{"report_id":"29e359fc-d7e6-426e-b6ed-c11251541347","version":6,"status":"done","tags":[],"date":"2025-10-10T21:40:31Z","url":{"schema":"http","addr":"amaylf.xyz/","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"172.66.47.178","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"amaylf.xyz/#/login","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"title":"Task Platform"},"submit":{"url":{"schema":"http","addr":"amaylf.xyz/","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"172.66.47.178","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-14T21:40:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"amaylf.xyz","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-16","domain_rank":0,"first_seen":"2025-10-10T21:40:32.756209Z","last_seen":"2025-10-10T21:40:32.756209Z","alert_count":19,"request_count":19,"received_data":1814722,"sent_data":8487,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.tksaasapi.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-09","domain_rank":0,"first_seen":"2024-12-09T17:05:16.969921Z","last_seen":"2024-12-09T17:05:16.969922Z","alert_count":0,"request_count":6,"received_data":13287,"sent_data":3046,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.gotalks.vip","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-31","domain_rank":0,"first_seen":"2025-04-30T12:54:04.796058Z","last_seen":"2025-07-07T10:43:41.24449Z","alert_count":0,"request_count":1,"received_data":1109,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"orderimg.xyz","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-03-20","domain_rank":4444812,"first_seen":"2024-05-27T14:38:54Z","last_seen":"2025-09-07T22:46:21.41295Z","alert_count":0,"request_count":24,"received_data":206011,"sent_data":11184,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"amaylf.xyz/customerServer.js","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"acb53e5881de75fcf70350bf8e06f581","sha1":"26fe56a0b24beffc28ffe5103cac4902b4c77068","sha256":"c72e35537d7061c3aeb8fbd98f906ec2695f336c48cf1ffc443ca9b1d2773735","sha512":"bfda1b01afc9bacbb019f993024c119d7127ba5adbdf923caea8c2156b11c749d065ed236819b46224bfb4b38ebcf2144bc51416d77b4a94ab9d7b2ee6fd7e68","ssdeep":"768:YIVy0juMiCj8rMVN5uZyDuVhyOAW2uz+xwN33VdNeHXLVd:hVy0liC4rMVN5uIuzyEz+xgUHbf","tlshash":"b0135c655626057a85b373b89f096608ee21042b9007c5397fbc5ae23ff143d92e1ff9","size":44867,"data":"","first_seen":"2025-10-10T21:40:40.062411Z","last_seen":"2026-01-29T07:12:51.295558Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/js/main.52b703ba.js","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2334f30ec68107a52f6d216c924fffb5","sha1":"f6eefb628707c9de0a2c4ac25b60c97b04dbab5f","sha256":"649e65c615d3853f79b097f24c6e559d65bb5f1a1035bf3ffe031a0d42e0ef28","sha512":"bcd2b0f1439ee6294b23840e064f326653bdb788ba1fd794d3d252c5761671cc7e4df64a6b8a1fb452685d1aa2887769d78bb98cf8d7de01793c2ae87706145e","ssdeep":"24576:6GKlpPT77P6TZzlZ9zvcj395ZH/YUuB9FT+3EbB0iMc:6fR37q9T+3EbB0e","tlshash":"d835f9cd72e2b16c17a6a052c87f984e726d2d44d068c2719f39d5c6f82c918e23bf6d","size":1077031,"data":"","first_seen":"2025-10-10T21:40:40.079657Z","last_seen":"2025-10-10T21:47:29.850106Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/c4/e5833131dd6c9724fed5ac12bc9064.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.593Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/c4/e5833131dd6c9724fed5ac12bc9064.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/a9/dbdb740acdc3dca4704378a672ce2e.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/a9/dbdb740acdc3dca4704378a672ce2e.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17170\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4BAB4B81363573A8C0\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"A9DBDB740ACDC3DCA4704378A672CE2E\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:33 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14595844139193968530\r\nx-oss-storage-class: Standard\r\ncontent-md5: qdvbdArNw9ykcEN4pnLOLg==\r\nx-oss-server-time: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pjzTNQ0QaCjYl0TjjZ3sJTTIlw%2FIPqyenQUB9abiH54LraN6qXHyQHHvn%2F9do3jb5d09aCUZpilQrZ1IGr6Cr1hG%2B21qucMUBA8%3D\"}]}\r\ncf-ray: 98c9464fde0a56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":17170,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"a9dbdb740acdc3dca4704378a672ce2e","sha1":"e8e8455cc7559c217ba946a40d2bb4fc35f3e25d","sha256":"08c4af0e939c1dcdd84c000189513addb9ad8129463e41f6fed830b0c432d61e","sha512":"7352dd10446d456c0da5e616af0c1adfa16f1b2b3e424e0770452eb35054e6c297c1dac5fe47cd5410266157b2b2919d3fcce3a9754632bdd76d19e8cf89ef5d","ssdeep":"384:5g7hCMS8C8FTxxZBEyuuD+GAk0d28WBy7cZLGjYME1qRFHxI:5g7sOF9VEu6ld2B8opGjMqrI","tlshash":"eb72cfedb95bd24deb09e0c5983c3fb71f0494f478660682072b2961ca35e34ba484ee","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-04-19T22:22:01.934413Z","times_seen":36,"resource_available":false,"data":null}},"time_used":1499,"timings":{"blocked":213,"dns":0,"connect":0,"send":0,"wait":1285,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/18/5727aa59c48f21aaf9311fa3da4f06.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/18/5727aa59c48f21aaf9311fa3da4f06.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 44266\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E90F4A94932537313172B9\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"185727AA59C48F21AAF9311FA3DA4F06\"\r\nlast-modified: Tue, 19 Mar 2024 09:43:30 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4102792904998475856\r\nx-oss-storage-class: Standard\r\ncontent-md5: GFcnqlnEjyGq+TEfo9pPBg==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NNj%2BDwi9pNFYCGk2zg9tr89Be7T3oEB9sLGDoGfhxg2oh%2BLhAArlVTnFVfbSRmfo4PhjRZyp%2BI4mqlGE36um8CeeO6ZdI8I8mQs%3D\"}]}\r\ncf-ray: 98c9464fde0e56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44266,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"185727aa59c48f21aaf9311fa3da4f06","sha1":"621397b9f072331fc21f8889e636bda6c5cfd14e","sha256":"8dba0f059c8624b991f9c61bfdc09b668558aec162c23b915bb141001c3886ca","sha512":"cb41432e4e9cda6b42014e3c5f2281da9cec8b0df7aa0f1c7f2032c5e45fcf1720d00e2dc3b1342add1223013eee4217bbd3343ef8fcc39ff2dd6984b3a4e1a7","ssdeep":"768:59Ihig5HeVBiNJanJqLnAex5e+QEYxmBbydwwu7gvLfbmYDJMT2+iiYYX49Y9FTM:56DGqJUqfx5evExyOw2g7ZSiYIKK7","tlshash":"f91302f8d5b191975be911857787b181fa7569a182ce0eb6b0034afcc23338d0e8cb9d","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.965078Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1448,"timings":{"blocked":211,"dns":0,"connect":0,"send":0,"wait":1233,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/media/bs1.ab70cd3363661ea22f2a.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/media/bs1.ab70cd3363661ea22f2a.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/static/css/main.9494e3d8.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y9N%2BVtOOP73IJnCiDm%2Fk9ob1lAxGInKD3VDumxPYxsJ1PdL%2BFCS428lKnv%2BDHh%2BiZHbdepIA7MUMBnq8Dy%2BbMd%2FMiCR7Oj2U\"}]}\r\netag: W/\"4e37f2b1a9ce523cf6ff320e31fd1991\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 98c946480f9f56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5211,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"808af917799927abe5de3f8e69502119","sha1":"a8a154c2978c0a78a033897247826a78c4984578","sha256":"a2590aa5502b581947eaab54f0b44448e4be653d3a41b86b0d64cc7224f6e940","sha512":"7d4950169de3b17a420410de727776a002e5858142b33e7c967577afe2ac2274876a97bd421c3369b781cc2d4d20bd43357eb51658bcf246f96dc663b3d71de2","ssdeep":"96:XXGdIAGgYHQjXWxustJXaq3zWGW8Hz3Mv1ffCgW:XozWBFa2zW38HzcNw","tlshash":"06b11eabba49ac71f20093e8df425078315bc5ef97c68352c290ef3b75358c90d199d5","first_seen":"2024-08-19T22:06:50.077387Z","last_seen":"2026-04-18T17:53:36.507369Z","times_seen":30,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getInfo","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"OPTIONS /api/getInfo HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://amaylf.xyz/\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ORgyAAM13Pwf9q5UnRUpzjyW%2BHiZNv8BeW%2BoIZ0oyh%2BxmlA0i3%2BfNnjbmxL6%2FV7PA0WqgNF7CEZMyc9I9aVqbTvVkobRsQDBZzzRXTh%2FgSMQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: ssid=08454925ef4fe0c3cd1580722ebd395f; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c94649dd815ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":1042,"timings":{"blocked":256,"dns":49,"connect":1,"send":0,"wait":516,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/28/ac37692f2ed7c5720147e7e4c471d1.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.616Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/28/ac37692f2ed7c5720147e7e4c471d1.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/7e/4588e7e7bfca7d44590754a5cfa5f9.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/7e/4588e7e7bfca7d44590754a5cfa5f9.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20731\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4B8B904431386E505F\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"7E4588E7E7BFCA7D44590754A5CFA5F9\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:14 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 5284037013616951375\r\nx-oss-storage-class: Standard\r\ncontent-md5: fkWI5+e/yn1EWQdUpc+l+Q==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b%2BynEj9m1nEuj1Aw05mi5ayIkYJ1BYx4jxyhwKSJ7ct2fHSc486aYvBZ2vj%2BKu%2Frd8rOK%2BtTq1iDM5AmOgnf1bXGmrMuzJiboRM%3D\"}]}\r\ncf-ray: 98c946505e8356b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20731,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"7e4588e7e7bfca7d44590754a5cfa5f9","sha1":"40470fead917ffe463bd75399dd91d02525e3ceb","sha256":"71803dfd09cae87a411b84c6252317ee77871cfd759d8417ff0736e9bc8c2e3e","sha512":"d1d6eee445d96e2a9f3aa2d2f4022b448af7045dc7ae0e0b28ec38d16a5176ff3e6875e18dc1a750e7c6eb65d3d8a7e6e2c382b398c8d79c2eebc4173d66afae","ssdeep":"384:5wMmT4OrQtdCmq5mUKZ/fyBO2ZGMr0Tbf7ADX7Jmgs/GrMb2:5G4OrQtd0Y3CBOo7r0T/ADLfIb2","tlshash":"1492df7261e0e38a010684bd0d7e2d2f0baddd557fe83bee09155001e6d59bb5c3aa6c","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-04-19T22:22:01.93164Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1815,"timings":{"blocked":300,"dns":34,"connect":5,"send":0,"wait":1204,"receive":1,"ssl":265},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/95/d96b1a83af150bfeb05359788c195e.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/95/d96b1a83af150bfeb05359788c195e.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20780\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68DE71EC8B90443433CB54E3\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"95D96B1A83AF150BFEB05359788C195E\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:23 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15790571618520461265\r\nx-oss-storage-class: Standard\r\ncontent-md5: ldlrGoOvFQv+sFNZeIwZXg==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bs6A7DRvvrui1rbDNCLuKqx9mIlGkbfOl87bJqDipp3vN%2FL4EpNvtVIgQfpfANAtfV10viZrbfc74mHdlb6K5KYLstQ%2BJbjFK8w%3D\"}]}\r\ncf-ray: 98c9464fde0c56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20780,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"95d96b1a83af150bfeb05359788c195e","sha1":"96844f4a824bce8e9ca924a490b75fbc1b44d408","sha256":"238638c36b0f1f346d7b112497f79a26108aeeefc2682a5c0d009fd13f183dd5","sha512":"82154eb505971c7f0cc37cede9b7c6acdaa83f6673f8424a31e9398f2178ad17608e9995b43b62f03f91790780a299ac591acc88d06226ffa59c3b75224cb555","ssdeep":"384:5JFrRZQwhhD5kDUZ/0iiT1iexJFWO2dvIzpwojKR48jxXrZYpc8ecz:5J9RZQUl5yT1iIm95wpwoA4AMecz","tlshash":"9f92d0b4f9da47560a630a9f4a6e3e374b051d86bcd7618761dd0c4bdb90ce4b094cec","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-04-19T22:22:01.971783Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1418,"timings":{"blocked":212,"dns":0,"connect":0,"send":0,"wait":1204,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/media/bs2.82e07ad297ce8bcc5744.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/media/bs2.82e07ad297ce8bcc5744.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/static/css/main.9494e3d8.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vc1uhIEqB%2FEATxheUavHU4s%2FAuv4zgRA5wfgX3dU%2FuspQV1j7tOGWBwbkob%2BJDchqumIvZPiRlCPNJUMPQuAAx%2FA5nAFqA3x\"}]}\r\netag: W/\"f873ff5a99ece525f0e90844a5920b92\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 98c946481fab56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3602,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5675f42985a3e8ed59182fb2d475ca67","sha1":"1449bc1629771219fdf80382852aca8ae197a8f3","sha256":"6989ee7d27e7280c12eba510531f7a89908f5914c79bf3db81bbee44c8fc2960","sha512":"7332643f85f640a589e8f0a21395b01cfa422362bc2e1f4f35dd753a876431fd837f6e474e36ffdfdc53d7202e08a6b11e30cf445b6ce75963d27f3e2cc50ce9","ssdeep":"","tlshash":"6b714f69b21fcd36f3c5c2ecda06a074501691d396c2831085e4ff2f3434aca282ebe6","first_seen":"2024-12-07T08:08:32.529905Z","last_seen":"2026-01-16T17:57:52.181237Z","times_seen":10,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-10T21:40:08.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r7cmOB28qygXLVnUBzXTrGQESHluARELlyMf1SKU3XWSLT%2Bd2FxaZPVUcrgrq%2Fq0GH7GpQLYOzXxFFH%2BRaDiXYHZlACyRhE5UrY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncontent-encoding: br\r\ncf-ray: 98c946432c69dfec-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":567,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (567), with no line terminators","md5":"d338f0e3c17ece09d8416069b9ee93e6","sha1":"396d8d62cb435057da33a1f46d94e694f06b61b2","sha256":"dfa3b2087b51ee9e3ccc29cec4c2338c56f93903a0fd4c72e9ae85e6bbfb0cd4","sha512":"332882ec0981eb0e86a2258bdc1e557f084f1625d34edaecb01b5873a6e299808c2711c3798d1df3487551e9a590db410ba1e6c62df594ac37dd9e2a5061f61f","ssdeep":"","tlshash":"14f0eb83c860840d63304779eda1b01cc46ab919a9e2fc00789904bb89e8f99ca6a900","first_seen":"2025-10-10T21:40:40.039034Z","last_seen":"2025-10-10T21:47:29.822306Z","times_seen":2,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":61,"dns":39,"connect":1,"send":0,"wait":195,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getBanner","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"POST /api/getBanner HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nContent-Type: application/json\r\nContent-Length: 16\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PL%2BsY6%2FvMeTliUoT12DP5V7W3eOXDdJrkspuPQGY%2FgsyLme%2F9pKU0Wqi3FI4yhDAFQ2BJoWnONzytoF7yc40ZnwhUc%2F5AUisDsvFr6UCji3%2F\"}]}\r\nset-cookie: ssid=8bea7e54ac8a246261dfb9b1412332d6; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c9464ccb4a5ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6017,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e63efab173b874baa7c2e76fe194f3c0","sha1":"cac68e3f74fae6aebdf77cb04ed47181e5826cbb","sha256":"7ac8e5f9c143d4735fc04e7a01d7d9323a538e4e0c1d3d580b4aa81ae9018778","sha512":"71774b1e3e4e188d6a56cb24500dd945c4572a83e7d0d1f00ea4bd0d04c74c12e7167744e234ca49fb7861d83f466279d5c3b9a90d0cb60358028cc0435de404","ssdeep":"96:ieG6YY797JVupNRpMpRRqprApCp4pNpUzppeYpMp6p3p0pHpaRpcZpypHpHRp4f/:id6r7JcpvpMpzqprApCp4pNpUzppDpMT","tlshash":"20c12cfb1b42f1b556e6a787886731e4fd9931036d08c6a6c2c9bc2ce1952b7022f179","first_seen":"2025-10-10T21:40:40.042061Z","last_seen":"2025-10-10T21:40:40.042061Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/2c/d22c1974c538e1154364b8417c65b4.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.589Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/2c/d22c1974c538e1154364b8417c65b4.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/f2/1db0a35514a4aa7a0159409a8e5659.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/f2/1db0a35514a4aa7a0159409a8e5659.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5003\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4B68F57936313DE9AE\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"F21DB0A35514A4AA7A0159409A8E5659\"\r\nlast-modified: Tue, 19 Mar 2024 09:49:37 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12951282372686717429\r\nx-oss-storage-class: Standard\r\ncontent-md5: 8h2wo1UUpKp6AVlAmo5WWQ==\r\nx-oss-server-time: 5\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GBEfEXFE43qRDPBvYhHnhp7cwikTnFlGi0YS2xOuv%2FUc1c2i7RnT0bpr%2BsBsljou%2FPyCcUdFWqOToTmCNkiRTtZB2ZLDBJog8zs%3D\"}]}\r\ncf-ray: 98c9464fde0756b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":5003,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"f21db0a35514a4aa7a0159409a8e5659","sha1":"2e80a26a2fccf17ac411bcc01291a50f8859b72d","sha256":"c635f04fe7fb9b42b9d5249bdbe3cf822074241bd7c6f7da3a910a4f3a6661b4","sha512":"9da8b67ee2f368ca0b73bf515651cd6671539d7f07877b867f1d541fdfba1dfff011ebdfc63f5b4710c55afa24b718e2cd7151516b8ade1b4703baecc07ef272","ssdeep":"96:5EpzpQF7kY+6ZCeIOhS9g07I8t+Ie0EKKyG2G:52F+7kYP0eIOhSK8tZTEKO2G","tlshash":"0ea10872fbd787845f5b4aae863e2cb7935266c164d4228740338e82e268fb4485b17c","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-01-16T17:57:52.17019Z","times_seen":32,"resource_available":false,"data":null}},"time_used":1695,"timings":{"blocked":217,"dns":41,"connect":1,"send":0,"wait":1246,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/28/ac37692f2ed7c5720147e7e4c471d1.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/28/ac37692f2ed7c5720147e7e4c471d1.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17504\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E90F4AB1E82332384DDEB8\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"28AC37692F2ED7C5720147E7E4C471D1\"\r\nlast-modified: Tue, 19 Mar 2024 09:43:37 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16058421476724933429\r\nx-oss-storage-class: Standard\r\ncontent-md5: KKw3aS8u18VyAUfn5MRx0Q==\r\nx-oss-server-time: 1\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VNd%2BRcqkWe6xg4%2BGTfbB%2F1A651UKjFFaO6RYDlvwf%2BQQhW%2BhYvtaxzlJOnLHHQReMVA7CKIOSiEBN%2BxKGR1usA4JGfN0eCwU3%2FY%3D\"}]}\r\ncf-ray: 98c9464fde1156b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":17504,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"28ac37692f2ed7c5720147e7e4c471d1","sha1":"85b0009252061e7d429fcf5ab646945e4f625f5d","sha256":"53e02d3ce6f22864fd44d3e3e3683340f6311c2cdf1cfce3930e24437bc92a62","sha512":"179d14fb5da4ea9a3ee42edd07178fe793134d16f8120f20aa4d5b05a5df1216f666bbe88df50342ee300c746689e105981a697ba3605d5c4490cd595ec51382","ssdeep":"384:5jeUi33mJEjtiFKTWTCWDHFNDCBXkB8FmgLOz228de+9o:5j036AOKoDHDIkB8ggU4e+G","tlshash":"8872c0549dab9761c647e0bdd2a45c65b9080bf8904c9e3a83a3858cc7c7e9ce60a52e","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.973854Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1426,"timings":{"blocked":211,"dns":0,"connect":0,"send":0,"wait":1214,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/logo2.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:13.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/logo2.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/b2.jpg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/b2.jpg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 297234\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"8821ceb6d1c8e8ea7d703fd93e54b944\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Frum5F4bZO8gQ2SoPrapGu3Otvlscgdkv2ucOXtjr2dE9j6sUxGG4Qtqga0xSgZF100guSVAq%2FKl9KL9NqqbyXKLcojCsaGR\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 98c94647ef8656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":297234,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1074x360, components 3","md5":"82c9f025a22114e80f7a04720ea7cb03","sha1":"45987ba05f7f3ff3b67497d75e0d088bf1424880","sha256":"b2f64a99f5f1ebf518c26a64fcb9921683b49b8cad918b4e6077428540447a00","sha512":"7e79dc8bc7d65ce7a0b9b10258552211c47df1ec4875c1e614b3366534cc88945dff6ef97c55531dbf877ad51ef650dc51fdba77542e69f2b9fe8f0c4af0f420","ssdeep":"6144:SYJY4Z6WBxOI+0A/3ae7YzHMyBtuI5hnliW9hy4Ci8T:SuBxJ23z74LnlBhyBi8T","tlshash":"4b54126dd800a4caedade120eef9799111291f1c55fcbce094161b8cf7d8d8a190adeb","first_seen":"2025-10-10T21:40:40.047214Z","last_seen":"2025-10-10T21:47:29.816549Z","times_seen":2,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/logo3.png","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /logo3.png HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\ncontent-type: image/png\r\ncontent-length: 30352\r\npriority: u=6,i=?0\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"d47092731adcf21a60b208892b1eb59d\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mHk0QaYiS0Z0ulSSrcKnJM%2B4p51Nqv2%2Br5k3wFVuzzHBrDSh2AdRVwi%2BqZN4LWu%2BRmRF9hpg218ajr5KXU%2BccQU458FfXEOVMGChcKTnLu9OPcFR8Fcb%2F0yZCGBY\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncf-ray: 98c9464a89b056be-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30352,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced","md5":"1f99a6af66d6728b7e234bd5ea02db7a","sha1":"45aeffb3a0038008f8f79ea4c733f98fedbc0e68","sha256":"1bf630878782a40c779f85137357c4856b4cf5b5f218ef7ba243316a92dbbd95","sha512":"5dd2bd24bb4dfdd048db91ddf83ae418788bceba34058b1b64ca1d6ca732a5f6502c875c037acc8049f7d8addf632f43ec0769c67ba7bdd00a33bcac5ad553a2","ssdeep":"768:aIxJQ1jssaNCH0EyPT7/N+hNofTdHDpgbQfKa3ovA5d:941jssaNQ0VuWf5jsa3mid","tlshash":"88d2d0838794cb79feb84eb1dd13040101364bf89db3c62b678156aa4b57f2f1e831a9","first_seen":"2023-08-31T16:10:07Z","last_seen":"2025-10-10T21:47:29.820852Z","times_seen":8,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/95/d96b1a83af150bfeb05359788c195e.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.603Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/95/d96b1a83af150bfeb05359788c195e.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/18/5727aa59c48f21aaf9311fa3da4f06.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.610Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/18/5727aa59c48f21aaf9311fa3da4f06.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/65/780b02898034e65f8e9b5facedbf19.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.614Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/65/780b02898034e65f8e9b5facedbf19.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/0c/3138d9a0779f3415b52568e83d10b9.png","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/0c/3138d9a0779f3415b52568e83d10b9.png HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 5742\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4BE613583135270869\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"0C3138D9A0779F3415B52568E83D10B9\"\r\nlast-modified: Tue, 19 Mar 2024 09:43:25 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15871965736330025048\r\nx-oss-storage-class: Standard\r\ncontent-md5: DDE42aB3nzQVtSVo6D0QuQ==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h%2Bi0nO0xCJjCpUffbMjorwGrXjurDMO40p%2Fb4%2F4W3wQDHQbC1GMXX2NOnoHcuKI3rKnLZMVnIpyZS5Fh%2B9FGlIrc3bNzsUxnwlo%3D\"}]}\r\ncf-ray: 98c946502e4e56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":5742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced","md5":"0c3138d9a0779f3415b52568e83d10b9","sha1":"e5079d1071831531f87411271f42677197748952","sha256":"44054af6aba214946be94f47d7aed75c8eb2bc9dd732787e57065a1d64acce82","sha512":"598281cf835af951add258698d9ae85a3883c4a6808bca3a622801547de4e23797f50b64b339ffcec8b25b7144f59e21ba4ec5c79465ae0b93ff4d47e8ec5d59","ssdeep":"96:HGPDTTAWVzkVc3ifZ4T/GMBVoq2DUAnq/wdx8Okt6KkF5bamnGn5lV:HCDTLzjG4THSeYCO8GamQlV","tlshash":"86c19ec823f8b3d85412892d43479e35aeb87a91647251780fb084267679627eb837ef","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-04-05T19:47:10.993332Z","times_seen":39,"resource_available":false,"data":null}},"time_used":1722,"timings":{"blocked":268,"dns":37,"connect":1,"send":0,"wait":1177,"receive":0,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gotalks.vip/api/mobile/getNoRead","fqdn":"www.gotalks.vip","domain":"gotalks.vip","tld":"vip"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gotalks.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 15:22:26 GMT","end":"Tue, 23 Dec 2025 16:21:08 GMT"},"fingerprint":{"sha1":"73:D1:FF:F6:C3:EA:FA:B0:A3:12:D0:F9:16:E3:6E:72:A4:27:05:6D","sha256":"23:07:53:E9:2E:0A:23:72:C1:CB:E8:DB:D1:9B:65:52:1D:6A:95:DF:B9:35:5E:A2:38:52:93:AA:80:1C:97:3A"}}},"request":{"raw":"GET /api/mobile/getNoRead HTTP/1.1\r\nHost: www.gotalks.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 50\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-headers: Authori-zation,Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With, Form-type\r\naccess-control-allow-methods: GET,POST,PATCH,PUT,DELETE,OPTIONS,DELETE\r\naccess-control-max-age: 1728000\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Server\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rpf7uOb8ORdURwaT28n6BatyhttqNXdVLuw85sK2LZklaALKy3j64T1plmqUpIoUHoTtfnnZGCd5qBptnG7l85WfHtu5q2Y2UvzUQggUtw%3D%3D\"}]}\r\nset-cookie: PHPSESSID=45f29d5bf0126f51c3b213f6ea97a02e; Path=/\r\ncf-ray: 98c94650df934e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":30,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"131bfd355200e3d2dc1a3e6249c19d18","sha1":"acf8885724aa82e0bb4ec64b7f7dfe0e261aea83","sha256":"6c22da2c781072803794a01f4d00d50d1bb7234d007a10dbbd3457dc00671a55","sha512":"935b93834e184899ed876d87ed01a4ae1c9d2865fc1193d2787f92d342f79a06cf3c30196a83fe3a6f131af01d9a0b7dce860a3c394c87cd8a9e3ff131d01c66","ssdeep":"","tlshash":"2280000a2c088a030aa008e8022202a82aa2ba80020a0be000cc00320a28af0b00832c","first_seen":"2024-05-28T08:09:32Z","last_seen":"2025-12-23T09:28:21.587602Z","times_seen":11,"resource_available":false,"data":null}},"time_used":678,"timings":{"blocked":0,"dns":43,"connect":1,"send":0,"wait":316,"receive":0,"ssl":318},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/usdt.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/usdt.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/logoe.png","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/logoe.png HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/png\r\ncontent-length: 4145\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"df5b1f1e012ce5ab77877f8ff38a411a\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=81qY%2B3AbaOrbKM0Nz5YjX7t2P30gp42Qm9qvBieIbbHFLZ2rjwvDVm2plEw8Lch99zwWrLRCWv6GS%2Fw%2FKxrWCUQmnRahH3aN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 98c94647ef7b56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 390 x 50, 8-bit/color RGBA, non-interlaced","md5":"428b83668eb20e1e3b3a3ab727498fea","sha1":"4922a7c53f81adb9fc3378b9e25f10ad33dd96d6","sha256":"72fb84771b386b7eacd06bd44fd86ab8912b417e386a8b01b8074f670ab2c077","sha512":"b2f01ef15725630666b80ccbb449bbd3767a19f4810e6dae281479e8c71edb1d271357e053aa0f3a8259cafde61667c0e7a1599171f92cd68e38086e22f42922","ssdeep":"96:qS0MdARYBFZ8ld9TTY5r7bZXeWlu6PzxJhIgouJ2Oe43QswqqPL5N:qSrARuZ6Bk5r7bZOWtlcgn2OnVwPL","tlshash":"f7816ddbbc769ee85d5b64602bd6bfb7ca32587e0810159ce14bb24ac3ab4623c84417","first_seen":"2025-10-10T21:40:40.055601Z","last_seen":"2025-10-10T21:47:29.823338Z","times_seen":2,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/usdt.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/usdt.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncf-cache-status: REVALIDATED\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: W/\"08e0dd70ca23fc1579d1ef404757b7ea\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=BljmmBizLtE8IIcmD6s38aIZ7QFyGLgCS0UIVmXM47Cxmgebtt%2FqgQDFxkuS45kgG%2B1D3NufZS4%2F%2FoCGi8tNFVXRHfaZSxb3o2H7keElQyxMMPL8o7JLYvO%2B5EEI\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 98c94647ef7e56be-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5645,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ce4990f07daab2f9f15e1871d56ae9d4","sha1":"cd6bd0075e0c772cb78512655b724157f20fb5ee","sha256":"7b57ccde41e9a812d371869eb6f447ca99b30585c813e0af45047db627be5215","sha512":"eff79689129660bcdd02103c12a156e6a7a02fb5472703792fe12a9862ada6242c60b65913f742c358916a7cf32aed27b4002925368e2678311d084b4d3b8dd0","ssdeep":"96:cI7T3xvlCFEwBzVYrKyzIw9sAaWhvKd9c8HS9vkFiR7SA4/c3dnG6vTxcKdiyrG1:5TpZH1p51Kd9c8HS9F7SA4E/KK9Spz","tlshash":"3bc16bb2f334390f86a4c22da95de6f86b1c654f0db442bcd8397a0f2915790296a06a","first_seen":"2024-12-07T08:08:32.525321Z","last_seen":"2026-04-18T17:53:36.510765Z","times_seen":25,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getService","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"POST /api/getService HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nContent-Type: application/json\r\nContent-Length: 16\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tAMO4VLy4fVV%2FA7HLQ%2F%2FortXBnZBCrp9YNtqoQkzcL0qYfTZHw%2FwdRAbAbngSrmpgMASGRgxtATaatTF3%2BfniLlk3irflNgKvl4SoGofuRWd\"}]}\r\nset-cookie: ssid=3c8caeae527750277e1b7c084686ec3a; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c9464d0bbd5ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"dd8b37d43dae0697af796c72d986035e","sha1":"bad22aebca2fc2c2581755f9059d188a1d378662","sha256":"4f5b53145ba8dd195def9558ed6ff8de05adcaf99ce9673121ec047464a1f7a1","sha512":"f97e51cd1f09cc1923223891c2d585451aa8cf9f0babfe265ae6296e3c304e9490106771b9461223dc42ff986585e72eb84c330534b92296405da2d4868c3a15","ssdeep":"","tlshash":"37900208152e665709d28984184e1101946635041c708594595de56469680e12266566","first_seen":"2023-05-14T17:28:54Z","last_seen":"2025-12-23T09:28:21.586614Z","times_seen":25,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/a9/dbdb740acdc3dca4704378a672ce2e.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.601Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/a9/dbdb740acdc3dca4704378a672ce2e.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/df/dbb8c99870fe42733780b07ef87440.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/df/dbb8c99870fe42733780b07ef87440.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12539\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4B7942363437F05562\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"DFDBB8C99870FE42733780B07EF87440\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:56 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1441199277166941356\r\nx-oss-storage-class: Standard\r\ncontent-md5: 39u4yZhw/kJzN4Cwfvh0QA==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6badFE%2BTRbVSEx2dfHEIIguOqsv%2Filgm86I4Qqbed%2BBP73AwyTKOdZBATVXfb5jcE4C0QL%2FAEAm3Y4TQxuJiGUtS%2BrFiJ3PDPKc%3D\"}]}\r\ncf-ray: 98c9464fee1956b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":12539,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"dfdbb8c99870fe42733780b07ef87440","sha1":"5eee3b6a59788614c7a6a4930f7528450c247db3","sha256":"01bb7860d796cdce45c62a53295092a39adf1fc4c59aa36f30a65beb12a39e68","sha512":"ad67e3d89e4e897d6a56df4aecc7da19219219edacc338d3e43436a6087e26550d14218d5a45ff565676e16fb9753fcd8ae8b1e596e14e44744888082ebdd22f","ssdeep":"384:5jNKs8HQflavir4/84adz9SRMnUDGFowNj+fpRQk:5v8HQfla44k4Iz9EMv+f7","tlshash":"e442aeeee7ded6909f071da6b15c34ba04996ac185e893331e43c944d705fdc69084fd","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.963374Z","times_seen":36,"resource_available":false,"data":null}},"time_used":1673,"timings":{"blocked":223,"dns":37,"connect":5,"send":0,"wait":1212,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/customerServer.js","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /customerServer.js HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rV2D9kbgYMpFHB3mRQ02em0X872aEJkeeGa3C4KLi0GrvKgIjOqupeJAjve3qquKpk0nCPZ68bFDL1jR66xlMsklepN0FboT\"}]}\r\netag: W/\"694cdef9d40d01a2201d3d4ada81f586\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\ncf-ray: 98c946457d2d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44885,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (13321), with CRLF line terminators","md5":"acb53e5881de75fcf70350bf8e06f581","sha1":"26fe56a0b24beffc28ffe5103cac4902b4c77068","sha256":"c72e35537d7061c3aeb8fbd98f906ec2695f336c48cf1ffc443ca9b1d2773735","sha512":"bfda1b01afc9bacbb019f993024c119d7127ba5adbdf923caea8c2156b11c749d065ed236819b46224bfb4b38ebcf2144bc51416d77b4a94ab9d7b2ee6fd7e68","ssdeep":"768:YIVy0juMiCj8rMVN5uZyDuVhyOAW2uz+xwN33VdNeHXLVd:hVy0liC4rMVN5uIuzyEz+xgUHbf","tlshash":"b0135c655626057a85b373b89f096608ee21042b9007c5397fbc5ae23ff143d92e1ff9","first_seen":"2025-10-10T21:40:40.062411Z","last_seen":"2026-01-29T07:12:51.295558Z","times_seen":14,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/b2.jpg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/b2.jpg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/media/bs3.a24a5f885abab975d154.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/media/bs3.a24a5f885abab975d154.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/static/css/main.9494e3d8.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PYLtPz2YVReM7P9qb8QYZ2RwRhc7gjkZD7d5iEOvKgLaSOSZhF0CBF0Xbxl2j5tr%2BOM1pFjuEs2qnOlV68lTUzSh6KMRxYjR\"}]}\r\netag: W/\"c9f64721e27afc898f6c536fa61387b9\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 98c946481faf56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6086,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f49e7209c39aab1fd90e180bc7dc63b6","sha1":"234a4ffb81c39c65084fd79d38b2430e9c1e994e","sha256":"7db600984b8daa78fe001bd7fc295d826cae52bc5976324e5fb06b88c8d65aa0","sha512":"b56a41b5672b639686730ab896f5f03adb3628fcce17db97f42e3d31154d75581629149b8942778ab634c970a318ce2ed29a072a42d747ea2e3a8d989728dd33","ssdeep":"96:9piUzAGLAhL6X5X+OEnWJHE4sDJMMN8wNekZPBoiW:9pisATQtHJHE4sDDO","tlshash":"10c153dd635a8bf6e581d2d9ea0350e4011db1f799c086b4d3d8be2f38184d96d2eaf0","first_seen":"2024-12-10T06:34:17.010896Z","last_seen":"2026-04-18T17:53:36.51142Z","times_seen":11,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/7e/4588e7e7bfca7d44590754a5cfa5f9.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.595Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/7e/4588e7e7bfca7d44590754a5cfa5f9.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/2c/d22c1974c538e1154364b8417c65b4.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/2c/d22c1974c538e1154364b8417c65b4.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10045\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E90F491DD81232378962B9\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"2CD22C1974C538E1154364B8417C65B4\"\r\nlast-modified: Tue, 19 Mar 2024 09:43:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13391669951936528408\r\nx-oss-storage-class: Standard\r\ncontent-md5: LNIsGXTFOOEVQ2S4QXxltA==\r\nx-oss-server-time: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ruw%2B1GKNJJnI4dCmIZTRIyeGw4AZikpdDQrOBMg0s9qYrM%2BXbN%2Fj9B5WTZjHVHQCdQrfb2z0p9L2w14zCcZ9HwMT5z7UAu6r6GU%3D\"}]}\r\ncf-ray: 98c946500e3f56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":10045,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"2cd22c1974c538e1154364b8417c65b4","sha1":"79cbc7eea740a0e01716d77851914a9a5c4818f2","sha256":"d62f3f0f39a46b0b0fbb02e972349309ad436febe9b5188d3a5432cd475299c6","sha512":"4b67d04c8f6aa2dc5f0ba61880d93ef46d4fe9ac7fc062476eed63cd1c62e8a8cfd48e3d93c6820b380dc48d9e23a148b62e103df8edfc86c03e19faa018d90b","ssdeep":"192:5Vqo+FTyfcv+zSRjJ8WYuuhu3vZC6cvwTuP9mDZExXdrvjn7T:5OBFv+zKBuhu3v86c4TuuZEv3n7T","tlshash":"43229ea8f3d3d3952fa71525ac0db9159a0ca6d135aca74393330020c92cff867563f9","first_seen":"2024-05-23T15:13:56Z","last_seen":"2026-04-19T22:22:01.950204Z","times_seen":35,"resource_available":false,"data":null}},"time_used":1703,"timings":{"blocked":251,"dns":32,"connect":5,"send":0,"wait":1194,"receive":1,"ssl":218},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/c4/e5833131dd6c9724fed5ac12bc9064.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/c4/e5833131dd6c9724fed5ac12bc9064.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9625\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68DE71ECC78BAF3633E73405\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"C4E5833131DD6C9724FED5AC12BC9064\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18315440385825660515\r\nx-oss-storage-class: Standard\r\ncontent-md5: xOWDMTHdbJck/tWsEryQZA==\r\nx-oss-server-time: 4\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z3m0Q%2BPYByTNE8lEeN6ov1EIyAt6YVeqi3CDRuOyzBQtiMwIWleELjoFdDDIcHvvpaOX%2FAAHm7oLK%2FcqpHYxDibBDjau0yEscvU%3D\"}]}\r\ncf-ray: 98c946507ea556b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":9625,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"c4e5833131dd6c9724fed5ac12bc9064","sha1":"143be2714b7262091167415e947d2aa5eee90c70","sha256":"b05b224958fdc56738858c54663884c732525cdfc7f18654245dbd8aaea8ea89","sha512":"940ab893c3546ebb811d455aa769561c345d7b3f4c7c6f0f333db2f3be0b1e1569eabd64f13965393aa38ce4da416571299ba27ebada5f16ad319f5810611031","ssdeep":"192:5/L+yC6n267ZfgY6dGUtDZK30SL3fbDka5r49YtQsJ7dofTwL:5TDC6n57Rg9dD030c3Ua4eJ7cTU","tlshash":"c1129d31f3438e624b17916f107c3cb7a21583c630f02187aa676e64d1e8fb650a257c","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.970553Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1795,"timings":{"blocked":320,"dns":33,"connect":5,"send":0,"wait":1146,"receive":1,"ssl":285},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/f4/6c74fcc64d65fac1dcad53c485ff06.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/f4/6c74fcc64d65fac1dcad53c485ff06.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20422\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E90F4A1DD8123038E063B9\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"F46C74FCC64D65FAC1DCAD53C485FF06\"\r\nlast-modified: Tue, 19 Mar 2024 09:49:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1036587870189144025\r\nx-oss-storage-class: Standard\r\ncontent-md5: 9Gx0/MZNZfrB3K1TxIX/Bg==\r\nx-oss-server-time: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rC6kA6EZgvy83BWWTKW5MyvDem7kyDWLMu5npQGC12v1%2Bu3lUd9BXMm3nSOtwW49jG3e0krxr6oFP5B2Iv%2FR%2Bj%2BUOHTkYwFSOrw%3D\"}]}\r\ncf-ray: 98c9464fde0d56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":20422,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"f46c74fcc64d65fac1dcad53c485ff06","sha1":"6d1c09d969a0adc9d8c27898ffef6b1ff5869c47","sha256":"8c1678a97a48eb23a051a644cbe266c5d26f4abe996202191d8b1c835471225f","sha512":"926256a037aacd140f4ba36ea84a12fe45dbec3eaaec3eef419aed28caa8939b2dbe3874a9121d363c1f2d8cfec7dc5968584efce64383f469baf7055e8e12e1","ssdeep":"384:51J8PB2FwlH5HMFNoOdpfUPtHiBp+UFYp/dPytn6Y2:51J85h7anCP9iB8UFyMtj2","tlshash":"bc92d0cf7c43e36546eaf099855d8db6d82121541b7dba0732bb3480fa6148ebf0d66c","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.93688Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1431,"timings":{"blocked":212,"dns":0,"connect":0,"send":0,"wait":1218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/js/main.52b703ba.js","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/js/main.52b703ba.js HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ov3itaq17yh7nmKUH1pbhI6HjMcg8941nRJqqh7qBEEO7IzR4PIPdDNgYiS%2Fxf3CbFip1wqV7aJsedyQvIbMXlkZF0zBJ%2Bcn\"}]}\r\netag: W/\"5adcb4524ec00eb9e34a65590c52cff6\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncf-ray: 98c946457d3056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1077031,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"d47d789ebb7917edd90789fe683eb9f4","sha1":"e03a4ce29d4b6fc8a554ea63075d4d8157385569","sha256":"5cc2c621347afb67439aaf8f2367b9d8a6e513d8e79fde8a3160109cfc6326b8","sha512":"a58aab1c1b07a78ae66f001bf89d69cdc7058b9d0958e8eeb2470100ad66b04a62fe5c6b278935b93de9292f0d3487af3a17527745aa3028f9db0fac2fda194a","ssdeep":"24576:6GKlpPT77P6TZzlZ9zvcj395ZH/YUuB9FT+3EbB0iMD:6fR37q9T+3EbB0d","tlshash":"702509cd72e2b16c17a6a152887f984eb26d2d44d06dc170ab39d5c5b82c90ce23ff6d","first_seen":"2025-10-10T21:40:40.068443Z","last_seen":"2025-10-10T21:47:29.832867Z","times_seen":2,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/b1.jpg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/b1.jpg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 245557\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"bdb95f9379e9eebacf204a1bb72f996d\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FhsRTqRH%2BpseHxf%2F53QOGtdcPH6Nsl1oRJDNVLF9TI3osWw8FR0jfexw%2Bma9EYofWrqYdvS8zoNdkmPf4VEhLU0r28ZtwcVl%2FF4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 98c94647ef7f56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":245557,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1074x360, components 3","md5":"7ee263ef2ae34e6a454afa27e3a61344","sha1":"9b25fbb6510c0f20374d7cb3b1222a58ee36f250","sha256":"8926b15786b32f8dc488b0845caf41ffa821dfe2538f5e26f8d9365851afb876","sha512":"aa25a8a31548e975d8d73e109bac7f692b9c849ca564c193560bf0741b65abea325e0c553104abb773e81999f0c01da10b720a14fe85c46dd0aa4d9f94454803","ssdeep":"6144:DLgnJhhCOAF4wqja0PR9OSKsiRwYwbCXMSt5x7rWZ:DLMJhhC6wqpR9OSt4wu8Gx7ru","tlshash":"9a3412a8f517936c931f8686027cbe3323a05f79a1ecb55b04a17c90b3ce77a594726c","first_seen":"2025-10-10T21:40:40.070899Z","last_seen":"2025-10-10T21:47:29.833888Z","times_seen":2,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getInfo","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"POST /api/getInfo HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nContent-Type: application/json\r\nContent-Length: 16\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yJJB9%2B1cmcYAhcSTCExpRhz3kDYyhKGfo4yiOzfBQ2m6AYIiyqxQTQv%2BnIYxSEuGCOJTG3gCkChiokf8g%2BYkTaWtZ9ZGzV2wuIYuhrC18aFX\"}]}\r\nset-cookie: ssid=479b6a1551fccbdf3f51727d711776e7; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c9464d2c1c5ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"dd8b37d43dae0697af796c72d986035e","sha1":"bad22aebca2fc2c2581755f9059d188a1d378662","sha256":"4f5b53145ba8dd195def9558ed6ff8de05adcaf99ce9673121ec047464a1f7a1","sha512":"f97e51cd1f09cc1923223891c2d585451aa8cf9f0babfe265ae6296e3c304e9490106771b9461223dc42ff986585e72eb84c330534b92296405da2d4868c3a15","ssdeep":"","tlshash":"37900208152e665709d28984184e1101946635041c708594595de56469680e12266566","first_seen":"2023-05-14T17:28:54Z","last_seen":"2025-12-23T09:28:21.586614Z","times_seen":25,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/65/780b02898034e65f8e9b5facedbf19.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"172.67.209.202","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"orderimg.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 08:48:46 GMT","end":"Sat, 13 Dec 2025 09:42:28 GMT"},"fingerprint":{"sha1":"78:E9:50:AF:82:17:E0:3F:B9:D4:9C:F4:0E:F9:E9:61:C4:12:FA:3A","sha256":"68:9C:00:95:54:AA:07:EC:0B:A5:B7:CE:77:9D:8A:5A:40:85:96:45:5F:01:9E:42:6E:F3:2D:01:6E:0D:42:8C"}}},"request":{"raw":"GET /zoom/upload/65/780b02898034e65f8e9b5facedbf19.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11351\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-oss-request-id: 68E7BA4BAFAD5B38388B4FD3\r\nvary: Origin, accept-encoding\r\naccept-ranges: bytes\r\netag: \"65780B02898034E65F8E9B5FACEDBF19\"\r\nlast-modified: Tue, 19 Mar 2024 09:44:03 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 9275325536496297747\r\nx-oss-storage-class: Standard\r\ncontent-md5: ZXgLAomANOZfjptfrO2/GQ==\r\nx-oss-server-time: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aiRFEREFovhMU7EP80XbtJJXfwgR1E%2BuWz0k8Ll1hCQ4YW8VGFVPRpedCbAMNnliSfc6K%2BlxGkNAZM38Be70Ij7fB9c%2Fx6DcjVg%3D\"}]}\r\ncf-ray: 98c9464fde0f56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11351,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, components 3","md5":"65780b02898034e65f8e9b5facedbf19","sha1":"3c1ebc53792771f9df02628e5444cfc0c5b86626","sha256":"52ec58c6b8eb247546e298a60cd68f0b04de9166b4a5b8692225a7eae7044fff","sha512":"0047038fea6d3c235f3390745e66343858ffb3de5860d6f4302ac9b69455582a97f123249308d52ea1e2b6bb5c60b48570c19b5714cf81bc157bf9f3fddffd1c","ssdeep":"192:5hGoBHCOA3Vt8BMkiIWHKd4ruqiBVYIEyW2A+5hEsWsofWQTeo7QhHUUtVaG:5hSVtCMki2tVjE2A5nFpQhHUuX","tlshash":"e632af36e689f7154ec70e5b3a3c5fb7e7dc49da6874228f224b9820c24962d0606b6c","first_seen":"2024-05-23T15:13:57Z","last_seen":"2026-04-19T22:22:01.972782Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1451,"timings":{"blocked":211,"dns":0,"connect":0,"send":0,"wait":1239,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/media/background.3fdc401688f4a953a0e7.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:13.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/media/background.3fdc401688f4a953a0e7.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/static/css/main.9494e3d8.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:13 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zL3UJkAMPq1QcPJ9yCw8Ht5F0uKtj9QbgG5UpJtTzwpAxZc2xhw3F315I%2Bli0ZGDQssaTAbXY%2FKxzG%2BCJd13N8J%2B8WbnrKPDmfw%3D\"}]}\r\netag: W/\"e6af11fee58d8eac02ec3525ded741e6\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 98c9465e3ce056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12722,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"eed7bbda45a85b4ea906c3a8a5c5819e","sha1":"5799e6c3720b86612688500e16ec3053dbc3a7f7","sha256":"2c8cb2ac64130b2987083369b29fcbe537c66831fcb3ab35ea7a155eacef12a7","sha512":"15cfe0f6520d6ecb4ad7650a8d142285c6ede252f271e78175bc54765be8db2e1b2905c5191e66a99f297ac5337318a4b35059e98d4b813c892809d9d28a3632","ssdeep":"384:0H2rhogaMlbRgMOaCH/87LX8Iix3dak/ax1a/ax1+Yzh:rbRhiHUfJTnHn+G","tlshash":"1f42c6cc1f35a5d085c89bdeff1a6459ed6b91e98bcc5dd1d01c6e0a418287eac1bcc2","first_seen":"2025-10-10T21:40:40.074257Z","last_seen":"2025-10-10T21:47:29.849166Z","times_seen":2,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/logoe.png","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/logoe.png HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getService","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"OPTIONS /api/getService HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://amaylf.xyz/\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v7kE%2BVvNhGJPwDtuctSrpgBvvEAvZOHwtYtD8%2FfHYMVSv4ZTSOF6PBNkC1bl6QMhW8kEo8B1S%2BYRFwdIU669f%2F8u118Yvo1Y4pJ%2F3KOpTDh6\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: ssid=7f06d3f36601ad908cd8664fa1e70646; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c94649eda45ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":1015,"timings":{"blocked":263,"dns":49,"connect":4,"send":0,"wait":468,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/df/dbb8c99870fe42733780b07ef87440.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.599Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/df/dbb8c99870fe42733780b07ef87440.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/f4/6c74fcc64d65fac1dcad53c485ff06.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.605Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/f4/6c74fcc64d65fac1dcad53c485ff06.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/logo2.svg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:13.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/logo2.svg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:13 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tAT8UCdCZ1JyutdyxPwwxb5%2BW9ogmFe4KrAnXWRkz%2BaK5So8SUL1B9twLQMMHcob5cEPBB9hfi3DLOzSP%2BPtn6lrPiungqWs6pQ%3D\"}]}\r\netag: W/\"28766a7d6224ee1ef6a3b021df38fed6\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 98c9465e2ccb56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2005,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f3d0934bb3ead546c2c5ec91cc806d3c","sha1":"db0b92789cbd7053362fa98e92459fa24ed654d9","sha256":"35d815a32225a5bf41b2a3254df4c77d1e9b73f2d8a245a0d4a8ac6f3026573f","sha512":"fc84406d056de9b18c1fb1f48eda76cc943186949541d5f29c6b7fd30a0781cd22dc7e8c3923aee662afebbe8f7858165c0d23fb15e08a1c1246b8d23bd9f37f","ssdeep":"","tlshash":"b8418359722ec939f068e2fcca266438b85310d5e2818101e0d2bf1e642869f097cefb","first_seen":"2025-07-07T10:43:45.163087Z","last_seen":"2026-04-05T04:40:03.120649Z","times_seen":4,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/static/css/main.9494e3d8.css","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /static/css/main.9494e3d8.css HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 21:40:09 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BoBU2EbPLhV1fR%2Fy8iw4c1P0gN910ktQrHdGqfYYREnEY1E74gMpzqDSNeFVT6uCvrG4k4fAkWRrNKFZxGyqTG%2BP0wtt4%2FO245s%3D\"}]}\r\netag: W/\"f98a8d5297a4c124e4f5867219bcbdf1\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\ncf-ray: 98c946457d3156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68799,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4be25419d9c330a12963754cfe7f3cd8","sha1":"adad013ee1f81f5c75cd6fb8f1c685993a7b4667","sha256":"be492c51b6919085cacf381594836d604dacdbdf26287d04284fea77f6a6804d","sha512":"a9be3f9c4055d525b6b7750684730cd5e1a144bbf1901e971fb0fcfd6461fcd68ecc5e66084913cd9aef2163550ae9f58ee6a7efe27a5a0e17771527f83fca5a","ssdeep":"768:bwd9Y//xGYIbP2THjN8Ww7hewq1ZEWNPXbK:b7/FIbP2TqWwMwYqcm","tlshash":"9263e8727a31a13dbc3bd7776a945bdc9000d490d6935ba9fa01b2b185cbaf70973708","first_seen":"2025-10-10T21:40:40.077391Z","last_seen":"2025-10-10T21:47:29.844992Z","times_seen":2,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amaylf.xyz/assets/index/b1.jpg","fqdn":"amaylf.xyz","domain":"amaylf.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amaylf.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Oct 2025 03:53:35 GMT","end":"Fri, 02 Jan 2026 04:53:30 GMT"},"fingerprint":{"sha1":"09:87:42:90:D3:DA:72:45:E0:96:82:5C:55:FD:98:48:22:FE:D4:88","sha256":"D5:B4:6B:A7:C7:A6:09:42:10:CE:37:7F:60:41:44:BA:91:E0:FA:3C:81:E8:B3:16:F4:2A:74:8B:96:2B:C8:38"}}},"request":{"raw":"GET /assets/index/b1.jpg HTTP/1.1\r\nHost: amaylf.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"amaylf.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tksaasapi.com/api/getBanner","fqdn":"www.tksaasapi.com","domain":"tksaasapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:09.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tksaasapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 17:53:49 GMT","end":"Sat, 27 Dec 2025 18:51:29 GMT"},"fingerprint":{"sha1":"23:BD:72:7B:29:C0:60:A9:6F:03:CD:13:2C:95:9C:1D:F5:5D:CC:10","sha256":"6E:DA:22:C5:F0:61:80:89:46:A5:D4:F8:2E:E2:04:F4:E0:E4:5C:6E:F4:28:E8:C2:3F:21:25:AF:25:3D:CC:A0"}}},"request":{"raw":"OPTIONS /api/getBanner HTTP/1.1\r\nHost: www.tksaasapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://amaylf.xyz/\r\nOrigin: https://amaylf.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 10 Oct 2025 21:40:10 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amaylf.xyz\r\naccess-control-allow-methods: GET,PUT,POST,PATCH,DELETE\r\naccess-control-allow-headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With,Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: Api-Type,Api-Name,Api-Uuid,Jwt-Token,Api-Token,User-Form-Token,User-Token,Token\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ZNzlOSG7MiCOA4jH2Lua6Y%2BRIa9CjFYK7J8nibwLT4EGuSNK5EKxNBk6Wl%2Bvmk7X%2BipsEppwR0RwlD0WPYpKkYqqOpkSU1mBGU4PT5Cprfy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: ssid=9e28f07f37993a58c27c579b1b1f8bf1; HttpOnly; SameSite=None; Secure; Path=/\nlang=en-us; HttpOnly; SameSite=None; Secure; Path=/\r\ncf-ray: 98c94649cd655ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":985,"timings":{"blocked":247,"dns":43,"connect":4,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/0c/3138d9a0779f3415b52568e83d10b9.png","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.583Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/0c/3138d9a0779f3415b52568e83d10b9.png HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"orderimg.xyz/zoom/upload/f2/1db0a35514a4aa7a0159409a8e5659.jpg","fqdn":"orderimg.xyz","domain":"orderimg.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amaylf.xyz/","date":"2025-10-10T21:40:10.587Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /zoom/upload/f2/1db0a35514a4aa7a0159409a8e5659.jpg HTTP/1.1\r\nHost: orderimg.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amaylf.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}