqMqOmyUipmKu4z34IBiWhF:eKEi0jlTrftCX49KGqHOmBKyWP","tlshash":"4fc2ee5a2598082dff8de4fc70aafc799886da5b84cc6ac7f13f851a0f141b5633658c","first_seen":"2026-04-11T19:25:43.462561Z","last_seen":"2026-04-12T10:40:57.134085Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1402,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":453,"receive":949,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"wwwdfl40.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jj.sofsxz.com/jump.js","fqdn":"jj.sofsxz.com","domain":"sofsxz.com","tld":"com"},"ip":{"addr":"47.245.53.14","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:50.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jj.sofsxz.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 15:21:34 GMT","end":"Thu, 14 May 2026 15:21:33 GMT"},"fingerprint":{"sha1":"E8:EF:A7:79:EA:2A:7D:B1:2A:7A:37:78:D0:9C:EE:13:94:07:AA:54","sha256":"D2:6F:9C:56:F4:2E:3C:09:D0:C5:0C:A9:7B:AF:AB:72:90:19:EA:EB:96:0F:22:F9:19:14:41:7E:0C:E5:45:E1"}}},"request":{"raw":"GET /jump.js HTTP/1.1\r\nHost: jj.sofsxz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hairwwwtoppd410.com:3669/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\ndate: Sun, 12 Apr 2026 09:22:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T11:56:00.075434Z","times_seen":13660596,"resource_available":true,"data":null}},"time_used":1384,"timings":{"blocked":546,"dns":29,"connect":266,"send":0,"wait":266,"receive":1,"ssl":273},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/ColVideoItem-07d4d17c.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-eed\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3821,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3812)","md5":"27e823cf714c440233d07fcdb555fc94","sha1":"998b200ba427e1f517123ff44eb548ac1a1db4f0","sha256":"b5bfac832635df53c63ed89e83e221b1a781a214f15ea080cd66bb095855902c","sha512":"17456a8239ab3899b80420c5c13bd53f64eed66c0ddbcd333b6b03c6675fc2bbcb3cc7e025222c5339053dcedcf231caec2aaee9053b167fda4a90420a0d3a40","ssdeep":"","tlshash":"4671d75430094ebea2a35a49145d08426a0c1f6ee53c92c1e1ff98263b52df06afe37d","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.128809Z","times_seen":623,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/SwiperBanner-530f3655.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/SwiperBanner-530f3655.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-2cb0\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11440,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (11439)","md5":"a4793306b4694ac881b6f9e502730b84","sha1":"a9d80e7a2dbf9f05a6e0f2dd9979294feaded049","sha256":"5857ff646efe60ea518b4d937949a4ec33be71d327cc6405495f5cda094dde6d","sha512":"2dc010e6b4ed14dcfce0c3d6be25385bb11d71c8a755b23dcc3b74d9f9caf46d43302aecb9df208951d2353221d2fae856003e60ac30d994f2aac7e080cd8781","ssdeep":"192:JeX8ptP0LopLaXjM1EefEcd9SD7EHvhZcqtrrt+qVcR5k8i1M7nZgZ3EX0gESeXb:IX8pAXjgE89SnEHvhZkqGnk8i1M7nZgv","tlshash":"02322a5d31aaa837f7b3a549c0e4484053282fad8211d5c8b0ff5e2816a7c6462ff77e","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.135012Z","times_seen":623,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/ColVideoItem-2396d821.css","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/ColVideoItem-2396d821.css HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-85a\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2138,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2137)","md5":"3ed36c8ab345e58256d3d588064baa65","sha1":"d8cf769eacfa62e2d3abdd61bd2467e2edd0da68","sha256":"2396d8210b758386c0233004717483dccc3f17c61c640177815647ddafe0281e","sha512":"294a87f6a0dd699e7c1b562b116075ec1b09e0f34d1833c69f9996a2a4f3f54c18617f737f5101afd58128000a762d57b0e4ecda91aa4e911b813c342bcf6182","ssdeep":"","tlshash":"b741a0a1736594f9b472909ff5084dcd6d0dde33dd31c268eb80f8e0b8c25ad29b0964","first_seen":"2024-09-25T15:40:10Z","last_seen":"2026-04-12T10:40:57.136044Z","times_seen":526,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/SwiperBanner-cd8dc074.css","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/SwiperBanner-cd8dc074.css HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-126e\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4718,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4717)","md5":"fb5268dfc16441a3bde55d367d16789e","sha1":"837b2c2ebce06baff420558ab497f23d549dc18e","sha256":"cd8dc0741001baca08efb816601cb7d45afa981c79e6af4785d82301175f1833","sha512":"118d83b91ca4b4f21b6eaf5a58a92f195bf9817545b3994887988c0dbef591c3bc0d94147a9152d01962f30e7f8b7cb31fb5c792a2a6789c86c7ea984933b114","ssdeep":"48:H1luTj/FgCMqOnIFNKYjOSfwowq8In+EaK8f5Blb:0/FVnjO4LAZb","tlshash":"50a19a14bb8214379c0e2328a5c00aa8b73ddea1ca902597b6fba31513c65dc177ef5e","first_seen":"2024-08-01T03:54:51Z","last_seen":"2026-04-12T10:40:57.128199Z","times_seen":525,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/index-71f5a5dd.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:50.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/index-71f5a5dd.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 08 Apr 2026 02:42:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d5c0a9-100c56\"\r\nexpires: Sun, 12 Apr 2026 21:22:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1051734,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (44661)","md5":"39190e7cec149abec76b032acc674a87","sha1":"5e425d28e5912eb420cee6f36f95d1e77de5b140","sha256":"a90dc2ec9faf08ebd6f2a35e151c9b336d910f9e063f9edff044bc729fa6ff01","sha512":"c431ff9d411e67c80fb8b2316e41827e4cbd73da345a02925e6249222906bb9d9f7be3a9c98439dd87e0f13c005f66c3791e207208d3e069a55a71465ca64f60","ssdeep":"24576:JnSFoAhs6auznK/X+oIr1KCqnLKxR/hJrzZ:JnSFoAhs6auznK/Xyr1cLKxRZ3","tlshash":"a9257cd07182b47543f705e5207f1005b23d1a88b448d498f1bdd9da3abad9aa2bbf7c","first_seen":"2026-04-08T22:56:58.846105Z","last_seen":"2026-04-12T10:40:57.137442Z","times_seen":11,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":519,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-04-12","alert":"Hunting_JS_WebAssembly","trigger":"www.hairwwwtoppd410.com:3669/assets/index-71f5a5dd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-6d9\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1753,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1732)","md5":"ab759e1df532278977f31454bceb34c4","sha1":"48aff42993955dc217357b06beeeebe5c6dd842c","sha256":"41e7ea0e34a5d76ee733e06fef8f298d69ae069e68d2e57e4ca08db59386a5e4","sha512":"f373ab8f9a1512032192f69247cf7d7aecb942138c1ba1606fada337468ba0fe86c9e63def557aaf842d8b3065c25a2a6f6236774350235a96a4be65283f30df","ssdeep":"","tlshash":"7031968fa42941bc6a061568f41ca84bb14977ddc718814df576fe6c2581de057ac325","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.141786Z","times_seen":622,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-6d9\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1753,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1732)","md5":"ab759e1df532278977f31454bceb34c4","sha1":"48aff42993955dc217357b06beeeebe5c6dd842c","sha256":"41e7ea0e34a5d76ee733e06fef8f298d69ae069e68d2e57e4ca08db59386a5e4","sha512":"f373ab8f9a1512032192f69247cf7d7aecb942138c1ba1606fada337468ba0fe86c9e63def557aaf842d8b3065c25a2a6f6236774350235a96a4be65283f30df","ssdeep":"","tlshash":"7031968fa42941bc6a061568f41ca84bb14977ddc718814df576fe6c2581de057ac325","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.141786Z","times_seen":622,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/search/hotLists","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:55.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"POST /msg_demo/v/search/hotLists HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\noperationID: bb89ff9b-3150-4d23-90c8-0ae012fe8947\r\nContent-Length: 2\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 561\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache25.l2hk11[6,0], ens-cache24.nl4[193,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7ac17759857755851486e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":561,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d2c44fc85aba16da964c7439f4427469","sha1":"6a1bc8d267f10f6ba4d02bd9ad4983f7c6d31408","sha256":"9e347b9a938ce969d79714bc8fd93e3a6e16d226f7921fff37e2f278a25957f1","sha512":"4ba9d20f7ce7c035220efa538ba364e866376832d5d44331c0b62438125f4e46e3202e418c8953caeed36d5d963f4cd89ac8abeea72f1fd1f566e0b05e56ab8b","ssdeep":"","tlshash":"ecf0a48a61d9d89890ec6fab0422b7c473eed00f94450f2148cadf0c85a2170061b72a","first_seen":"2024-07-31T10:54:12Z","last_seen":"2026-04-12T10:40:57.138507Z","times_seen":578,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T09:22:49.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wwwdfl40.vip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:50 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 24 Aug 2024 14:11:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e9f6-87d\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2330,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (605)","md5":"2b2f6a1207ee1af8c7e82c2b29cfc6f6","sha1":"7a54f9f68802da2f2d2e7bd5f1620f0956f7c2a9","sha256":"c02757650c0ba5187e30f7577c87be1bd80377775a4a65a6e45916dbf910f06b","sha512":"c91b47449e90b32fcaedbe088f03c04079a7ae1a4ca003c8b4006feb253308e4afe4846351e35a6ecf6e4d42529e0519a5c23bc64e7e270b1800df27806a7254","ssdeep":"","tlshash":"2941324a1c918d29175164797a3bf04cf5eaa525661dc90138cedd9c2f18fec8c27d4c","first_seen":"2026-01-06T10:15:40.018169Z","last_seen":"2026-04-12T09:23:11.549844Z","times_seen":38,"resource_available":true,"data":null}},"time_used":1592,"timings":{"blocked":666,"dns":137,"connect":258,"send":0,"wait":259,"receive":0,"ssl":268},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/wasm_exec.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:50.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /wasm_exec.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 12 Jul 2024 05:38:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6690c157-4ed5\"\r\nexpires: Sun, 12 Apr 2026 21:22:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20181,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"5e943d64fb2d2fda876bc7cfd460a6b0","sha1":"765694803ad13a61785fa9a46d5c7716fbb21be1","sha256":"d5d090342f73e9fde68dce9ff64638a40bae9c347f5e61daffa2b43543821f31","sha512":"63f51493987119d6fe1e5e0988f7019e2bb95a50597d7a1081249afee3e7dbc4bc62abd79b99eb04b13c858f0322cdec70f80755a81bd1c052c56c0cbe06226a","ssdeep":"384:gger3+Y4sN0TfuDfOPgoDXdt8tCyC/ZzFOLQPpG65Moc9EKR3mvbhOx42cwGDocn:cOZzmQPs65Moc9EKR36Ox05Doc+ksvV2","tlshash":"4f925e8907f7011685b7713f0f5ba202622aa05f195ceee87e5c43940f8a638d6e1ff9","first_seen":"2024-06-10T20:16:48Z","last_seen":"2026-04-12T10:40:57.140844Z","times_seen":701,"resource_available":true,"data":null}},"time_used":1072,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1072,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/ColVideoItem-07d4d17c.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-eed\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3821,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3812)","md5":"27e823cf714c440233d07fcdb555fc94","sha1":"998b200ba427e1f517123ff44eb548ac1a1db4f0","sha256":"b5bfac832635df53c63ed89e83e221b1a781a214f15ea080cd66bb095855902c","sha512":"17456a8239ab3899b80420c5c13bd53f64eed66c0ddbcd333b6b03c6675fc2bbcb3cc7e025222c5339053dcedcf231caec2aaee9053b167fda4a90420a0d3a40","ssdeep":"","tlshash":"4671d75430094ebea2a35a49145d08426a0c1f6ee53c92c1e1ff98263b52df06afe37d","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.128809Z","times_seen":623,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/client_config/get","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"OPTIONS /msg_demo/client_config/get HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: operationid\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 18\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache7.l2hk11[6,0], ens-cache17.nl4[192,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a517759857752714340e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":18,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"16fc9d5cca47188c8ed7e3832ec71642","sha1":"34855445c3eed269c3f7bdde0cdf916c2b6289a7","sha256":"37baffe577d0b784b02293063d5e490597337e8cfeaf07f3bf80b1beca9b447f","sha512":"fa71ac467176ef285c411eb5011c3c2957c6f3e361fd2c5b508fb64128e70b686bc88a81772abc14267addc2c0e34e79a94daecccc1723426ebe2537c4cb6c8c","ssdeep":"","tlshash":"607000020080220880a3000aa802820000208222300200332002c0800000000a00200a","first_seen":"2023-07-26T01:44:31Z","last_seen":"2026-04-12T10:40:57.131215Z","times_seen":615,"resource_available":false,"data":null}},"time_used":1894,"timings":{"blocked":833,"dns":372,"connect":25,"send":0,"wait":217,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/category","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:55.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"POST /msg_demo/v/pc/video/category HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\noperationID: 47919485-56b8-4813-89f2-fdc16b199dd5\r\nContent-Length: 2\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 522\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache35.l2hk11[5,0], ens-cache17.nl4[253,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a517759857755634572e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":522,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d0201f4819d29fd5b2e0b49e53c3bcec","sha1":"43f6dc06224e257ec76a0cf52535fca49f93a077","sha256":"251c59df969796fbda14b65f323f68167d444c673018587f346096651913a058","sha512":"fa73fd47f89c082c2d28c60c8bf150f1b549b3fd1079691f6ecf839ffef51b6874ec0fa89a799545173bbb3d544d4f8e2bad2154376a92dace3d1bdec5c0ac97","ssdeep":"","tlshash":"aef01cddf0c838dca0c0c5e71e8322db32dc41cbacae5c0521c35e2c4acc4a00322baa","first_seen":"2024-11-12T08:22:08.158753Z","last_seen":"2026-04-12T10:40:57.135534Z","times_seen":536,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/index-fd1be804.css","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:50.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/index-fd1be804.css HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-7640f\"\r\nexpires: Sun, 12 Apr 2026 21:22:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":484367,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65018), with no line terminators","md5":"09d64fc8b25b9fef3b6a084b03057d56","sha1":"1780b21292eaeceb51239a94cba4ef7360af0413","sha256":"fd1be804f836223952ed4ef971087deb04b7110a4efec4e4189fcb7113021b8c","sha512":"619ffa944091b1ae669a164bbb4621e0ff48978b52960fd7c5c7728737a0381ec5fed050f3e7b95de288f184544159f76c05bb1aa026b1a190b636badf36e771","ssdeep":"6144:nbxsak/LgbWitXT+XK4Portl6WWuwK04MuobXSNA/Tc2pK8/6dGLvgSqRil44JMs:b1o0rtU7","tlshash":"47a4f955e713653f2d27e27dbac0e9c86b14ef91dd128ba6f640640489c3af112a3d2f","first_seen":"2024-09-25T15:25:41Z","last_seen":"2026-04-12T10:40:57.141292Z","times_seen":577,"resource_available":false,"data":null}},"time_used":1072,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1072,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/client_config/get","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:55.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"POST /msg_demo/client_config/get HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\noperationID: 8331eb1d-99ff-444f-9772-53b88feb97c7\r\nContent-Length: 31\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":31,"data":"{\"operationID\":\"1775985774307\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 58\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache47.l2hk11[5,0], ens-cache17.nl4[191,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a517759857755244545e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5815a980085b571173195bd8a011f147","sha1":"1496e0973b77836a73cc6f422f5080ce9b6c1f6c","sha256":"fea5988f0646a59e6628e78fafee64eeced872002e3f7ca2654fa86f106d1a5b","sha512":"0e3098603e58354663b7936f305923074c01a3623a79ac90934294278d14267469781e729ab220f355a55c5fedc2714ddb4301f69bce6f73907d9c65e892b9af","ssdeep":"","tlshash":"92a0026168ed04530dc54a91e1971525aae191c508381400c15cfc1542ae5281701d54","first_seen":"2024-06-10T20:16:49Z","last_seen":"2026-04-12T10:40:57.133364Z","times_seen":577,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/adList","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"OPTIONS /msg_demo/v/pc/video/adList HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,operationid\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 18\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache21.l2hk11[6,0], ens-cache12.nl4[190,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a017759857752806332e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"16fc9d5cca47188c8ed7e3832ec71642","sha1":"34855445c3eed269c3f7bdde0cdf916c2b6289a7","sha256":"37baffe577d0b784b02293063d5e490597337e8cfeaf07f3bf80b1beca9b447f","sha512":"fa71ac467176ef285c411eb5011c3c2957c6f3e361fd2c5b508fb64128e70b686bc88a81772abc14267addc2c0e34e79a94daecccc1723426ebe2537c4cb6c8c","ssdeep":"","tlshash":"607000020080220880a3000aa802820000208222300200332002c0800000000a00200a","first_seen":"2023-07-26T01:44:31Z","last_seen":"2026-04-12T10:40:57.131215Z","times_seen":615,"resource_available":false,"data":null}},"time_used":1899,"timings":{"blocked":840,"dns":369,"connect":25,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/Home-52354fe8.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/Home-52354fe8.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-e33\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3635,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3614)","md5":"b52ffa8b8bb744fc355494eaa7d7f15c","sha1":"668e8d9813d2cf4eb331f8e7edcd9fd049438bb3","sha256":"3f710078df7245b57c51581acbd53bc29b4954614ced17873f86f3fba0d97f18","sha512":"c8209388c36046686823964552a168830917a9f892d57b7595ace7675a7f233e10d6f1dac86579e1982a4c9788fd975fb276d4845e627faecd2638cc068eea94","ssdeep":"","tlshash":"67717245742e9f7cb777004054a8440af7897ee6b368c15260bc7e2b2b6adf059bc7ac","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.130063Z","times_seen":623,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/search/hotLists","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"OPTIONS /msg_demo/v/search/hotLists HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,operationid\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 18\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache8.l2hk11[8,0], ens-cache24.nl4[257,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7ac17759857752691275e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":18,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"16fc9d5cca47188c8ed7e3832ec71642","sha1":"34855445c3eed269c3f7bdde0cdf916c2b6289a7","sha256":"37baffe577d0b784b02293063d5e490597337e8cfeaf07f3bf80b1beca9b447f","sha512":"fa71ac467176ef285c411eb5011c3c2957c6f3e361fd2c5b508fb64128e70b686bc88a81772abc14267addc2c0e34e79a94daecccc1723426ebe2537c4cb6c8c","ssdeep":"","tlshash":"607000020080220880a3000aa802820000208222300200332002c0800000000a00200a","first_seen":"2023-07-26T01:44:31Z","last_seen":"2026-04-12T10:40:57.131215Z","times_seen":615,"resource_available":false,"data":null}},"time_used":1958,"timings":{"blocked":835,"dns":370,"connect":25,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/Home-f4762739.css","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/Home-f4762739.css HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: text/css\r\ncontent-length: 573\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\netag: \"66c9e98e-23d\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":573,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (572)","md5":"ca0d1fed679e9fb577b152b84172e3b0","sha1":"f31f910ffb6affe9d858f510b28b061f26b8132d","sha256":"f4762739ed1a30a8efe8131ce186dc2f22daed56ac2d02c385db17e305085b3c","sha512":"10f9cb06cb9f20724a067bb22ec54c5f84303aeee0fedaff5f5057d826f1ce0eea6a0e2df4d1a83a5d8ea232390fc0e96e1dd181dbfe9d9bc20127a86ad79b06","ssdeep":"","tlshash":"6bf02212a2add88875b3e8d2b001ba25b1006e13555b8f21ea7a3c38ecc34773760b98","first_seen":"2024-07-31T10:54:12Z","last_seen":"2026-04-12T10:40:57.132843Z","times_seen":599,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/getAllCategoryVideos","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"OPTIONS /msg_demo/v/pc/video/getAllCategoryVideos HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,operationid\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 18\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache41.l2hk11[6,0], ens-cache1.nl4[191,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a79517759857752805840e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":18,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"16fc9d5cca47188c8ed7e3832ec71642","sha1":"34855445c3eed269c3f7bdde0cdf916c2b6289a7","sha256":"37baffe577d0b784b02293063d5e490597337e8cfeaf07f3bf80b1beca9b447f","sha512":"fa71ac467176ef285c411eb5011c3c2957c6f3e361fd2c5b508fb64128e70b686bc88a81772abc14267addc2c0e34e79a94daecccc1723426ebe2537c4cb6c8c","ssdeep":"","tlshash":"607000020080220880a3000aa802820000208222300200332002c0800000000a00200a","first_seen":"2023-07-26T01:44:31Z","last_seen":"2026-04-12T10:40:57.131215Z","times_seen":615,"resource_available":false,"data":null}},"time_used":1890,"timings":{"blocked":837,"dns":368,"connect":25,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wwwdfl40.vip/","fqdn":"wwwdfl40.vip","domain":"wwwdfl40.vip","tld":"vip"},"ip":{"addr":"143.92.53.221","port":80,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T09:22:41.013Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wwwdfl40.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: simple server\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: max-age=86400\r\nContent-Length: 28167\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28167,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16387)","md5":"7077bc351258a29d86ba7a049c1feacf","sha1":"672a3657ca91d7e21da033d33383e13e90b336d5","sha256":"590c74716c3da29927691e8db9ea330442a6486b56f36fdf104e87897068aa94","sha512":"000cccf0e4fd85a8d5ed7b0b7e50d7980df29a72c2ba371577072ec1e2d6da2c7ddfda8c8d097393e449d004b5b44d5803ef0fa7aeae7c8fa987aa1b47a83ed4","ssdeep":"768:eKEi0jlTrftCX49KGqMqOmyUipmKu4z34IBiWhF:eKEi0jlTrftCX49KGqHOmBKyWP","tlshash":"4fc2ee5a2598082dff8de4fc70aafc799886da5b84cc6ac7f13f851a0f141b5633658c","first_seen":"2026-04-11T19:25:43.462561Z","last_seen":"2026-04-12T10:40:57.134085Z","times_seen":5,"resource_available":true,"data":null}},"time_used":9175,"timings":{"blocked":791,"dns":1,"connect":791,"send":0,"wait":1530,"receive":6062,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"wwwdfl40.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/Home-52354fe8.js","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:53.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/Home-52354fe8.js HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-e33\"\r\nexpires: Sun, 12 Apr 2026 21:22:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3635,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3614)","md5":"b52ffa8b8bb744fc355494eaa7d7f15c","sha1":"668e8d9813d2cf4eb331f8e7edcd9fd049438bb3","sha256":"3f710078df7245b57c51581acbd53bc29b4954614ced17873f86f3fba0d97f18","sha512":"c8209388c36046686823964552a168830917a9f892d57b7595ace7675a7f233e10d6f1dac86579e1982a4c9788fd975fb276d4845e627faecd2638cc068eea94","ssdeep":"","tlshash":"67717245742e9f7cb777004054a8440af7897ee6b368c15260bc7e2b2b6adf059bc7ac","first_seen":"2024-09-10T14:06:18Z","last_seen":"2026-04-12T10:40:57.130063Z","times_seen":623,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/assets/qr_code-8c1a238d.jpg","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:54.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /assets/qr_code-8c1a238d.jpg HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:54 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Aug 2024 14:09:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c9e98e-1865\"\r\nexpires: Tue, 12 May 2026 09:22:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6245,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 368x368, components 3","md5":"abb136a9fae142d3e00508ebcd3561b1","sha1":"a796f7ab06d2a39a7a54fad9962a2b9ba2266012","sha256":"a154a154df3cd9689974ab42dfde252f2abec2881bc0d0f17443425771d4aa0e","sha512":"0b8aa028849bf6a9fd32c4df307cee7e61eafee9008da220e2620d54efad4bb7a6bc8a45ac13874fb0561324e1530236b344113846a312274037c76b824cf290","ssdeep":"96:vCiwuA/71V89loJhbqRADKTf1vH0cYz5IP54wmkb7PhAGKBnB9d/AfFUVTf:Ux9JhhavH0c9b+GKnTUs","tlshash":"74d16c84308de103f4d098343efd224a14a68d91c9312ce374bb3e5ee7affa06938994","first_seen":"2024-07-31T10:54:12Z","last_seen":"2026-04-12T10:40:57.132318Z","times_seen":585,"resource_available":false,"data":null}},"time_used":1356,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:51.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":""},"issuer":{"commonName":"Keymatic Secure Domain RSA CA G1","organization":"PKI(Chongqing) Limited"},"validity":{"start":"Wed, 01 Apr 2026 06:48:26 GMT","end":"Fri, 16 Oct 2026 15:59:59 GMT"},"fingerprint":{"sha1":"F0:4F:0E:62:84:89:BD:2B:8E:53:1E:AC:20:70:16:C2:F7:E9:C1:C0","sha256":"54:9F:ED:D0:8F:D4:0A:5F:31:95:55:FD:E0:E6:13:F2:09:8C:39:E1:01:31:98:FA:1D:DC:20:CD:20:19:7C:F5"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 290\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.hairwwwtoppd410.com:3669\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Sun, 12 Apr 2026 09:22:51 GMT\r\neo-log-uuid: 16869039741166664306\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T11:56:00.075434Z","times_seen":13660596,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/adList","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:55.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"POST /msg_demo/v/pc/video/adList HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\noperationID: df7f1739-b7ea-4f6a-8117-c51762ef292e\r\nContent-Length: 2\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nContent-Length: 1602\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache8.l2hk11[7,0], ens-cache12.nl4[190,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a7a017759857755486489e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1602,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e036ee3e0025443c9e11469a289c113a","sha1":"5967147887e8b750c6538d5b3ecdf61ba372a289","sha256":"b99a16f942048b0cea426fc71c69d161e3cd097126f74a7c1630c551f1327651","sha512":"e74a0cd30f86d0fb2538c92095e5cb89e98f7029f4368ce458238f03875fbddfc29b1f1813d9a46b92d01295b1194bddefd2231284b725a936d59845516ddfee","ssdeep":"","tlshash":"6131693b6bf8f55ae3e5718a743372cdf291924b8c888b05f6c9cd8c86931b22707644","first_seen":"2026-04-11T19:25:43.458637Z","last_seen":"2026-04-12T10:40:57.137913Z","times_seen":5,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hairwwwtoppd410.com:3669/favicon.ico","fqdn":"www.hairwwwtoppd410.com","domain":"hairwwwtoppd410.com","tld":"com"},"ip":{"addr":"134.122.155.103","port":3669,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:52.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hairwwwtoppd410.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 14:22:47 GMT","end":"Fri, 10 Jul 2026 14:22:46 GMT"},"fingerprint":{"sha1":"D9:9A:F1:AC:50:00:B0:9B:EF:C0:8A:C8:1C:59:5D:94:0A:05:A9:5C","sha256":"37:5C:D3:D8:43:48:C9:B4:3E:91:EE:AC:10:E0:1D:DA:4F:61:8B:E4:31:8B:AA:6C:AD:BF:43:92:79:13:BA:8B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.hairwwwtoppd410.com:3669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%22b9fe428d-560c-538e-b129-1fc89dd46916%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201775987571142%2C%20%22ct%22%3A%201775985771142%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=88e8c66f-b4bf-58ac-aafe-d47d16016cb0; __51vuft__KQFtdGOd9WuFBLcO=1775985771146\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:22:52 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15406\r\nlast-modified: Fri, 12 Jul 2024 05:38:31 GMT\r\netag: \"6690c157-3c2e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"38aa79ab79b7769916ea54c4720bb9c1","sha1":"c79efffe80f1c832b75ed94c1275c4cf6d7f9dd7","sha256":"2af64ca00cbd7c5771e471fdb8a05898d403e836a16cbfcaf4761fce3ea706aa","sha512":"bab02bedf590b2b2b4d6814eff04edcc70b57801f2aa37ffe1e9692c0faa38a940e7b201fd4760468c220b1ad2eab3019ea43578a544c34c691532fd6a57e7b0","ssdeep":"384:H/oJyadDvN4tZIawF+fQF8GEzJWOQN6to+ougzFoUVxbzmQEwMLArh:foJy8LN4tZ1zcFa0","tlshash":"6462b64258524ec8de6a087d77565acdb546ceefa7252b20caf03973bb730e205f1817","first_seen":"2024-06-10T20:16:49Z","last_seen":"2026-04-12T10:40:57.136506Z","times_seen":696,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aawapi-v3.meiwenxiu.com/msg_demo/v/pc/video/getAllCategoryVideos","fqdn":"aawapi-v3.meiwenxiu.com","domain":"meiwenxiu.com","tld":"com"},"ip":{"addr":"155.102.167.173","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hairwwwtoppd410.com:3669/","date":"2026-04-12T09:22:55.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aawapi-v3.meiwenxiu.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 07 Apr 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:89:1E:CE:EA:0A:88:35:B9:86:0D:29:BA:3E:F0:3F:F1:BD:F9:09","sha256":"D9:FD:A1:93:1E:AE:D5:2E:62:0E:E7:7D:62:D3:36:01:4F:BF:56:BD:15:E5:ED:D8:59:CA:43:03:95:7A:45:02"}}},"request":{"raw":"POST /msg_demo/v/pc/video/getAllCategoryVideos HTTP/1.1\r\nHost: aawapi-v3.meiwenxiu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\noperationID: 87d9bb2d-44e7-405e-af49-cc8b5c6763cf\r\nContent-Length: 2\r\nOrigin: https://www.hairwwwtoppd410.com:3669\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 12 Apr 2026 09:22:55 GMT\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar\r\nAccess-Control-Max-Age: 172800\r\nStrict-Transport-Security: max-age=31536000\r\nVia: ens-cache42.l2hk11[9,0], ens-cache1.nl4[258,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 9b66a79517759857754985980e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":101500,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (20635), with NEL line terminators","md5":"a5c16a05215e5e21588a54b52082ea80","sha1":"d5939053b2eceb74c1a89121efd3e633fba964e2","sha256":"a2966624e5f0dec0a81608817e5dffc2ae8b06db58fbea20dc7ecbf516b72364","sha512":"0c3a679b92c1f24dd4a039da0582ba05d688a46a9d86a382d79f7598aa5ef05ec402ee87e2034a14dcc2126e3b77c597032df6fae40e9e9f5719ac84c0d175d1","ssdeep":"1536:zVXGl/3WByF4a5m6/5jhZhAw1Rmy+bBPcGmsPwL6UBEBA/d3SawddQhlDQf+vYpD:9TwBIC3S7+vYpa8Wj2Ut9FC","tlshash":"05a3635b73948655bf41a1c1447771ced8f8a15bb9882bd6ebefc9dc8e073e2032610a","first_seen":"2026-04-12T09:23:11.554985Z","last_seen":"2026-04-12T09:23:11.554985Z","times_seen":1,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}