{"report_id":"30551474-f576-4539-827b-ac1b98457b15","version":6,"status":"done","tags":[],"date":"2026-04-12T09:23:46Z","url":{"schema":"http","addr":"www.yl021.com/","fqdn":"www.yl021.com","domain":"yl021.com","tld":"com"},"ip":{"addr":"38.147.172.152","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"hg00682.com/","fqdn":"hg00682.com","domain":"hg00682.com","tld":"com"},"title":"Access Denied","dom":{"size":18123,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14642)","md5":"20eeda51245a3e5f22d0a61bece7260e","sha1":"c6dc4d5ebdd9477bfd10e432e5d044348513f928","sha256":"16b5859fd983205ea973fa1440bf40922d2ae9edb18f96e4aefa97897ad45fe7","sha512":"c603813473fcc35cc8b0146e2ed6104bdbc464b572f84d1396d2173eac1c7a8f15ee7456a87ba1db0eb87f12353f097c4e665cf9f8e42cddc7a85877d9375667","ssdeep":"384:G01yEcrv7rdJa+F3kIs3pdD0q/rx0E2wk2mpU/:uv7r9F43nD0Qrx0ELmpo","tlshash":"6182af6e45d82638ff2a04741176abc67570c28248edb4dcf92ec3846f6f64d4ca3659","dom_hash":"domhash06594ee2be045dcf13b306e202221393","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.yl021.com/","fqdn":"www.yl021.com","domain":"yl021.com","tld":"com"},"ip":{"addr":"38.147.172.152","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-17T09:23:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"www.yl021.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.yl021.com","ip":{"addr":"38.147.172.152","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"domain_registered":"2025-06-17","domain_rank":0,"first_seen":"2025-08-13T12:40:11.364975Z","last_seen":"2025-08-13T12:40:11.364975Z","alert_count":1,"request_count":1,"received_data":618,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hg00682.com","ip":{"addr":"45.200.75.202","port":443,"asn":133847,"as":"Anpple Tech Enterprise","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-02-02","domain_rank":0,"first_seen":"2026-02-08T15:36:30.62668Z","last_seen":"2026-04-08T10:06:14.384593Z","alert_count":0,"request_count":2,"received_data":36686,"sent_data":942,"comment":"","tags":null,"fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cfoos.inodeninja.net","ip":{"addr":"52.84.50.100","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-03-23","domain_rank":0,"first_seen":"2023-08-18T06:59:53Z","last_seen":"2026-04-09T05:42:36.062266Z","alert_count":0,"request_count":1,"received_data":5326,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"ipapi.co","ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-04-08T15:54:12.890284Z","alert_count":0,"request_count":1,"received_data":2496,"sent_data":423,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.yl021.com/","fqdn":"www.yl021.com","domain":"yl021.com","tld":"com"},"ip":{"addr":"38.147.172.152","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"495284d37c979d5af539f4fd9d75da73","sha1":"b0e09c4992bddfded1db4288f30a7c1782d0d83e","sha256":"3a5c2b9eb39195cf16665f692263405bc7fdbe040c9dba6af314e783e349bf77","sha512":"d92233b5806f7e778fe5b932aa0b02b667e7b1fb4871c53a89b23fb8beb1dab693855299089824e1b20701c3ca3b8caafe67bc568d0bbaf371bf767651b753c5","ssdeep":"","tlshash":"e7e092c3209847460fd5a1f2abd2725d602b00ef194ce08be062979029f470f113a9e5","size":351,"data":"","first_seen":"2026-03-11T11:01:39.520414Z","last_seen":"2026-04-12T09:23:48.064392Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg00682.com/","fqdn":"hg00682.com","domain":"hg00682.com","tld":"com"},"ip":{"addr":"45.200.75.202","port":443,"asn":133847,"as":"Anpple Tech Enterprise","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"1f47332d69b709c01e990f3057a63fca","sha1":"135923412072c9a47f9a2e9b79b63141c91aa30d","sha256":"b8330566b6fb1dff901cb2e3563020aa2b82c41fcea125110cf7c5c4c8cae669","sha512":"d6e632e9838712ea8a1fddf5f34bdae2e72cdf1a95bb3013f1edb0399dfb5710bab4f6b8dd2d46aa4b33f42d741f61d7f796e6abe69f3eeeb9eb8ba65589c5b3","ssdeep":"","tlshash":"0ad095dbfb4a0c14145770675767824c3c2150135c005441c84c5d508c71f3bcd07fd8","size":252,"data":"","first_seen":"2024-09-28T07:22:00.684043Z","last_seen":"2026-04-12T09:23:48.065183Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cfoos.inodeninja.net/apeiro8/edge/html/prod/deny/deny-errorpage.js","fqdn":"cfoos.inodeninja.net","domain":"inodeninja.net","tld":"net"},"ip":{"addr":"52.84.50.100","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"07f9867e9b356623ab0668e2f977dd35","sha1":"fa131b0c86885916fe68b0b76ca5091205566d1e","sha256":"052d30b9bb59b34d36d962dbe20c98f3fbfdf19b8196c6c2007211557fd8cef9","sha512":"848dfbf4ed058990e52b39721a16f0338d5c1fc062a7eb3f0446d7dabd3ec361d7d996c09a1773a5bc5325af583f5f0347d516204d026bee2006fe2cf89f4ba0","ssdeep":"48:fTLF9YUNMBvOnBmPdIUN8xPe3B2SdAlL9IUN8xPe3B2SB0x3IUN8xPe3B2SXAVLs:bJp/8P5/8SdAlV/8SB0p/8SXAVV/8l","tlshash":"19a1d67b7bae04705fdf76bb5268a3897c9084133d03e4197d9d1a64dfd0b81a0baad0","size":4829,"data":"","first_seen":"2023-05-19T01:48:00Z","last_seen":"2026-04-12T09:26:33.073367Z","times_seen":424,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.yl021.com/","fqdn":"www.yl021.com","domain":"yl021.com","tld":"com"},"ip":{"addr":"38.147.172.152","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T09:23:23.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bet111.tv","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Mar 2026 11:38:00 GMT","end":"Sat, 30 May 2026 11:37:59 GMT"},"fingerprint":{"sha1":"0D:EC:DA:1E:3C:45:8C:A9:5D:42:3D:AE:2B:9C:FE:EF:4E:45:56:B4","sha256":"32:53:56:55:CB:54:06:CB:48:93:E3:D3:06:28:EB:6B:16:A3:C6:E0:C1:8C:51:C6:CC:C2:C3:A1:48:04:54:1F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.yl021.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 12 Apr 2026 09:23:24 GMT\r\ncontent-type: text/html\r\ncontent-length: 348\r\nlast-modified: Sun, 01 Mar 2026 11:52:54 GMT\r\netag: \"69a42896-15c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"d994bb4313d744708182c08fe85e48cd","sha1":"12e03f0b37e3a32d8e5da399252683ccb7a2dbdd","sha256":"1a8775341cf14f8be89a629b669d93e2b908f0695986c8adee5ae923773caca5","sha512":"1cf1ba8ff13d65749ff04dc4620aaa6a4f22b87a7cbc9f667356501ab3829f5612b88f74fe4a7f1923ac451acab840c1f03b31576894117cc3f842c4c1818307","ssdeep":"","tlshash":"eae026eb5585c5098ba2674347d3717520bb12fe00c5d842a052b2231f9530fc60b5ef","first_seen":"2026-03-11T11:01:39.519028Z","last_seen":"2026-04-12T09:23:48.059641Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1343,"timings":{"blocked":550,"dns":52,"connect":244,"send":0,"wait":243,"receive":0,"ssl":250},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"www.yl021.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hg00682.com/","fqdn":"hg00682.com","domain":"hg00682.com","tld":"com"},"ip":{"addr":"45.200.75.202","port":443,"asn":133847,"as":"Anpple Tech Enterprise","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T09:23:24.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg00682.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"AF:BD:B9:C3:29:AF:64:BA:F5:17:CE:CF:E1:5E:1B:F3:09:E0:33:00","sha256":"16:AE:70:CC:02:0D:74:C0:7D:A4:78:D1:5A:2D:DB:E3:DE:F0:98:79:6D:2B:E2:A2:4F:6F:BB:6E:3B:AC:87:AD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: hg00682.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.yl021.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 12 Apr 2026 09:23:25 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nserver: gocache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18111,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14642)","md5":"844792f3b96fd4d308bb9176081cf355","sha1":"6700f7e85f76ea53f0262d9f8d3f1860de8120ea","sha256":"0b43b8f57f14448d833c567797fa5acc72ba475a4090c6b05c972ee02ded2a90","sha512":"654ea6b7952ce7e4137bca7d3ccb42c3ab6d31e2893597a327f46016adc9f05b1d48ca0f5390f6a3ed43cbdfb3d91ea3804edee64df16201ec6d6ae7f40ca2f0","ssdeep":"384:z71yEcrv7rdJa+F3kIs3pdD0q/rx0E2wk2koU5:Ev7r9F43nD0Qrx0ELkoG","tlshash":"a182ae6e49d83628ff2a04741136abc67570c28248edb4dcf92ec3846f6f64d4ce2659","first_seen":"2026-04-12T09:23:48.060806Z","last_seen":"2026-04-12T09:23:48.060806Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1202,"timings":{"blocked":497,"dns":62,"connect":189,"send":0,"wait":193,"receive":0,"ssl":258},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cfoos.inodeninja.net/apeiro8/edge/html/prod/deny/deny-errorpage.js","fqdn":"cfoos.inodeninja.net","domain":"inodeninja.net","tld":"net"},"ip":{"addr":"52.84.50.100","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hg00682.com/","date":"2026-04-12T09:23:25.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.inodeninja.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 08 Jan 2026 00:00:00 GMT","end":"Sat, 06 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"BA:2A:85:D3:0F:C0:72:16:EC:52:D4:7B:BF:C7:08:39:55:EE:59:3D","sha256":"35:50:7F:61:90:BF:76:D0:66:25:61:A2:88:16:FD:CD:6C:94:EF:F0:B4:81:3E:1D:C0:CE:1B:00:F1:A0:9D:16"}}},"request":{"raw":"GET /apeiro8/edge/html/prod/deny/deny-errorpage.js HTTP/1.1\r\nHost: cfoos.inodeninja.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg00682.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 4829\r\ndate: Sun, 12 Apr 2026 09:23:27 GMT\r\nlast-modified: Wed, 21 Jun 2023 08:32:52 GMT\r\netag: \"07f9867e9b356623ab0668e2f977dd35\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 652549e0dcae9775148cb207792b2a40.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: r9gfoU5BylmiuEZUq8mALqp63mOeLgoYBtU_6Wz_OMVYdo8hQBKeYg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4829,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"07f9867e9b356623ab0668e2f977dd35","sha1":"fa131b0c86885916fe68b0b76ca5091205566d1e","sha256":"052d30b9bb59b34d36d962dbe20c98f3fbfdf19b8196c6c2007211557fd8cef9","sha512":"848dfbf4ed058990e52b39721a16f0338d5c1fc062a7eb3f0446d7dabd3ec361d7d996c09a1773a5bc5325af583f5f0347d516204d026bee2006fe2cf89f4ba0","ssdeep":"48:fTLF9YUNMBvOnBmPdIUN8xPe3B2SdAlL9IUN8xPe3B2SB0x3IUN8xPe3B2SXAVLs:bJp/8P5/8SdAlV/8SB0p/8SXAVV/8l","tlshash":"19a1d67b7bae04705fdf76bb5268a3897c9084133d03e4197d9d1a64dfd0b81a0baad0","first_seen":"2023-05-19T01:48:00Z","last_seen":"2026-04-12T09:26:33.073367Z","times_seen":424,"resource_available":true,"data":null}},"time_used":999,"timings":{"blocked":172,"dns":74,"connect":1,"send":0,"wait":651,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://hg00682.com/","date":"2026-04-12T09:23:25.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 15:59:25 GMT","end":"Sun, 17 May 2026 16:59:23 GMT"},"fingerprint":{"sha1":"37:8F:7A:B7:BF:60:24:8D:1C:83:4F:C2:59:C3:0A:0C:EE:B3:75:A5","sha256":"8D:E6:B5:3D:41:1D:D8:B2:FA:03:95:07:E2:54:7C:1F:A2:22:E9:05:05:5E:D2:99:7D:DF:46:3F:32:52:53:F9"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hg00682.com/\r\nOrigin: https://hg00682.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Apr 2026 09:23:25 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: OPTIONS, GET, OPTIONS, HEAD, POST\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://hg00682.com\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TSW37Dr5our%2FpEi9ac0se5D9bI5DtATIoYxmBublB6FV%2BmWHqwV%2F44fkslofNi6jsnWyk9GRWV2ojC5lc3I8PmUi4nRmXjyGkCB9PVcdK9hFW1apy%2B4Ul2AW\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9eb12c1508ec56a9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"89df796ab79917fd97143353c6fbe887","sha1":"9002bf3fb180a0bdea493caa8489a9ce4da08c46","sha256":"8e66f081090f0ce97511f66051f92af469ddcd141d307e9cde761fbe1b0816e6","sha512":"44b44189e1a3f540b2f885c438df5c909ddfb6750827c9b3f64f749c49a576506d497ee1dd04560949386e1ffa298cb867ac55bb19089ce4b0ad4afe31fb9310","ssdeep":"","tlshash":"a0012f68e4680ebbacb8035cb0286907123422074e56398e7fd09b4d0f8e8bf30b134e","first_seen":"2026-04-08T09:13:34.032533Z","last_seen":"2026-04-12T12:27:17.156898Z","times_seen":228,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":44,"dns":20,"connect":1,"send":0,"wait":240,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hg00682.com/favicon.ico","fqdn":"hg00682.com","domain":"hg00682.com","tld":"com"},"ip":{"addr":"45.200.75.202","port":443,"asn":133847,"as":"Anpple Tech Enterprise","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hg00682.com/","date":"2026-04-12T09:23:25.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hg00682.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"AF:BD:B9:C3:29:AF:64:BA:F5:17:CE:CF:E1:5E:1B:F3:09:E0:33:00","sha256":"16:AE:70:CC:02:0D:74:C0:7D:A4:78:D1:5A:2D:DB:E3:DE:F0:98:79:6D:2B:E2:A2:4F:6F:BB:6E:3B:AC:87:AD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: hg00682.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hg00682.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 12 Apr 2026 09:23:25 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nserver: gocache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"GoCache","description":"GoCache is an in-memory key:value store/cache similar to memcached that is suitable for applications running on a single machine.","website":"https://www.gocache.com.br/","common_platform_enumeration":"","icon":"GoCache.png","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18111,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14642)","md5":"e2bce425825bf71059cf9191888c2fa8","sha1":"aaeef763a663cf079d2810f76e49b58b0216f055","sha256":"84f023a0f83c0845a56ac872b2af1ababf919771f0941b09fd70628170909805","sha512":"8cc118b4b471f8cb71a08d6b5443241efd6499674240aa9605c5893128d4a8cd2f9872400dda8d40b76d7c17d7358e49c5154584cf6702a59b42d255e083b3d2","ssdeep":"384:zQ1yEcrv7rdJa+F3kIs3pdD0q/rx0E2wk2koU5:7v7r9F43nD0Qrx0ELkoG","tlshash":"6e82ae6e49d83628ff2a04741136abd67570c28248eeb4dcf92ec3846f6f64d4ca3659","first_seen":"2026-04-12T09:23:48.063236Z","last_seen":"2026-04-12T09:23:48.063236Z","times_seen":1,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}